| 1 |
On Mon, 2008-02-25 at 09:54 +0100, xake@×××××××××.net wrote: |
| 2 |
> Sorry if I was unclear, I was a little bit tired. |
| 3 |
> |
| 4 |
> For some reason mountd seems to wants to access a /dev/-node and I |
| 5 |
> can't |
| 6 |
> really understand why. |
| 7 |
> I think it would help a little bit if we knew somewhat more about your |
| 8 |
> share. What is your options in export? Do you have anything mounted |
| 9 |
> beneath '/data' and is everything labeled correctly? |
| 10 |
|
| 11 |
On the server, in /etc/exports I have: |
| 12 |
|
| 13 |
$ cat /etc/exports |
| 14 |
# /etc/exports: NFS file systems being exported. See exports(5). |
| 15 |
/data/library 10.0.0.0/255.255.255.0(async,no_subtree_check,rw) |
| 16 |
/data/software 10.0.0.0/255.255.255.0(async,no_subtree_check,rw) |
| 17 |
|
| 18 |
On the clients in /etc/fstab: |
| 19 |
|
| 20 |
10.0.0.2:/data/library /data/library nfs rw |
| 21 |
0 0 |
| 22 |
10.0.0.2:/data/software /data/software nfs rw |
| 23 |
0 0 |
| 24 |
|
| 25 |
I believe everything is labelled correctly, I see the following from ls |
| 26 |
-lAZ /data: |
| 27 |
|
| 28 |
drwxr-xr-x+ 9 lorenb users system_u:object_r:default_t 4096 Feb 23 |
| 29 |
12:17 library |
| 30 |
|
| 31 |
drwxr-xr-x+ 27 lorenb users system_u:object_r:default_t 4096 Sep 4 |
| 32 |
02:15 software |
| 33 |
|
| 34 |
|
| 35 |
> When I said "where NFS are supposed to read them" I meant a place with |
| 36 |
> the |
| 37 |
> right security context. For me I have it as a subdir to /srv/ which is |
| 38 |
> by |
| 39 |
> default "system_u:object_r:public_content_t", something NFS are |
| 40 |
> allowed to |
| 41 |
> read according to its policy. So this was kind of my way to say |
| 42 |
> "labeled |
| 43 |
> correctly". |
| 44 |
> |
| 45 |
|
| 46 |
Ah I see. So should I chcon the two /data subdirectories to another |
| 47 |
context from default_t to public_content_t? |
| 48 |
|
| 49 |
-- |
| 50 |
Loren Bandiera <lorenb@××××××××××××××.com> |
| 51 |
LB Technology Services, Inc. |
| 52 |
|
| 53 |
|
| 54 |
-- |
| 55 |
gentoo-hardened@l.g.o mailing list |
Archives