Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
16.4. Configuration Examples
16.4.1. Enabling SELinux Labeled NFS Support
Link kopierenLink in die Zwischenablage kopiert!
The following example demonstrates how to enable SELinux labeled NFS support. This example assumes that the nfs-utils package is installed, that the SELinux targeted policy is used, and that SELinux is running in enforcing mode.
Note
Steps 1-3 are supposed to be performed on the NFS server,
nfs-srv.
- If the NFS server is running, stop it:
systemctl stop nfs
[nfs-srv]# systemctl stop nfsCopy to Clipboard Copied! Toggle word wrap Toggle overflow Confirm that the server is stopped:systemctl status nfs nfs-server.service - NFS Server Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled) Active: inactive (dead)
[nfs-srv]# systemctl status nfs nfs-server.service - NFS Server Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled) Active: inactive (dead)Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Edit the
/etc/sysconfig/nfsfile to set theRPCNFSDARGSflag to"-V 4.2":# Optional arguments passed to rpc.nfsd. See rpc.nfsd(8) RPCNFSDARGS="-V 4.2"
# Optional arguments passed to rpc.nfsd. See rpc.nfsd(8) RPCNFSDARGS="-V 4.2"Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Start the server again and confirm that it is running. The output will contain information below, only the time stamp will differ:
systemctl start nfs
[nfs-srv]# systemctl start nfsCopy to Clipboard Copied! Toggle word wrap Toggle overflow systemctl status nfs nfs-server.service - NFS Server Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled) Active: active (exited) since Wed 2013-08-28 14:07:11 CEST; 4s ago
[nfs-srv]# systemctl status nfs nfs-server.service - NFS Server Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled) Active: active (exited) since Wed 2013-08-28 14:07:11 CEST; 4s agoCopy to Clipboard Copied! Toggle word wrap Toggle overflow - On the client side, mount the NFS server:
mount -o v4.2 server:mntpoint localmountpoint
[nfs-client]# mount -o v4.2 server:mntpoint localmountpointCopy to Clipboard Copied! Toggle word wrap Toggle overflow - All SELinux labels are now successfully passed from the server to the client:
ls -Z file -rw-rw-r--. user user unconfined_u:object_r:svirt_image_t:s0 file ls -Z file -rw-rw-r--. user user unconfined_u:object_r:svirt_image_t:s0 file
[nfs-srv]$ ls -Z file -rw-rw-r--. user user unconfined_u:object_r:svirt_image_t:s0 file [nfs-client]$ ls -Z file -rw-rw-r--. user user unconfined_u:object_r:svirt_image_t:s0 fileCopy to Clipboard Copied! Toggle word wrap Toggle overflow
Note
If you enable labeled NFS support for home directories or other content, the content will be labeled the same as it was on an EXT file system. Also note that mounting systems with different versions of NFS or an attempt to mount a server that does not support labeled NFS could cause errors to be returned.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}