Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 245058

Summary: selinux on RHEL5 and nfs does not cope with nohide exported fs
Product: Red Hat Enterprise Linux 5 Reporter: Linda Wang <lwang>
Component: kernelAssignee: Eric Paris <eparis>
Status: CLOSED WONTFIX QA Contact: Martin Jenner <mjenner>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.0CC: cward, dzickus, edwardsg, gbeshers, jh, jlayton, k.georgiou, martinez, michel, staubach, steved
Target Milestone: ---Keywords: OtherQA
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-06-18 16:03:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 219837    
Bug Blocks: 425461    

Comment 2 RHEL Program Management 2007-11-01 18:25:32 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 4 RHEL Program Management 2008-01-30 22:57:18 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 5 RHEL Program Management 2008-01-30 23:17:24 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 6 RHEL Program Management 2008-01-30 23:37:36 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 9 RHEL Program Management 2008-01-31 04:47:12 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 11 Eric Paris 2008-06-17 20:05:24 UTC 
This bug is now a year old and we already fixed the failure to mount/panic back
in 5.1 or so.  Currently there exists an selinux issue in which given the server
exports

/       *(rw)
/nohide *(rw,nohide)

mount -o context=system_u:object_r:customcontext_t:s0 server:/ /mnt/whatever

will result in the right behavior for /mnt/whatever but /mnt/whatever/nohide
will not have mountpoint labeling and will fall back to the default NFS label.  

Seeing as how noone is complaining about this, we suggest against using nohide
exports, it took me 6 patches upstream to get the SELinux part of the code right
(and completely rewrote filesystem mounting in SELinux), and those patches can't
be simply thown back into RHEL5 for ABI reasons I'm considering closing this as
won't fix.

The random failure is gone and anyone who needs this (very corner case)
functionality can just mount both seperately as a work around I'm planning to
just close this bug.

If anyone has a problem with leaving open the situation I described above please
let me know  (I believe RHEL4 probably has the same issue and noone has
complained about that for years!).
Comment 12 George Beshers 2008-06-17 20:25:52 UTC 
This got closed on the SGI side and I overlooked it.

George
Comment 13 Eric Paris 2008-06-18 16:03:48 UTC 
I'm going to go ahead and close as WONTFIX.  This is fixed completely upstream,
but I highly doubt anyone is going to care about the small remaining issue in
RHEL4/5.  Due to the large patch, time required, and the complexity of the
upstream fix it does not seem warrented to make such large wholesale changes to
the RHEL kernel.