This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 245058 - selinux on RHEL5 and nfs does not cope with nohide exported fs
selinux on RHEL5 and nfs does not cope with nohide exported fs
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Eric Paris
Martin Jenner
: OtherQA
Depends On: 219837
Blocks: 425461
  Show dependency treegraph
 
Reported: 2007-06-20 15:29 EDT by Linda Wang
Modified: 2009-06-19 19:00 EDT (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-18 12:03:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Comment 2 RHEL Product and Program Management 2007-11-01 14:25:32 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 4 RHEL Product and Program Management 2008-01-30 17:57:18 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 5 RHEL Product and Program Management 2008-01-30 18:17:24 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 6 RHEL Product and Program Management 2008-01-30 18:37:36 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 9 RHEL Product and Program Management 2008-01-30 23:47:12 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 11 Eric Paris 2008-06-17 16:05:24 EDT
This bug is now a year old and we already fixed the failure to mount/panic back
in 5.1 or so.  Currently there exists an selinux issue in which given the server
exports

/       *(rw)
/nohide *(rw,nohide)

mount -o context=system_u:object_r:customcontext_t:s0 server:/ /mnt/whatever

will result in the right behavior for /mnt/whatever but /mnt/whatever/nohide
will not have mountpoint labeling and will fall back to the default NFS label.  

Seeing as how noone is complaining about this, we suggest against using nohide
exports, it took me 6 patches upstream to get the SELinux part of the code right
(and completely rewrote filesystem mounting in SELinux), and those patches can't
be simply thown back into RHEL5 for ABI reasons I'm considering closing this as
won't fix.

The random failure is gone and anyone who needs this (very corner case)
functionality can just mount both seperately as a work around I'm planning to
just close this bug.

If anyone has a problem with leaving open the situation I described above please
let me know  (I believe RHEL4 probably has the same issue and noone has
complained about that for years!).
Comment 12 George Beshers 2008-06-17 16:25:52 EDT
This got closed on the SGI side and I overlooked it.

George
Comment 13 Eric Paris 2008-06-18 12:03:48 EDT
I'm going to go ahead and close as WONTFIX.  This is fixed completely upstream,
but I highly doubt anyone is going to care about the small remaining issue in
RHEL4/5.  Due to the large patch, time required, and the complexity of the
upstream fix it does not seem warrented to make such large wholesale changes to
the RHEL kernel.

Note You need to log in before you can comment on or make changes to this bug.