I have NFS (v4) home directories.
The NFS server is a Synology (DSM 5.2), the client is a FC 23.
The client gets autofs settings from a freeIPA server:
ipa automountmap-add default auto.home ipa automountkey-add default --key "/home" --info auto.home auto.master ipa automountkey-add default --key "*" --info "-fstype=nfs4,rw,sec=sys,hard,intr,rsize=8192,wsize=8192 nfsserver.hq.example.com:/volume1/shared_homes/&" auto.home
While investigating a problem with file access rights, I checked the SElinux labels on the mounted homedirs:
$ matchpathcon -V /home /home has context system_u:object_r:autofs_t:s0, should be system_u:object_r:home_root_t:s0
$ matchpathcon -V /home/roberto /home/roberto has context system_u:object_r:nfs_t:s0, should be unconfined_u:object_r:user_home_dir_t:s0
I admit SELinux still gives a hard time, I’m wondering whether the contexts above should be fixed.
From what I have understood (please correct me otherwise), this has to to with SELinux Labeled NFS support, which would allow to give labels as if files were on a local filesystem, rather than a generic
nfs_t label. For this to work NVS v4.2 is required.
Being my NFS server on DSM, I doubt it supports v4.2 already.
My question is: is my client simply telling me “update your server and get this new cool feature working”, in which case I should not worry much, or is this really something to fix? And if so, how?
You should just be able to set the
use_nfs_home_dirs boolean and get on with life:
setsebool -P use_nfs_home_dirs on
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.