Description of problem: NFS should be able to read public_content_t files/dirs (and probably to write to public_content_rw_t files/dirs too), since it is the point of those types. But the access is not allowed in the selinux reference policy. Here's a small patch to enable it : ======================= --- policy/modules/services/rpc.te.orig 2006-05-14 15:43:55.000000000 +0200 +++ policy/modules/services/rpc.te 2006-05-14 15:45:43.000000000 +0200 @@ -109,6 +109,10 @@ portmap_tcp_connect(nfsd_t) portmap_udp_chat(nfsd_t) +# Access to public_content_t and public_content_rw_t +miscfiles_read_public_files(nfsd_t) +miscfiles_manage_public_files(nfsd_t) + tunable_policy(`nfs_export_all_rw',` fs_read_noxattr_fs_files(nfsd_t) auth_manage_all_files_except_shadow(nfsd_t) ======================= It is a diff against the rpc.te file in serefpolicy-2.2.34 Version-Release number of selected component (if applicable): selinux-policy-targeted-2.2.36-2.fc5 How reproducible: Always
Fixed in selinux-policy-2.2.47-3.fc5
Closing bugs