Bug 167602 - NFS - cannot export directories from /etc/exports
NFS - cannot export directories from /etc/exports
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
4
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-09-06 00:39 EDT by Peter Jennings
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-09-06 17:03:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter Jennings 2005-09-06 00:39:12 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
Trying to NFS export a directory for use of other machines on the network. SELinux is denying access to the /etc/exports file.
This worked in the earlier version:
selinux-policy-targeted-1.23.16-6:
 

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.25.4-10

How reproducible:
Always

Steps to Reproduce:
1./etc/exports contains:
/home      goneril(rw,sync,no_root_squash)
2. /usr/sbin/exportfs -av
3.
  

Actual Results:  Message from /var/log/audit/audit.log

type=AVC msg=audit(1125957617.379:27): avc:  denied  { read } for  pid=2672 comm="exportfs" name="exports" dev=hda5 ino=3091699 scontext=system_u:system_r:nfsd_t tcontext=root:object_r:tmp_t tclass=file        

Expected Results:  Message from /var/log/messages

Sep  5 18:31:29 chaos kernel: SELinux: initialized (dev nfsd, type nfsd), uses genfs_contexts


Additional info:

Output from getsebool:

 /usr/sbin/getsebool -a |grep nfs
nfs_export_all_ro --> active
nfs_export_all_rw --> active
nfsd_disable_trans --> inactive
use_nfs_home_dirs --> inactive
Comment 1 Daniel Walsh 2005-09-06 17:03:15 EDT
restorecon -v /etc/exports

If you create a file in /tmp and then mv it to /etc, it retains the file context
of /tmp and nfs is not allowed to read it.  restorecon sets the file to the
correct context.

Note You need to log in before you can comment on or make changes to this bug.