Re: NFS sharing is blocked

["Stephen John Smoogen" <smooge gmail com>]

On 5/5/06, Aurelien Bompard <gauret free fr> wrote:
> Hi all,
>
> Since the last policy upgrade, I can't share my NFS dir. Since this
> directory is also available through apache, I had to set its type to
> httpd_sys_content_t.
>
> I'm getting this type of message :
> type=AVC msg=audit(1146845517.056:16545): avc:  denied  { getattr } for
> pid=8729 comm="rpc.mountd" name="musique" dev=md0 ino=17039419
> scontext=user_u:system_r:nfsd_t:s0
> tcontext=user_u:object_r:httpd_sys_content_t:s0 tclass=dir
>
> Which type should it be labeled to to be seen from NFS and from Apache (and
> from FTP by the way) ?
>
> Which leads me to another question: is there a tool to view which
> file_contexts a program is allowed to access ? If there isn't, do you think
> it wouldn't be hard to write one (can the python bindings do that) ?
>
> Thanks

I think the sledgehammer fix is to do a

setsebool -P nfsd_disable_trans on

There is most likely a better way using a change of policies.. but all
my background is way outdated with the new policies and stuff.
--
Stephen J Smoogen.
CSIRT/Linux System Administrator