711749 – NFSv4 mount ignores SELinux "context=" mount option

Bug 711749 - NFSv4 mount ignores SELinux "context=" mount option

Summary: NFSv4 mount ignores SELinux "context=" mount option

Keywords:
Status:	CLOSED WORKSFORME
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	nfs-utils
Sub Component:
Version:	6.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Steve Dickson
QA Contact:	yanfu,wang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-06-08 11:06 UTC by Daniel Riek
Modified:	2011-08-15 12:30 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-08-15 12:30:09 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Daniel Riek 2011-06-08 11:06:03 UTC

When mounting an nfs4 share on a RHEL 6.1 instance with the "context=" option in order to allow a confined service to use it, the option is ignored and the nfs_t context is applied instead of the one set with "context=":

"""
[daniel@swrepo var]$ cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.1 (Santiago)

[daniel@swrepo var]$ mount -v | grep ISO
storage000:/swrepo000/ISO on /mnt/ISO type nfs4 (rw,context="system_u:object_r:httpd_sys_content_t:s0",addr=XXX.XXX.XXX.XXX,clientaddr=XXX.XXX.XXX.XXX)

[daniel@swrepo var]$ ls -ldZ /mnt/ISO/
drwxr-xr-x. root root system_u:object_r:nfs_t:s0       /mnt/ISO/
"""

Mount correctly reports the context option, however the actual context set is different.

Note You need to log in before you can comment on or make changes to this bug.