[systemd-devel] 219/Fedora22: NFS mounts do not set SELINUX label to nfs_t: errno=-22
Anthony Alba
ascanio.alba7 at gmail.com
Sun May 24 00:01:48 PDT 2015
Hi,
On Fedora 22, systemd 219, NFS mounts no longer acquire a default label nfs_t.
mount 192.168.1.6:/var/exports/1 1 -orootcontext=system_u:object_r:nfs_t
mount.nfs: an incorrect mount option was specified
[ 8316.276744] SELinux:
security_context_to_sid(system_u:object_r:nfs_t) failed for (dev 0:51,
type nfs4) errno=-22
To my surprise, it seems to acquire labels from the NFS server (Fedora
22/nfs4) - how is this possible?
But..it breaks libvirtd/kvm: it sees the "right" label if this were a
local filesystem but audit2allow complains:
ls -lZ guestfs/centos7.img
-rw-r--r--. 1 qemu qemu system_u:object_r:virt_image_t:s0 22987538432
May 24 14:56 guestfs/centos7.img
## for a image in /var/lib/libvirt this is the correct label.
## I do not know how it figured that from the NFS server
SELinux is preventing qemu-system-x86 from read access on the file
centos7.img (on NFS share).
On Fedora 21, the files acquire the label nfs_t and setsebool -P virt_use_nfs=on
Any ideas,
Anthony
More information about the systemd-devel
mailing list