On Mon, 2007-12-10 at 12:24 -0500, Eric Paris wrote: > On Mon, 2007-12-10 at 12:02 -0500, Johnny Tan wrote: > > Stephen Smalley wrote: > > > Did you already have a mount from the same server/filesystem when you > > > tried doing this? If so, unmount those first and try again - context > > > mounts are limited to one per superblock. > > > > Thanks Stephen & Eric. > > > > Yes, the problem was I had another mount from the same server. > > > > So, now both mounts have httpd_sys_content_t context even > > though I only put that option on one of them. I do not want > > the other mount to have this context. > > > > Based on what you're saying, that's not possible, right, > > since they are coming from the same server? Just to clarify: it isn't just that they are coming from the same server but that they are coming from the same server with the same filesystem id. > You might get what you want with the nosharecache mount option i > mentioned, if adding that to both mounts doesn't help, yeah, you are > stuck, sorry. Not that it helps now, but it looks like nfs_compare_mount_options() needs to be made security-aware so that it doesn't try sharing superblocks when there are different security options. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
