(sorry - my reply didn't get copied to the list) > -----Original Message----- > From: Daniel J Walsh [mailto:dwalsh@xxxxxxxxxx] > Sent: 13 April 2012 17:52 > > > > I can do this: > > > > [root@kojihub ~]# setenforce 0 [root@kojihub ~]# runcon > > unconfined_u:system_r:httpd_t:s0 bash [root@kojihub ~]# setenforce 1 > > [root@kojihub ~]# id uid=0(root) gid=0(root) > > groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) > > context=unconfined_u:system_r:httpd_t:s0 (those lines should not have joined - 2 spaces at the beginning of each line are supposed to prevent an email client "helpfully" removing line breaks) > > However, I think I have a problem. My nfs server has to have SELinux > > disabled for other reasons, so I can't set nfs_export_all_rw there. > It has > > to be on the nfs server, doesn't it? Even if I set everything in the > tree > > I'm exporting to public_content_rw_t on the server and unmount and > remount > > the client filesystem everything still comes out as nfs_t. Is that > because > > it's not getting the proper information from the nfs server? > > > > Other than leaving my Koji server in permissive mode or using > > httpd_disable_trans=1 (if that works on CentOS 6), is there a way to > make > > this work? If not, I'll have to rearrange some disk space. > > > > > > Moray. “To err is human; to purr, feline.” > > > > > > > > > The remove client does not have to have SELinux enabled or not. Lets > step back > to the beginning, what problem are you trying to solve? > > SELinux is enforced at the client side, so it treats all files as > nfs_t. If > you are trying to share content on an NFS Server using apache, you have > to > turn on a couple of booleans depending on the OS you are running > SELinux on. My apache server is on the nfs client machine. That machine does not have enough disk space, so I was hoping to have it write to a filesystem mounted from another machine. The machine that I was trying to use as the nfs server has lots of disk space, but has to have SELinux disabled. Moray. “To err is human; to purr, feline.” -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
