Subject: | |
From: | |
Reply To: | |
Date: | Thu, 15 Oct 2009 11:16:05 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hi,
Someone correct me if I'm wrong, but I believe what I am saying is correct.
Selinux cannot put it's file settings on individual files or directories
in NFS. That is simply because NFS cannot handle the selinux settings
on it's files.
If you read the man page for nfs_selinux is tells you what to do when
you have home area's in NFS.
"
If you want to use a remote NFS server for the home directories on this
machine, you must set the use_nfs_home_dirs boolean:
setsebool -P use_nfs_home_dirs 1
"
I have to admit, I'm a bit surprised that it tried to do all those
settings when you do not have selinux disabled.
But after thinking about it, it makes sense. Selinux doesn't know when
you are going to turn it on, so it needs to be ready by having all of
the files with the correct settings. That way when you do turn selinux
on, it doesn't have to go through and change the files then.
Hope this helps, and I'm sorry I didn't send this information out earlier.
Troy
Franchisseur Robert wrote:
> Hello,
>
> after the selinux update I have the following messages for all the users
> homedir which are NFS mounted.
>
> selinux is disabled or permissive.
>
> What is to be done ?
>
> Thanks for your help.
>
> ----- Forwarded message from root <[log in to unmask]> -----
>
>> From: root <[log in to unmask]>
>> Date: Thu, 15 Oct 2009 05:42:55 +0200
>> Subject: YUM:cui.lmd.jussieu.fr:2009-10-15
>> To: [log in to unmask]
>>
>> --------------------
>> YUM - security
>> --------------------
>>
>> ================================================================================
>> Package Arch Version Repository Size
>> ================================================================================
>> Updating:
>> libselinux i386 1.33.4-5.5.el5 sl-security 76 k
>> libselinux x86_64 1.33.4-5.5.el5 sl-security 77 k
>> libselinux-python x86_64 1.33.4-5.5.el5 sl-security 73 k
>> libsemanage x86_64 1.9.1-4.4.el5 sl-security 141 k
>> libsepol x86_64 1.15.2-2.el5 sl-security 131 k
>> libsepol i386 1.15.2-2.el5 sl-security 128 k
>> policycoreutils x86_64 1.33.12-14.6.el5 sl-security 628 k
>> policycoreutils-gui x86_64 1.33.12-14.6.el5 sl-security 132 k
>> selinux-policy noarch 2.4.6-255.el5_4.1 sl-security 393 k
>> selinux-policy-targeted noarch 2.4.6-255.el5_4.1 sl-security 1.1 M
>> Installing for dependencies:
>> libselinux-utils x86_64 1.33.4-5.5.el5 sl-security 55 k
>> selinux-policy-devel noarch 2.4.6-255.el5_4.1 sl-security 419 k
>>
>> Transaction Summary
>> ================================================================================
>> Install 2 Package(s)
>> Update 10 Package(s)
>> Remove 0 Package(s)
>>
>> Total download size: 3.3 M
>> chourdin homedir /u/chourdin or its parent directory conflicts with a
>> defined context in /etc/selinux/targeted/contexts/files/file_contexts,
>> /usr/sbin/genhomedircon will not create a new context. This usually
>> indicates an incorrectly defined system account. If it is a system
>> account please make sure its login shell is /sbin/nologin.
>>
>> <snip>
>
> same messages for all the accounts.
>
>> <snip>
>>
>>
>> Dependency Installed: libselinux-utils.x86_64 0:1.33.4-5.5.el5
>> selinux-policy-devel.noarch 0:2.4.6-255.el5_4.1
>> Updated: libselinux.i386 0:1.33.4-5.5.el5 libselinux.x86_64
>> 0:1.33.4-5.5.el5 libselinux-python.x86_64 0:1.33.4-5.5.el5
>> libsemanage.x86_64 0:1.9.1-4.4.el5 libsepol.x86_64 0:1.15.2-2.el5
>> libsepol.i386 0:1.15.2-2.el5 policycoreutils.x86_64 0:1.33.12-14.6.el5
>> policycoreutils-gui.x86_64 0:1.33.12-14.6.el5
>> selinux-policy.noarch 0:2.4.6-255.el5_4.1 selinux-policy-targeted.noarch 0:2.4.6-255.el5_4.1
>>
> ----- End forwarded message -----
>
--
__________________________________________________
Troy Dawson [log in to unmask] (630)840-6468
Fermilab ComputingDivision/LCSI/CSI LMSS Group
__________________________________________________
|
|
|