Hi, In the nfsd_selinux man page it mentions: nfsd_ro_t nfsd_rw_t ...which might give you the impression that those are the labels you might use for your shares. I tried them and the client could mount the shares read-write (regardless of the label on the server). Clearly they don't work or perhaps I'm using them in an unintended way. After searching the mailing list I found out that, since nfs mainly runs as a kernel module, SELinux can't control it. Apparently that's also the reason the read-only and read-write booleans were removed. I'm now wondering: Did NFS used to run as a daemon in the past? Since NFS is practically unconfined, what are the nfsd_ro_t and rw_t labels for? Thanks! -- Jorge -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
