FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 04-20-2008, 09:46 PM
Hal
 
Default SELinux, NFS and xguest

Hi all,
I have a simple question:
Is there any way to use NFS home dirs for xguest users?
Will NFS4 work with selinux for normal and xguest user homes?
If yes, where can I read more?

Regards,
Hal


__________________________________________________ __________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 04-21-2008, 07:40 PM
Daniel J Walsh
 
Default SELinux, NFS and xguest

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hal wrote:
> Hi all,
> I have a simple question:
> Is there any way to use NFS home dirs for xguest users?
> Will NFS4 work with selinux for normal and xguest user homes?
> If yes, where can I read more?
>
> Regards,
> Hal
>
>
> __________________________________________________ __________________________________
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Yes. I am working on the policy for confined users using nfs now.
NFS and NFS4 currently do not support labeling, although this is being
worked on. The system treats all files/directory as being labeled
nfs_t, or you can override with a mount option.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkgM7Z8ACgkQrlYvE4MpobMfzACfT9DH7OjI6D 0eB3eAiewz4Apo
vwsAoOKT9bhhl8GuS/SuVud/2sum7bk2
=GAZq
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 04-21-2008, 08:08 PM
Eric Paris
 
Default SELinux, NFS and xguest

On Mon, 2008-04-21 at 15:40 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hal wrote:
> > Hi all,
> > I have a simple question:
> > Is there any way to use NFS home dirs for xguest users?
> > Will NFS4 work with selinux for normal and xguest user homes?
> > If yes, where can I read more?
> >
> > Regards,
> > Hal
> >
> >
> > __________________________________________________ __________________________________
> > Be a better friend, newshound, and
> > know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
> Yes. I am working on the policy for confined users using nfs now.
> NFS and NFS4 currently do not support labeling, although this is being
> worked on. The system treats all files/directory as being labeled
> nfs_t, or you can override with a mount option.

At the moment only NFSv3 can be overridden with mount options. NFSv4
support will appear in 2.6.26.....

-Eric

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 04-22-2008, 04:10 PM
Hal
 
Default SELinux, NFS and xguest

What are the mount options you were talking about?
I could not find a way to override nfs_t label.

--- Eric Paris <eparis@redhat.com> wrote:

> On Mon, 2008-04-21 at 15:40 -0400, Daniel J Walsh wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hal wrote:
> > > Hi all,
> > > I have a simple question:
> > > Is there any way to use NFS home dirs for xguest users?
> > > Will NFS4 work with selinux for normal and xguest user homes?
> > > If yes, where can I read more?
> > >
> > > Regards,
> > > Hal
> > >
> > >
> > >
>
__________________________________________________ __________________________________
> > > Be a better friend, newshound, and
> > > know-it-all with Yahoo! Mobile. Try it now.
> http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
> > Yes. I am working on the policy for confined users using nfs now.
> > NFS and NFS4 currently do not support labeling, although this is being
> > worked on. The system treats all files/directory as being labeled
> > nfs_t, or you can override with a mount option.
>
> At the moment only NFSv3 can be overridden with mount options. NFSv4
> support will appear in 2.6.26.....
>
> -Eric
>
>



__________________________________________________ __________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 04-22-2008, 06:14 PM
Eric Paris
 
Default SELinux, NFS and xguest

On Tue, 2008-04-22 at 09:10 -0700, Hal wrote:
> What are the mount options you were talking about?
> I could not find a way to override nfs_t label.

For NFSv3 you should be able to use
context=system_ubject_r:httpd_sys_content_t:s0 (or whatever label you
want)

see mount(8)

very recent kernels (2.6.25 devel timeframe) and nfs-utils allow usage
of context= rootcontext= and fscontext=

if you are trying to mount the same server in multiple places with
multiple label you may need to look at the nosharecache option....

Someday we will have real labeling support on NFS. Someday

-Eric


>
> --- Eric Paris <eparis@redhat.com> wrote:
>
> > On Mon, 2008-04-21 at 15:40 -0400, Daniel J Walsh wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Hal wrote:
> > > > Hi all,
> > > > I have a simple question:
> > > > Is there any way to use NFS home dirs for xguest users?
> > > > Will NFS4 work with selinux for normal and xguest user homes?
> > > > If yes, where can I read more?
> > > >
> > > > Regards,
> > > > Hal
> > > >
> > > >
> > > >
> >
> __________________________________________________ __________________________________
> > > > Be a better friend, newshound, and
> > > > know-it-all with Yahoo! Mobile. Try it now.
> > http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
> > > Yes. I am working on the policy for confined users using nfs now.
> > > NFS and NFS4 currently do not support labeling, although this is being
> > > worked on. The system treats all files/directory as being labeled
> > > nfs_t, or you can override with a mount option.
> >
> > At the moment only NFSv3 can be overridden with mount options. NFSv4
> > support will appear in 2.6.26.....
> >
> > -Eric
> >
> >
>
>
>
> __________________________________________________ __________________________________
> Be a better friend, newshound, and
> know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 10:11 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org