[libvirt-users] NFS4 + SELinux
Daniel P. Berrange
berrange at redhat.com
Fri Oct 15 13:19:09 UTC 2010
On Fri, Oct 15, 2010 at 04:04:13PM +0930, Mike Hall wrote:
> All test machines are CentOS 5.5 (RHEL subscriptions purchased).
>
> We've had NFS3 storage working fine and decided to try NFS4.
>
> We can mount an NFS4 share on our KVM host, but the SELinux file context on the mountpoint directory is magically changed from virt_image_t to nfs_t. Restorecon refuses to change it back.
NFS doesn't support extended attributes, so even if the filesystem
exported on the server has suitable labelling, no NFS client will
see the labels. You'll get a single label for the entire mount
point.
>
> Adding the mount option context=system_u:object_r:virt_image_t on either server or client doesn't help (option not recognised).
The mount option work, but check the mount man page for confirmation of
exact syntax
> What could we be doing wrong? Does NFS4 + KVM work?
The other option is to toggle the 'virt_use_nfs' selinux boolean
which should allow access to nfs_t files.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvirt-users
mailing list