1 |
On Mon, 2008-02-25 at 09:54 +0100, xake@×××××××××.net wrote: |
2 |
> Sorry if I was unclear, I was a little bit tired. |
3 |
> |
4 |
> For some reason mountd seems to wants to access a /dev/-node and I |
5 |
> can't |
6 |
> really understand why. |
7 |
> I think it would help a little bit if we knew somewhat more about your |
8 |
> share. What is your options in export? Do you have anything mounted |
9 |
> beneath '/data' and is everything labeled correctly? |
10 |
|
11 |
On the server, in /etc/exports I have: |
12 |
|
13 |
$ cat /etc/exports |
14 |
# /etc/exports: NFS file systems being exported. See exports(5). |
15 |
/data/library 10.0.0.0/255.255.255.0(async,no_subtree_check,rw) |
16 |
/data/software 10.0.0.0/255.255.255.0(async,no_subtree_check,rw) |
17 |
|
18 |
On the clients in /etc/fstab: |
19 |
|
20 |
10.0.0.2:/data/library /data/library nfs rw |
21 |
0 0 |
22 |
10.0.0.2:/data/software /data/software nfs rw |
23 |
0 0 |
24 |
|
25 |
I believe everything is labelled correctly, I see the following from ls |
26 |
-lAZ /data: |
27 |
|
28 |
drwxr-xr-x+ 9 lorenb users system_u:object_r:default_t 4096 Feb 23 |
29 |
12:17 library |
30 |
|
31 |
drwxr-xr-x+ 27 lorenb users system_u:object_r:default_t 4096 Sep 4 |
32 |
02:15 software |
33 |
|
34 |
|
35 |
> When I said "where NFS are supposed to read them" I meant a place with |
36 |
> the |
37 |
> right security context. For me I have it as a subdir to /srv/ which is |
38 |
> by |
39 |
> default "system_u:object_r:public_content_t", something NFS are |
40 |
> allowed to |
41 |
> read according to its policy. So this was kind of my way to say |
42 |
> "labeled |
43 |
> correctly". |
44 |
> |
45 |
|
46 |
Ah I see. So should I chcon the two /data subdirectories to another |
47 |
context from default_t to public_content_t? |
48 |
|
49 |
-- |
50 |
Loren Bandiera <lorenb@××××××××××××××.com> |
51 |
LB Technology Services, Inc. |
52 |
|
53 |
|
54 |
-- |
55 |
gentoo-hardened@l.g.o mailing list |