-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/26/2013 03:40 AM, Florian Weimer wrote: > On 07/25/2013 08:55 PM, Daniel J Walsh wrote: > >> Labels are applied based on the client rules. Which does bring up an >> interesting idea of what happens if the server initiates a relabel. > > Can we make sure that there's a good chance that the NFS exports reside > under a tree that is not subject to relabeling? Otherwise, that operation > would be rather destructive and even insecure. > I don't think so. In the case of remote users directory this is likely but I don't see anyway we can get an server admin to put exported content under a directory path that is labeled correctly on both the client and server. Of course we can recommend this, or explain /etc/selinux/fixfiles_exclude_dirs which he can setup to prevent this. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHyVVgACgkQrlYvE4MpobOrmgCeLl5nA8tjN/02iC7qUBNnecKO pEwAn2SqfutigDOcXXgr4YN0wogqu9CF =LERT -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
