I'm trying to set up an NFS share between 2 CentOS servers (filesrv & websrv) for a folder that needs to be readable & writeable by the Apache process. I'm having trouble with the writeable side of this, which I've narrowed down to SELinux configuration: Apache can write to the share if I setenforce 0 on the NFS client.
The relevant line in the exports file for the NFS server is:
/data/files/sitefiles websrv(rw,sync,no_root_squash)
The SELinux context for the shared folder on the NFS server is:
system_u:object_r:httpd_sys_rw_content_t:s0
The entry in my fstab on the NFS client is:
filesrv:/data/files/sitefiles /var/www/html/webroot/files nfs context="system_u:object_r:httpd_sys_rw_content_t:s0" 0 0
As far as I can tell, this should mount the NFS share with the httpd_sys_rw_content_t context, but when I check it, it's actually:
system_u:object_r:httpd_sys_content_t:s0
What could be causing it to apply the stricter context to the share?
Best Answer
The simple solution should be to use the SELinux boolean
httpd_use_nfsto allow your webserver to display and write content stored on a NFS share: