nfsd trust #207
Comments
|
To make a file trusted, it has to be added to the trust database. For example. fapolicyd-cli --file add /usr/bin/nfsd |
|
@stevegrubb That's the problem NFS is implemented in kernel space, there is no nfsd file. |
|
Could you elaborate little bit more? What are you trying to accomplish? Are there any denials? |
|
Yes, specifically this default rule An odd symptom I have noticed: if I disable fapolicyd allow a client to access the file and then turn fapolicyd back on it no longer get's denied, my guess is through some sort of caching, either client side or server side. |
|
Haven't forgot about this. I need to setup an nfs mount and see what is going on. Remote filesystems in general would be hard to support because of the lack of a source of trust information. |
|
If nfsd is a kernel module, I think it can be allowed using the ppid option. |
How would I mark exe=nfsd as trusted? Or if there is a better way. How do I export a filesystem containing a language file?
e.g.
%languages=application/x-bytecode.ocaml,application/x-bytecode.python,application/java-archive,text/x-java,application/x-java-applet,application/javascript,text/javascript,text/x-awk,text/x-gawk,text/x-lisp,application/x-elc,text/x-lua,text/x-m4,text/x-nftables,text/x-perl,text/x-php,text/x-python,text/x-R,text/x-ruby,text/x-script.guile,text/x-tcl,text/x-luatex,text/x-systemtapThe text was updated successfully, but these errors were encountered: