On Thu, Jul 25, 2013 at 01:11:01PM +0200, Jaroslav Reznik wrote: > = Proposed System Wide Change: Enable SELinux Labeled NFS Support = > https://fedoraproject.org/wiki/Changes/LabeledNFS > > Change owner(s): Daniel Walsh <dwalsh@xxxxxxxxxx>, Steve Dickson > <steved@xxxxxxxxxx> > > The Linux Kernel has grown support for passing SELinux labels between a client > and server using NFS. > > == Detailed description == > We have always needed to treat NFS mounts with a single label usually > something like nfs_t. Or at best allow an administrator to override the > default with a label using the mount --context option. With this change we > have lots of different Labels supported on an NFS share. > > == Scope == > Proposal owners: > * Steve Dickson needs to make sure nfs-utils works properly. > * Dan Walsh needs to make sure selinux-policy works properly in all use cases. > > Other developers: Kernel > * Turn on Labeled NFS in the Fedora Kernel, Fix any policy issues that arise > because of this. I believe this is mainly a testing issue, and that the > functionality is complete. > > Release engineering: N/A (No changes for Release Engineering) > Policies and guidelines: N/A (not affected) I think this feature needs to cover some app integration testing. For example, one of the core use cases for NFS/SELinux support is to enable sVirt to work for KVM guests with storage on NFS. So I think the feature should include testing to validate that it is working with sVirt, as a downstream user of the feature. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
