Red Hat Bugzilla – Bug 245058
selinux on RHEL5 and nfs does not cope with nohide exported fs
Last modified: 2009-06-19 19:00:30 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
This bug is now a year old and we already fixed the failure to mount/panic back
in 5.1 or so. Currently there exists an selinux issue in which given the server
mount -o context=system_u:object_r:customcontext_t:s0 server:/ /mnt/whatever
will result in the right behavior for /mnt/whatever but /mnt/whatever/nohide
will not have mountpoint labeling and will fall back to the default NFS label.
Seeing as how noone is complaining about this, we suggest against using nohide
exports, it took me 6 patches upstream to get the SELinux part of the code right
(and completely rewrote filesystem mounting in SELinux), and those patches can't
be simply thown back into RHEL5 for ABI reasons I'm considering closing this as
The random failure is gone and anyone who needs this (very corner case)
functionality can just mount both seperately as a work around I'm planning to
just close this bug.
If anyone has a problem with leaving open the situation I described above please
let me know (I believe RHEL4 probably has the same issue and noone has
complained about that for years!).
This got closed on the SGI side and I overlooked it.
I'm going to go ahead and close as WONTFIX. This is fixed completely upstream,
but I highly doubt anyone is going to care about the small remaining issue in
RHEL4/5. Due to the large patch, time required, and the complexity of the
upstream fix it does not seem warrented to make such large wholesale changes to
the RHEL kernel.