On 28/09/2021 05:13, Thomas Cameron wrote:
On 9/26/2021 5:57 AM, Ed Greshko wrote:
Hi,
The configuration is a Fedora NFS server holding the home directories of Fedora clients. So, all Fedora.
Example: A user on the client creates a ~/.cert directory. Looking at the directory from the server side we see.
[djensen@f35ser ~]$ ls -Zd .cert
system_u:object_r:home_cert_t:s0 .cert
On the client side the user sees
[djensen@f35k ~]$ ls -Zd .cert
system_u:object_r:nfs_t:s0 .cert
Is there a way the client side can show the actual selinux context that is being enforced on
the server side?
Have you tried the instructions at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-managing_confined_services-nfs-configuration_examples, by chance? If I recall correctly, you can force the behavior where the client sees the exact same type as the server has on the filesystem.
I had not found that documentation.
That document seems a bit out of date when it comes to the latest Fedora. I'm doing this on F35, but I think F34 is
pretty much the same in this area.
On the server, there is no /etc/sysconfig/nfs file. If I edit a file with that name and then start the nfs-server the file
then becomes nfs.rpmsave.
In looking at rpc service files I see that rpcbind.service has an EnvironmentFile=/etc/sysconfig/rpcbind.
tried adding such....
[egreshko@f35ser system]$ cat /etc/sysconfig/rpcbind
#
# Optional arguments passed to rpcbind. See rpcbind(8)
RPCBIND_ARGS="-V 4.2"
RPCNFSDARGS="-V 4.2"
But no luck.
Ideas?
--
Nothing to see here
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure