On Tue, Oct 13, 2015 at 10:34 AM, Sander Smeenk <ssmeenk@xxxxxxxxxxxx> wrote: > Quoting Trond Myklebust (trond.myklebust@xxxxxxxxxxxxxxx): > >> > I've experimented with different capabilties, but CAP_DAC_OVERRIDE is >> > not enough. I'd very much like to hear if it is possible for this to >> > work on NFS like it does on local storage. >> This will not work on NFS. The server, which enforces permissions, has >> no way to know what capabilities your process has on the client. > > Thanks. I feared this answer. But i understand that the NFS-server cant > know if the process on the NFS-client has CAP_DAC_READ_SEARCH > capabilities set. > > Would setfsuid() help anything in this case? Or is it just a big no-go? > Are you looking for something like labeled NFS that supports capabilities? I think Redhat7 has SElinux labeled NFS support. > -Sndr. > -- > | Daylight savings time - why are they saving it and where do they keep it? > | 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2 > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
