Re: NFS Labels

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/13/2013 02:15 PM, Jorge Fábregas wrote:
> Hi,
> 
> In the nfsd_selinux man page it mentions:
> 
> nfsd_ro_t nfsd_rw_t
> 
> ...which might give you the impression that those are the labels you might
> use for your shares. I tried them and the client could mount the shares
> read-write (regardless of the label on the server). Clearly they don't work
> or perhaps I'm using them in an unintended way.
> 
> After searching the mailing list I found out that, since nfs mainly runs as
> a kernel module, SELinux can't control it.  Apparently that's also the
> reason the read-only and read-write booleans were removed.  I'm now 
> wondering:
> 
> Did NFS used to run as a daemon in the past?
> 
> Since NFS  is practically unconfined, what are the nfsd_ro_t and rw_t 
> labels for?
> 
> Thanks!
> 
They should be removed, they are not used and make no sense since nfs is built
into the kernel.  I believe the idea years ago was to allow an admin to
specify which files could be shared via NFS read only and which could be
shared read/write.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlHkRUIACgkQrlYvE4MpobNN7wCeOwpiBPC2REwRBiYkpCcNwCLm
WNkAnAxnIyk/z+8yUWuYLv7+epNgCD6f
=iH/J
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux