From: Casey Schaufler <casey@schaufler-ca.com>
To: zyxel <zyx1984@gmail.com>
Cc: selinux@tycho.nsa.gov
Subject: Re: labeled NFS
Date: Fri, 11 May 2012 07:28:41 -0700 [thread overview]
Message-ID: <4FAD2219.6090603@schaufler-ca.com> (raw)
In-Reply-To: <CAHx7xgW22yYYEgDR=tqomoS3AEOOwOc351d0+1WZNnbsv1rYVA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1954 bytes --]
On 5/11/2012 4:05 AM, zyxel wrote:
> Hello.
>
> I have some questions about labeled NFS.
> We have client and server systems running RHEL 6.1
> Kernels for both client and server were downloaded from
> git://git.selinuxproject.org/~dpquigl/lnfs
> <http://git.selinuxproject.org/%7Edpquigl/lnfs>
> Kernel version is 2.6.32. and they are already patched to support
> labeled NFS.
> Server is configured to export NFS share. Nfs-utils on server are
> patched for labeled nfs too.
>
> Here is listing for server exports file:
> /export
> *(rw,fsid=0,sec=unix,insecure,no_subtree_check,sync,security_label)
>
> Client and server have the same MLS policy.
>
> If I mount NFS share with command
> #mount -t nfs4 server:/ /mnt/nfsv4
> everything works good, but when i try to mount the same share to
> another directory
> #mount -t nfs4 server:/ /mnt/nfsv4_2
> it fails with:
>
> Message from syslogd@localhost at May 11 13:07:17 ...
> kernel:Oops: 0000 [#1] SMP
>
> Message from syslogd@localhost at May 11 13:07:17 ...
> kernel:last sysfs file: /sys/devices/virtual/block/dm-0/dev
>
> Message from syslogd@localhost at May 11 13:07:17 ...
> kernel:Stack:
An "Oops" indicates that a component of the kernel had a fatal
error, but that it only affected the current process or device
and the kernel was able to continue otherwise.
Use dmesg to see the kernel log. Any number of issues, from
misconfiguration to just plain bad code could have caused your
problem. There is not enough information in your email to do
much diagnosis.
>
> Why does it happens? Where I can get more information about that.
>
> The second question is that maybe I don't need labeled NFS.
> My task is to transfer security levels between client and server over NFS
> so that client with security level s0, for example, couldn't get
> access to file with level s1 on NFS share.
> I don't know if it may be done with netlabel or something.
> Could you help me a bit.
>
> Andrei
[-- Attachment #2: Type: text/html, Size: 2905 bytes --]
next prev parent reply other threads:[~2012-05-11 14:28 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-11 11:05 labeled NFS zyxel
2012-05-11 14:28 ` Casey Schaufler [this message]
2012-05-11 15:12 ` zyxel
-- strict thread matches above, loose matches on Subject: below --
2012-05-21 11:50 zyxel
2012-05-21 12:27 ` Stephen Smalley
2013-05-30 18:06 Labeled NFS Myklebust, Trond
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FAD2219.6090603@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=selinux@tycho.nsa.gov \
--cc=zyx1984@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.