On Tue, Feb 25, 2020 at 11:18 AM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > If you just ran the nametrans tests in the host filesystem rather than > in the separate mount, I think it would work. > This would require adjusting the type_transition rules however to > reflect the actual parent directory type (probably test_file_t). I just confirmed manually that name-based type transitions work over labeled NFS. The problem is just that your existing type_transition rules aren't matching on the parent directory type because you are creating the files in a separate mount that is using one or more context= options rather than in the base mount itself, unlike the setfscreatecon() tests above them that just operate within the host filesystem.
