[Puppet - Bug #18982] (Unreviewed) Mount type doesnt handle SELinux context for NFS

[tickets]

Issue #18982 has been reported by Rene Cunningham.

----------------------------------------
Bug #18982: Mount type doesnt handle SELinux context for NFS
https://projects.puppetlabs.com/issues/18982

Author: Rene Cunningham
Status: Unreviewed
Priority: Normal
Assignee: 
Category: mount
Target version: 
Affected Puppet version: 2.6.17
Keywords: mount nfs selinux
Branch: 


Howdy,

Running RHEL6 with puppet 2.6.17.

mount resources with fstype set to 'nfs' and SELinux contexts passed as options 
fail to mount during a puppet run.

When I have this

<pre>
mount { '/mnt/foo':
    device  => 'bar:/nfs/export',
    fstype  => 'nfs',
    ensure  => 'mounted',
    options => 'rw,intr,soft,context=system_u:object_r:var_log_t:s0',
    atboot  => true,
    ensure   => mounted,
}
</pre>    

puppet agent errors with this

<pre>
err: /Stage[main]/MyModule::SubClass/Mount[/mnt/mountpoint]: Could not 
evaluate: Execution of '/bin/mount -o 
rw,intr,soft,context=system_u:object_r:var_log_t:s0 /mnt/mountpoint' returned 
32: mount.nfs: an incorrect mount option was specified
</pre>

yet /etc/fstab is populated correctly

<pre>
nfsserver:/nfs/export  /mnt/mountpoint   nfs 
rw,intr,soft,context=system_u:object_r:var_log_t:s0 0   0
</pre>

I can manually mount the NFS export with 'mount -a' once puppet is run though 
would obviously like puppet to do this for me. When manually running the 
'mount' command above without context=, the mount is successful.

>From my initial investigations, mount.nfs that ships with RHEL6 doesnt support 
>the SELinux context option.

I've got around this by calling an exec after the mount and reconfiguring the 
mount resource with 'ensure => present'

<pre>
exec { 'mount-mountpoint':
    command => 'mount /mnt/mountpoint',
    require => Mount['/mnt/mountpount'],
    unless  => "mount -t nfs | grep -q '/mnt/mountpoint'",
    path    => ['/bin', '/usr/bin', '/usr/sbin', '/sbin']
}
</pre>




-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-bugs+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-bugs@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.