Bug 711749

Summary: NFSv4 mount ignores SELinux "context=" mount option
Product: Red Hat Enterprise Linux 6 Reporter: Daniel Riek <riek>
Component: nfs-utilsAssignee: Steve Dickson <steved>
Status: CLOSED WORKSFORME QA Contact: yanfu,wang <yanwang>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.1CC: dwalsh, eparis
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-15 12:30:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Daniel Riek 2011-06-08 11:06:03 UTC 
When mounting an nfs4 share on a RHEL 6.1 instance with the "context=" option in order to allow a confined service to use it, the option is ignored and the nfs_t context is applied instead of the one set with "context=":

"""
[daniel@swrepo var]$ cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.1 (Santiago)

[daniel@swrepo var]$ mount -v | grep ISO
storage000:/swrepo000/ISO on /mnt/ISO type nfs4 (rw,context="system_u:object_r:httpd_sys_content_t:s0",addr=XXX.XXX.XXX.XXX,clientaddr=XXX.XXX.XXX.XXX)

[daniel@swrepo var]$ ls -ldZ /mnt/ISO/
drwxr-xr-x. root root system_u:object_r:nfs_t:s0       /mnt/ISO/
"""

Mount correctly reports the context option, however the actual context set is different.