SELinux, NFS and xguest

[Eric Paris]

On Tue, 2008-04-22 at 09:10 -0700, Hal wrote:
> What are the mount options you were talking about?
> I could not find a way to override nfs_t label.

For NFSv3 you should be able to use
context=system_u:object_r:httpd_sys_content_t:s0 (or whatever label you
want)

see mount(8)

very recent kernels (2.6.25 devel timeframe) and nfs-utils allow usage
of context= rootcontext= and fscontext=

if you are trying to mount the same server in multiple places with
multiple label you may need to look at the nosharecache option....

Someday we will have real labeling support on NFS.  Someday

-Eric


> 
> --- Eric Paris <eparis at redhat.com> wrote:
> 
> > On Mon, 2008-04-21 at 15:40 -0400, Daniel J Walsh wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > > 
> > > Hal wrote:
> > > > Hi all,
> > > > I have a simple question:
> > > > Is there any way to use NFS home dirs for xguest users?
> > > > Will NFS4 work with selinux for normal and xguest user homes?
> > > > If yes, where can I read more?
> > > > 
> > > > Regards,
> > > > Hal 
> > > > 
> > > > 
> > > >      
> >
> ____________________________________________________________________________________
> > > > Be a better friend, newshound, and 
> > > > know-it-all with Yahoo! Mobile.  Try it now. 
> > http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
> > > Yes.  I am working on the policy for confined users using nfs now.
> > > NFS and NFS4 currently do not support labeling, although this is being
> > > worked on.  The system treats all files/directory as being labeled
> > > nfs_t, or you can override with a mount option.
> > 
> > At the moment only NFSv3 can be overridden with mount options.  NFSv4
> > support will appear in 2.6.26.....
> > 
> > -Eric
> > 
> > 
> 
> 
> 
>       ____________________________________________________________________________________
> Be a better friend, newshound, and 
> know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ