On Thu, 2006-09-07 at 19:38 -0400, Matthew Gillen wrote: > Daniel J Walsh wrote: > > Matthew Gillen wrote: > >> Hi, > >> I'm new to SELinux, and I was having some problems with procmail not > >> working > >> correctly for me with NFS (via NIS-based autofs) home directories on FC5. > >> > >> There seemed to be a discussion about a similar issue a while back: > >> http://www.redhat.com/archives/fedora-list/2006-May/msg03265.html > >> but the solutions there didn't solve my problem. > >> > >> In any event, I managed to get it working for myself using the following > >> policy module. The 'autofs_t:dir search' part seemed to be needed to > >> find > >> my .procmailrc file, and the rest looks like it is needed to write > >> messages > >> into my maildirs under $HOME/Mail/ > >> > >> If anyone has suggestions on how to improve this I'd be happy to hear > >> them. > >> Thanks, > >> Matt > >> > >> -------------------------------------- > >> module procmailnfs 1.0; > >> > >> require { > >> class dir { getattr search write }; > >> class file { append getattr read }; > >> type autofs_t; > >> type default_t; > >> type procmail_t; > >> role system_r; > >> }; > >> > >> allow procmail_t autofs_t:dir search; > >> allow procmail_t default_t:dir { getattr search write }; > >> allow procmail_t default_t:file { append getattr read }; > >> -------------------------------------- > >> > >> > > This looks like a labeling problem. What directory is labeled default_t? > > I think I need to explain a bit more about my setup. Basically, I've got > one machine that's an NIS+NFS server and a mail server. This machine has > /export/home set up as one of it's nfs shares. > After a '/sbin/restorecon -v -R /export/home', the ls -Z output for > /export/home/username is system_u:object_r:default_t. > > Here's where it gets interesting. The NFS server will automount from itself > for users in NIS. If I log into the NFS server as 'username', and do 'ls > -lZd /home/username', the result is 'system_u:object_r:default_t'. However, > if I'm on some other machine (that is an NFS client), the 'ls -Z' output for > /home/username is 'system_u:object_r:nfs_t' > > On both machines, (the NFS server+client and the pure client) the ls -Z > output for /home indicates 'system_u:object_r:autofs_t' > > So, maybe what's ultimately going on is that there's a bug in setting the > context for a locally-served NFS share? I think it's much simpler than that; there is no default context for /export/home (Fedora home directories default to /home rather than /export/home) and that's why restorecon didn't change anything. Are the home directories in the NIS database listed as being in /home or /export/home? Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
