Symptoms

Users may notice that some files cannot be accessed or folders cannot be listed after Unity upgrading to Operating Environment (OE) 5.5The issue only happens under the following conditions: Client mounts the NFS Export using NFSv4.2, the access is good if the client mounts the NFS export using NFSv3, or NFSv4.0, or NFSv 4.1. SELinux is enabled on the Linux client. Here is an example: User test_user cannot list the content of NFS mountpoint /mnt when mounting using NFSv4.2. [test_user@RHEL4 ~]$ mount -v | grep -i mnt 10.xx.xx.48:/test on /mnt type nfs4 (rw,relatime,seclabel,vers=4.2,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.227.xxx.129,local_lock=none,addr=10.60.15.48) [test_user@RHEL4 ~]$ ls -al /mnt ls: cannot open directory '/mnt': Permission denied User test_user can list the same folder after client remounting the NFS export using NFSv4.1. [test_user@RHEL4 ~]$ mount -v | grep -i mnt 10.xx.xx.48:/test on /mnt type nfs4 (rw,relatime,vers=4.1,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.227.xxx.129,local_lock=none,addr=10.60.15.48) [test_user@RHEL4 ~]$ ls -al /mnt total 16 drwxrwxrwx. 6 root root 8192 Jun 18 03:21 . dr-xr-xr-x. 20 root root 271 Jun 8 19:07 .. dr-xr-xr-x. 2 root bin 152 Apr 14 03:56 .etc drwxr-xr-x. 2 root root 152 Jun 18 03:20 folder drwxr-xr-x. 2 root root 8192 Apr 14 03:56 lost+found

Cause

Unity added support for NFSv4.2 starting with Unity OE 5.5. NFSv4.2 protocol support brings additional security and performance, and NFS attribute support of spare files and NFS labeling.The security label feature in NFSV4.2 allows security labels (such as SELinux contexts) to be stored and enforced over NFS shares. By default, this feature is enabled on Unity NAS server. When SELinux is enabled on a Linux client, it assigns a security label to every object in the systems including files, folders, processes, ports, and devices. The default security context that SELinux assigns to files in NFS export mounted using NFS v3, V4.0, or v4.1 is system_u:object_r:nfs_t:s0. [root@rhel8 test]# ls -alZ testv4.1 -rw-r--r--. 1 root root system_u:object_r:nfs_t:s0 0 Jun 1 21:47 testv4.1 When the client mounts the NFS Export using NFS v4.2, the default security context of NFS files changes to unconfined_u:object_r:default_t:s0. [root@rhel8 test]# ls -alZ testv4.2 -rw-r--r--. 1 root root unconfined_u:object_r:default_t:s0 0 Jun 1 2025 testv4.2 The change of the security context especially the security type from nfs_t to default_t may cause some access issues as SELinux determines the access permission based on the policy rules that calculates the security type of the user or process and files or folders.

Resolution

This issue is fixed in Unity OE 5.5.3. Release Notes for the Dell Unity™ Family Current Release Version: 5.5.3.0.5.046 If an upgrade is not an option, there are workarounds to avoid this issue.Users should choose one solution based on their priorities: security, simplicity, or feature requirements. Remount the NFS export using NFSv4.1, NFSv4.0, or NFSv3 from client: mount -o vers=4.1 <nas server IP>:/<export> /<localmountpoint> Mount the NFS export using NFSv4.2 but specify the security context: mount -o context=system_u:object_r:nfs_t:s0 <nas server IP>:/<export> /<localmountpoint> Downgrade the maximum support NFSv4 version on Unity from v4.2 to v4.1. Dell Unity: After upgrade to Unity OE version 5.5, NFSv4 clients cannot access data Disable the security label on Unity: Dell Unity: How to disable Security Label over NFS on Unity OE 5.5 (User Correctable) Change the security type of the files in NFS export to the appropriate ones based on the requirement: chcon <user>:<role>:<type>:<level> <file/folders> For example, change the file type to nfs_t. [root@RHEL4 /]# ls -alZ /mnt/nfsv4.2 -rw-r--r--. 1 root root system_u:object_r:default_t:s0 0 Jun 17 00:53 /mnt/nfsv4.2 [root@RHEL4 /]# chcon -t nfs_t /mnt/nfsv4.2 [root@RHEL4 /]# ls -alZ /mnt/nfsv4.2 -rw-r--r--. 1 root root system_u:object_r:nfs_t:s0 0 Jun 17 00:53 /mnt/nfsv4.2

Support Cases