-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/13/2013 02:15 PM, Jorge Fábregas wrote: > Hi, > > In the nfsd_selinux man page it mentions: > > nfsd_ro_t nfsd_rw_t > > ...which might give you the impression that those are the labels you might > use for your shares. I tried them and the client could mount the shares > read-write (regardless of the label on the server). Clearly they don't work > or perhaps I'm using them in an unintended way. > > After searching the mailing list I found out that, since nfs mainly runs as > a kernel module, SELinux can't control it. Apparently that's also the > reason the read-only and read-write booleans were removed. I'm now > wondering: > > Did NFS used to run as a daemon in the past? > > Since NFS is practically unconfined, what are the nfsd_ro_t and rw_t > labels for? > > Thanks! > They should be removed, they are not used and make no sense since nfs is built into the kernel. I believe the idea years ago was to allow an admin to specify which files could be shared via NFS read only and which could be shared read/write. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHkRUIACgkQrlYvE4MpobNN7wCeOwpiBPC2REwRBiYkpCcNwCLm WNkAnAxnIyk/z+8yUWuYLv7+epNgCD6f =iH/J -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
