RE: runcon Invalid argument
(sorry - my reply didn't get copied to the list)
-----Original Message-----
From: Daniel J Walsh [mailto:dwalsh@redhat.com]
Sent: 13 April 2012 17:52
>
> I can do this:
>
> [root@kojihub ~]# setenforce 0 [root@kojihub ~]# runcon
> unconfined_u:system_r:httpd_t:s0 bash [root@kojihub ~]# setenforce 1
> [root@kojihub ~]# id uid=0(root) gid=0(root)
> groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
> context=unconfined_u:system_r:httpd_t:s0
(those lines should not have joined - 2 spaces at the beginning of each line are supposed
to prevent an email client "helpfully" removing line breaks)
> However, I think I have a problem. My nfs server has to have
SELinux
> disabled for other reasons, so I can't set nfs_export_all_rw there.
It has
> to be on the nfs server, doesn't it? Even if I set everything in the
tree
> I'm exporting to public_content_rw_t on the server and unmount and
remount
> the client filesystem everything still comes out as nfs_t. Is that
because
> it's not getting the proper information from the nfs server?
>
> Other than leaving my Koji server in permissive mode or using
> httpd_disable_trans=1 (if that works on CentOS 6), is there a way to
make
> this work? If not, I'll have to rearrange some disk space.
>
>
> Moray. “To err is human; to purr, feline.”
>
>
>
>
The remove client does not have to have SELinux enabled or not. Lets
step back
to the beginning, what problem are you trying to solve?
SELinux is enforced at the client side, so it treats all files as
nfs_t. If
you are trying to share content on an NFS Server using apache, you have
to
turn on a couple of booleans depending on the OS you are running
SELinux on.
My apache server is on the nfs client machine. That machine does not have enough disk
space, so I was hoping to have it write to a filesystem mounted from another machine. The
machine that I was trying to use as the nfs server has lots of disk space, but has to have
SELinux disabled.
Moray.
“To err is human; to purr, feline.”