On Fri, 2023-08-04 at 16:22 +0100, David Howells wrote: > David Howells <dhowells@xxxxxxxxxx> wrote: > > > IIRC, the issue is when you make a mount with an explicit context= setting and > > make another mount from some way down the export tree that doesn't have an > > explicit setting, e.g.: > > > > mount carina:/ /mnt -o context=system_u:object_r:root_t:s0 > > mount carina:/nfs/scratch /mnt2 > > > > and then cause an automount to walk from one to the other: > > > > stat /mnt/nfs/scratch/foo > > Actually, the order there isn't quite right. The problem is with this order: > > # mount carina:/ /mnt -o context=system_u:object_r:root_t:s0 > # stat /mnt/nfs/scratch/bus > File: /mnt/nfs/scratch/bus > Size: 124160 Blocks: 248 IO Block: 1048576 regular file > Device: 0,55 Inode: 131 Links: 1 > ... > # mount carina:/nfs/scratch /mnt2 > mount.nfs: /mnt2 is busy or already mounted or sharecache fail > > with the error: > > SELinux: mount invalid. Same superblock, different security settings for (dev 0:52, type nfs4) > That seems like the correct behavior to me. You tried to mount the same mount with a different sec context. If you want that, then you need to use -o nosharecache. I'll send a v7 in a bit. -- Jeff Layton <jlayton@xxxxxxxxxx>
