From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4 Description of problem: When the targeted policy is loaded, the NFS daemon is denied access to iso9660_t, preventing it exporting mounted CDs or CD images. There also doesn't seem to be a way of disabling SELinux protection for NFS, whereas there is a way for all the other daemons. Version-Release number of selected component (if applicable): selinux-policy-targeted-1.23.18-17 How reproducible: Always Steps to Reproduce: 1. Mount a CD. 2. Configure NFS to export the directory where the CD is mounted. 3. Enable targeted policy. 4. Mount the directory exported at (2) above from another machine. Actual Results: AVC message in the audit log. Expected Results: The directory should have been mounted. Additional info:
Fixed in selinux-policy-targeted-1.24-3
I've just updated to selinux-policy-targeted-1.24-3 and retested this. I haven't yet tried to export a mounted physical CD, but exporting mounted CD images still doesn't work. I managed to get this working by adding allow nfsd_t iso9660_t:dir getattr; to my local policy. Hope this helps, let me know if you need more information about my setup.
What is the current settings of your booleans? getsebool -a | grep nfs
Daniel, The NFS booleans are: nfs_export_all_ro --> active nfs_export_all_rw --> active nfsd_disable_trans --> inactive use_nfs_home_dirs --> inactive Thanks Pete