NFS Labels

[Jorge Fábregas]

Hi,

In the nfsd_selinux man page it mentions:

nfsd_ro_t
nfsd_rw_t

...which might give you the impression that those are the labels you
might use for your shares. I tried them and the client could mount the
shares read-write (regardless of the label on the server). Clearly they
don't work or perhaps I'm using them in an unintended way.

After searching the mailing list I found out that, since nfs mainly runs
as a kernel module, SELinux can't control it.  Apparently that's also
the reason the read-only and read-write booleans were removed.  I'm now
wondering:

Did NFS used to run as a daemon in the past?

Since NFS  is practically unconfined, what are the nfsd_ro_t and rw_t
labels for?

Thanks!

-- 
Jorge