This patch implements support to filter clients by selinux context too.
Can be easily tested with nfs server and client.
Add selinux_context = system_u:system_r:kernel_t to the
service/nfs-server section and selinux_context =
system_u:system_r:gssd_t to the service/nfs-client section.
If rpc.gssd is started manually instead of via init scripts then it will
be necessary to set selinux_context = unconfined_u:system_r:unconfined_t
as daemons started manually by root do not go through transition and
simply inherit root's context.
Not specifying and selinux_context will mean the context is not taken in
account to fitler clients, same happens if selinux support is not
available or completely disabled.
Patch also available here:
Simo Sorce * Red Hat, Inc * New York