Aurelien Bompard wrote:
Hi all,
Since the last policy upgrade, I can't share my NFS dir. Since this
directory is also available through apache, I had to set its type to
httpd_sys_content_t.
I'm getting this type of message :
type=AVC msg=audit(1146845517.056:16545): avc: denied { getattr } for
pid=8729 comm="rpc.mountd" name="musique" dev=md0 ino=17039419
scontext=user_u:system_r:nfsd_t:s0
tcontext=user_u:object_r:httpd_sys_content_t:s0 tclass=dir
Which type should it be labeled to to be seen from NFS and from Apache (and
from FTP by the way) ?
public_content_t should do it, although I am not sure for nfs.
Is the boolean nfs_export_all_ro turned on
getsebool nfs_export_all_ro
If not turn it on via
setsebool -P nfs_export_all_ro=1
Which leads me to another question: is there a tool to view which
file_contexts a program is allowed to access ? If there isn't, do you think
it wouldn't be hard to write one (can the python bindings do that) ?
Thanks
Aurélien
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
