On 01/07/2016 05:38 PM, Andrew Ruch wrote:
> On Thu, Jan 7, 2016 at 3:21 PM, Daniel J Walsh <[email protected]> wrote:
>>
>> On 01/07/2016 04:48 PM, Andrew Ruch wrote:
>>> Hello,
>>>
>>> I'm researching deploying a diskless system that would use PXEBoot and
>>> NFS for it's storage. I believe this capability has been proven and
>>> have no issues here. The tricky part is this system must also have
>>> Mandatory Access Control. I thought RHEL 7.2 was the answer due to
>>> it's support of labeled NFS. However, Red Hat just told me that having
>>> an SELinux-labeled, remote root partition is unsupported. What wasn't
>>> clear was if the problem was in RHEL or something upstream.
>>>
>>> Does the kernel support a labeled, remote root partition? If so, which
>>> distributions support this?
>>>
>>>
>>> Thanks,
>>> Andrew Ruch
>>> _______________________________________________
>>> Selinux mailing list
>>> [email protected]
>>> To unsubscribe, send email to [email protected].
>>> To get help, send an email containing "help" to
>>> [email protected].
>>>
>>>
>> I just think no one has ever tried this. If the remote system is setup
>> with nfs labeling, theoretically this
>> should work.
>>
>> Not only rhel7 supports labeled networking on the server and client, to
>> the best of my knowleged.
>>
>> Not sure if NetApp or EMC support it yet.
> Hmmm... Red Hat Support referred me to an installation guide [1] at
> the very bottom of section 2.2. It says that SELinux must be disabled
> for diskless clients that use NFS as the root file system. I'm not
> trying to use RHEL for Real Time so I'll do some experimenting to see
> what I can figure out.
>
> Thanks,
> Andrew
>
>
> [1]
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_for_Real_Time/7/html/Installation_Guide/Installing_Real_Time_Using_Diskless_Boot.html
> _______________________________________________
> Selinux mailing list
> [email protected]
> To unsubscribe, send email to [email protected].
> To get help, send an email containing "help" to [email protected].
>
>
Right, because in most cases NFS will not support labels. This probably
should be changed to say it is not supported unless you set up labeled
networking on client /server (And it actually works.) If you prove that
it can work, I can work to get the Support changed.
_______________________________________________
Selinux mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to [email protected].
