-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/25/2013 10:57 AM, James Hogarth wrote: > On 25 Jul 2013 14:36, "Daniel P. Berrange" <berrange@xxxxxxxxxx > <mailto:berrange@xxxxxxxxxx>> wrote: >>> Updated testing section on >>> >>> https://fedoraproject.org/wiki/Changes/LabeledNFS >> >> Feature looks good to me now. >> > > A few bits that come to immediate mind: > > Are the labels applied following the semanage fcontext rules from server > or client side.. Or can either do this? > Labels are applied based on the client rules. Which does bring up an interesting idea of what happens if the server initiates a relabel. Theoretically the server should not even need to be enabled for the labeling to work. There could be a problem if the client tries to apply a label that the server does not understand. But for now we just require both sides to agree on labels. > Does root squash have an impact on this? > I hope not. I would figure if a process is allowed to write to mount point, it can assign labels to the mount point. > Does fedup initiate a full system relabel already and if it doesn't should > it do so No and No. - - and should automatic relabelling take place after the NFS mount target is > reached if client context configuration has an impact? > > > No, we only want the labels to be assigned when the user creates content or if the files on the remote side had lables. If a file did not have a label the kernel would assign it file_t. If the client runs a restorecon it would label the NFS share based on its path. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHxdLAACgkQrlYvE4MpobNJxACgp7Qx045ZWSZd4vGk+dUCy2Wi 7RIAoMm5obtk4rDPwTitas6kQHoTPkmF =OFZK -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
