On Thu, Jul 22, 2021 at 10:22:12AM -0400, Kaleb Keithley wrote:
I think you've seen Dan's suggestion to make sure this
directory is tagged
with ganesha_t.
I had not! Looking at [1] I see it, but somehow it seems to have never
shown up in my inbox. Thanks Daniel, and thank you Kaleb for bringing
that to my attention.
Ganesha has default_t access for files and directories, so it should
be able to export any normally tagged directory structure.
That doesn't appear to be the case for me. I haven't configured
any special selinux context on the directory I'm trying to export; I
simply ran `mkdir /data`, which results in:
[root@nfs1 data]# ls -lZd /data
drwxr-xr-x. 2 root root system_u:object_r:unlabeled_t:s0 82 Jul 22 14:15 /data
If the structure has restrictive tags on it, I can imagine that
Ganesha would be blocked. In that case, I assume you'd allow it to
"ganesha_t", right?
So this goes back to my original message: I don't want to grant access
on unlabeled_t to ganesha_t, because that seems to broad.
[1]:
https://lists.nfs-ganesha.org/archives/list/support@lists.nfs-ganesha.org...
--
Lars Kellogg-Stedman <lars(a)redhat.com> | larsks @ {irc,twitter,github}
http://blog.oddbit.com/ | N1LKS