On Tue, 28 Sep 2021 06:22:47 +0800 Ed Greshko <ed.greshko@xxxxxxxxxxx> wrote: > On 28/09/2021 05:13, Thomas Cameron wrote: > > On 9/26/2021 5:57 AM, Ed Greshko wrote: > >> Hi, > >> > >> The configuration is a Fedora NFS server holding the home > >> directories of Fedora clients. So, all Fedora. > >> > >> Example: A user on the client creates a ~/.cert directory. > >> Looking at the directory from the server side we see. > >> > >> [djensen@f35ser ~]$ ls -Zd .cert > >> system_u:object_r:home_cert_t:s0 .cert > >> > >> On the client side the user sees > >> > >> [djensen@f35k ~]$ ls -Zd .cert > >> system_u:object_r:nfs_t:s0 .cert > >> > >> Is there a way the client side can show the actual selinux context > >> that is being enforced on the server side? > > > > Have you tried the instructions at > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-managing_confined_services-nfs-configuration_examples, > > by chance? If I recall correctly, you can force the behavior where > > the client sees the exact same type as the server has on the > > filesystem. > > I had not found that documentation. > > That document seems a bit out of date when it comes to the latest > Fedora. I'm doing this on F35, but I think F34 is pretty much the > same in this area. > > On the server, there is no /etc/sysconfig/nfs file. If I edit a file > with that name and then start the nfs-server the file then becomes > nfs.rpmsave. I believe /etc/sysconfig/nfs was replaced by /etc/nfs.conf https://fedoraproject.org/wiki/Changes/nfs.conf Paul. _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
