Re: mounting nfs as httpd_sys_content_t under selinux

[Eric Paris <eparis redhat com>]

On Sat, 2007-12-08 at 11:41 -0500, Johnny Tan wrote:
> I have a NFS mount that I want apache to be able to serve 
> files from.
> 
> According to this doc:
> http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/en-US/RHEL510/Deployment_Guide/ch45s02s03.html
> 
> I should be able to mount it with a context that will allow 
> apache to access it.
> 
> But when I try the suggested command:
> 
> [root vm-37:~] mount -t nfs -o \
> context=system_u:object_r:httpd_sys_content_t \
> 192.168.1.100:/data/test /mnt/test
> 
> It *does* mount, but when I do:
> [root vm-37:~]# ls -lZ /mnt
> drwxr-xr-x  65534 65534 system_u:object_r:nfs_t   test
> 
> It doesn't show the correct context.
> 
> (I don't know if it matters that I don't have a user with 
> UID 65534, only the remote NFS server has that.)

Do you have /data/test mounted somewhere else at the same time?  Or
maybe /data is the actual export from the server and you
have /data/some_other_dir mounted somewhere else?

If it is case #1 you are going to have to mount it the first time with
the context= option.  We can't have one mount using !context= and the
other mount having context=.  Just a way the software works.

If it is case #2 it might work by mounting it with nosharecache (not
sure if you have to do that on both mounts....)

If it is neither of these cases can you file a RH bugzilla clearly
explaining your versions of everything, how the server exports things,
and what else the client has mounted at the time?

-Eric