Hi, I'm wondering how selinux is going to interact with non-FC2 machines? My mail server and "home" server are both running RedHat 8.0 for now and this summer I'm planning on taking them to RHEL 3. My users login to 3 different systems (Mac OS X, Solaris and RedHat/Fedora linux) and get the same home directory. Am I going to have to disable selinux? ...thnx, ...dave
On Tue, 30 Mar 2004, Dave Alden wrote:
Hi, I'm wondering how selinux is going to interact with non-FC2 machines? My mail server and "home" server are both running RedHat 8.0 for now and this summer I'm planning on taking them to RHEL 3. My users login to 3 different systems (Mac OS X, Solaris and RedHat/Fedora linux) and get the same home directory. Am I going to have to disable selinux?
No, SELinux does nothing to NFS over the wire at this stage.
You can specify the security context of an NFS mount locally with the context= option to mount. This is something the kernel only sees locally, the remote server is not aware of anything.
e.g.
# mount -t nfs -o context=system_u:object_r:tmp_t server:/some/path /mnt/wherever
All of the files on the mount will appear to have the context system_u:object_r:tmp_t to SELinux.
- James
selinux@lists.fedoraproject.org