Re: mounting nfs as httpd_sys_content_t under selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2007-12-10 at 12:24 -0500, Eric Paris wrote:
> On Mon, 2007-12-10 at 12:02 -0500, Johnny Tan wrote:
> > Stephen Smalley wrote:
> > > Did you already have a mount from the same server/filesystem when you
> > > tried doing this?  If so, unmount those first and try again - context
> > > mounts are limited to one per superblock.
> > 
> > Thanks Stephen & Eric.
> > 
> > Yes, the problem was I had another mount from the same server.
> > 
> > So, now both mounts have httpd_sys_content_t context even 
> > though I only put that option on one of them. I do not want 
> > the other mount to have this context.
> > 
> > Based on what you're saying, that's not possible, right, 
> > since they are coming from the same server?

Just to clarify:  it isn't just that they are coming from the same
server but that they are coming from the same server with the same
filesystem id.

> You might get what you want with the nosharecache mount option i
> mentioned, if adding that to both mounts doesn't help, yeah, you are
> stuck, sorry.

Not that it helps now, but it looks like nfs_compare_mount_options()
needs to be made security-aware so that it doesn't try sharing
superblocks when there are different security options.

-- 
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux