On 11/28/2012 6:08 PM, Casey Schaufler wrote: > On 11/28/2012 5:14 PM, Dave Quigley wrote: >> On 11/28/2012 1:57 PM, Casey Schaufler wrote: >>> On 11/20/2012 7:28 PM, Dave Quigley wrote: >>>> On 11/20/2012 9:52 PM, Casey Schaufler wrote: >>>>> On 11/20/2012 4:37 PM, Dave Quigley wrote: >>>>>> ... >>>>>> >>>>>> >>>>>> Or I could just give you this link and you should be good to go ;) >>>>>> >>>>>> http://www.selinuxproject.org/~dpquigl/nfs-utils-rpms/ >>>>>> >>>>>> I haven't tried it but it should work. If it doesn't let me know and >>>>>> i'll try to fix it on my end. I'd imagine you might need to yum >>>>>> remove >>>>>> nfs-utils first before adding this new one or you could also try an >>>>>> rpm with the upgrade flag for this instead. Good luck. >>> ... >>> >>> >>> I've tried on Fedora17 and Ubuntu12.04, and I'm getting the >>> attached stack trace on mount. After mounting I'm getting >>> denials when I should, but also when I shouldn't. >>> >>> I've tried tracking down the issue, but there's a lot going on >>> that I don't find obvious. I added a dentry_init hook just for >>> grins, but it's not getting called. >>> >>> . >>> >>> >> Any chance of you throwing a kickstart file my way that's configured >> with SMACK so I can use it for a test box (both server and client)? I >> can have the guys working with me test for SMACK as well if you >> provide an appropriate test harness and image for testing. > I've attached the .config from my Fedora17 machine. Who knows, maybe > I got something wrong there. I get the error doing the test on the > loopback interface (mount -t nfs4 localhist:/ /mnt). I've done some instrumentation and security_ismaclabel() is getting called with "selinux", but never "SMACK64". I would guess that somewhere in the tools you're telling the kernel to expect "selinux". Where is that, so that I can tell it to try "SMACK64" instead? -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
