Bug 1265699

Summary: autofs only creates files with default_t SElinux context
Product: Red Hat Enterprise Linux 7 Reporter: Stanislav Zidek <szidek>
Component: autofsAssignee: Ian Kent <ikent>
Status: CLOSED NOTABUG QA Contact: Filesystem QE <fs-qe>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2CC: bcodding, mmalik, steved
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-24 23:37:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stanislav Zidek 2015-09-23 13:48:27 UTC 
Description of problem:
I was testing slightly complex scenario involving connecting by ssh to a machine that has home directories of users on NFS fs accessed through autofs. The problem was that sshd could not read users' authorized_keys file because of their default_t context

Version-Release number of selected component (if applicable):
autofs-5.0.7-53.el7

How reproducible:
always

Steps to Reproduce:
1. create nfs share
2. configure it to be mounted by autofs
3. check SElinux contexts of mounted files

Actual results:
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /home/nfs

Expected results:
drwxr-xr-x. root root system_u:object_r:nfs_t:s0       /home/nfs/

Additional info:

* /etc/auto.master contains:
/home /etc/auto.nfs

* cat /etc/auto.nfs
nfs -fstype=nfs4,rw,async,soft,intr,fscontext=system_u:object_r:nfs_t:s0 127.0.0.1:/nfs-homes

(I tried context, fscontext and defcontext)
Comment 1 Ian Kent 2015-09-24 08:00:00 UTC 
Once mounted autofs is not involved in mounted file system
operations.

Are you sure that this doesn't happen if the nfs file
system is manually mounted?

Can you provide a full debug log so we can check that the
context option is being correctly passed to the mount of
the nfs file system?