1 |
> |
2 |
> On Mon, 2008-02-25 at 09:54 +0100, xake@×××××××××.net wrote: |
3 |
>> Sorry if I was unclear, I was a little bit tired. |
4 |
>> |
5 |
>> For some reason mountd seems to wants to access a /dev/-node and I |
6 |
>> can't |
7 |
>> really understand why. |
8 |
>> I think it would help a little bit if we knew somewhat more about your |
9 |
>> share. What is your options in export? Do you have anything mounted |
10 |
>> beneath '/data' and is everything labeled correctly? |
11 |
> |
12 |
> On the server, in /etc/exports I have: |
13 |
> |
14 |
> $ cat /etc/exports |
15 |
> # /etc/exports: NFS file systems being exported. See exports(5). |
16 |
> /data/library 10.0.0.0/255.255.255.0(async,no_subtree_check,rw) |
17 |
> /data/software 10.0.0.0/255.255.255.0(async,no_subtree_check,rw) |
18 |
> |
19 |
> On the clients in /etc/fstab: |
20 |
> |
21 |
> 10.0.0.2:/data/library /data/library nfs rw |
22 |
> 0 0 |
23 |
> 10.0.0.2:/data/software /data/software nfs rw |
24 |
> 0 0 |
25 |
> |
26 |
|
27 |
I see no problems here... |
28 |
|
29 |
> I believe everything is labelled correctly, I see the following from ls |
30 |
> -lAZ /data: |
31 |
> |
32 |
> drwxr-xr-x+ 9 lorenb users system_u:object_r:default_t 4096 Feb 23 |
33 |
> 12:17 library |
34 |
> |
35 |
> drwxr-xr-x+ 27 lorenb users system_u:object_r:default_t 4096 Sep 4 |
36 |
> 02:15 software |
37 |
> |
38 |
> |
39 |
>> When I said "where NFS are supposed to read them" I meant a place with |
40 |
>> the |
41 |
>> right security context. For me I have it as a subdir to /srv/ which is |
42 |
>> by |
43 |
>> default "system_u:object_r:public_content_t", something NFS are |
44 |
>> allowed to |
45 |
>> read according to its policy. So this was kind of my way to say |
46 |
>> "labeled |
47 |
>> correctly". |
48 |
>> |
49 |
> |
50 |
> Ah I see. So should I chcon the two /data subdirectories to another |
51 |
> context from default_t to public_content_t? |
52 |
> |
53 |
|
54 |
This could help. I would suggest you to try it. |
55 |
|
56 |
> -- |
57 |
> Loren Bandiera <lorenb@××××××××××××××.com> |
58 |
> LB Technology Services, Inc. |
59 |
> |
60 |
> |
61 |
> -- |
62 |
> gentoo-hardened@l.g.o mailing list |
63 |
> |
64 |
> |
65 |
|
66 |
|
67 |
-- |
68 |
gentoo-hardened@l.g.o mailing list |