runcon Invalid argument

Moray Henderson Moray.Henderson at ict-software.org
Mon Apr 16 09:37:10 UTC 2012


(sorry - my reply didn't get copied to the list)

> -----Original Message-----
> From: Daniel J Walsh [mailto:dwalsh at redhat.com]
> Sent: 13 April 2012 17:52
> >
> > I can do this:
> >
> > [root at kojihub ~]# setenforce 0 [root at kojihub ~]# runcon
> > unconfined_u:system_r:httpd_t:s0 bash [root at kojihub ~]# setenforce 1
> > [root at kojihub ~]# id uid=0(root) gid=0(root)
> > groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
> > context=unconfined_u:system_r:httpd_t:s0

(those lines should not have joined - 2 spaces at the beginning of each line are supposed to prevent an email client "helpfully" removing line breaks)

> > However, I think I have a problem.  My nfs server has to have SELinux
> > disabled for other reasons, so I can't set nfs_export_all_rw there.
> It has
> > to be on the nfs server, doesn't it?  Even if I set everything in the
> tree
> > I'm exporting to public_content_rw_t on the server and unmount and
> remount
> > the client filesystem everything still comes out as nfs_t.  Is that
> because
> > it's not getting the proper information from the nfs server?
> >
> > Other than leaving my Koji server in permissive mode or using
> > httpd_disable_trans=1 (if that works on CentOS 6), is there a way to
> make
> > this work?  If not, I'll have to rearrange some disk space.
> >
> >
> > Moray. “To err is human; to purr, feline.”
> >
> >
> >
> >
> The remove client does not have to have SELinux enabled or not. Lets
> step back
> to the beginning, what problem are you trying to solve?
> 
> SELinux is enforced at the client side, so it treats all files as
> nfs_t.  If
> you are trying to share content on an NFS Server using apache, you have
> to
> turn on a couple of booleans depending on the OS you are running
> SELinux on.

My apache server is on the nfs client machine.  That machine does not have enough disk space, so I was hoping to have it write to a filesystem mounted from another machine.  The machine that I was trying to use as the nfs server has lots of disk space, but has to have SELinux disabled.


Moray.
“To err is human; to purr, feline.”







More information about the selinux mailing list