On Wed, 2012-06-13 at 14:36 -0400, Stephen Smalley wrote: > On Wed, 2012-06-13 at 14:17 -0400, David Quigley wrote: > > That being said the ideal person to contact to find out why it isn't > > working would be James Morris. If he wants to keep the patches up to > > date he is welcome to but this was a stop gap method until we got > > Labeled NFS in the kernel. It was determined that NFSv4 with Labeled NFS > > was the proper solution to the problem. > > Isn't the problem just that he needs to modify his policy so that > SELinux knows to use the xattr support for nfsv3? fs_use_xattr So, to clarify, if he is using nfsv3 (not nfsv4) and wants SELinux to use the xattr support from James' patches, he needs to add a line like the following to his policy: fs_use_xattr nfs gen_context(system_u:object_r:fs_t,s0); See the examples in policy/modules/kernel/filesystem.te if using refpolicy. Then the filesystem will be treated as supporting security labels and restorecon will work (or at least get past that particular error). -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
