Re: NFS and selinux context question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 28/09/2021 05:13, Thomas Cameron wrote:

On 9/26/2021 5:57 AM, Ed Greshko wrote:

Hi,

The configuration is a Fedora NFS server holding the home directories of Fedora clients.  So, all Fedora.

Example:  A user on the client creates a ~/.cert directory. Looking at the directory from the server side we see.

[djensen@f35ser ~]$ ls -Zd .cert
system_u:object_r:home_cert_t:s0 .cert

On the client side the user sees

[djensen@f35k ~]$ ls -Zd .cert
system_u:object_r:nfs_t:s0 .cert

Is there a way the client side can show the actual selinux context that is being enforced on
the server side?


Have you tried the instructions at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-managing_confined_services-nfs-configuration_examples, by chance? If I recall correctly, you can force the behavior where the client sees the exact same type as the server has on the filesystem.


I had not found that documentation.

That document seems a bit out of date when it comes to the latest Fedora.  I'm doing this on F35, but I think F34 is
pretty much the same in this area.

On the server, there is no /etc/sysconfig/nfs file.  If I edit a file with that name and then start the nfs-server the file
then becomes nfs.rpmsave.

In looking at rpc service files I see that rpcbind.service has an EnvironmentFile=/etc/sysconfig/rpcbind.

tried adding such....

[egreshko@f35ser system]$ cat /etc/sysconfig/rpcbind
#
# Optional arguments passed to rpcbind. See rpcbind(8)
RPCBIND_ARGS="-V 4.2"
RPCNFSDARGS="-V 4.2"

But no luck.

Ideas?

--
Nothing to see here
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux