Enabling NFS v4.2 security labels

Beginning with ONTAP 9.9.1, NFS security labels can be enabled after enabling NFS v4.2. They are disabled by default.

With NFS v4.2 security labels, ONTAP NFS servers are Mandatory Access Control (MAC) aware, storing and retrieving sec_label attributes sent by clients.

For more information, see RFC7240

Note

NFS v4.2 security labels are not currently supported for NDMP dump operations. If security labels are encountered on files or directories, the dump fails.

Verify that NFS v4.2 is enabled:vserver nfs show -vserver svm_name
Change the privilege setting to advanced:set -privilege advanced
Enable security labels:vserver nfs modify -vserver svm_name -v4.2-seclabel enabled

Give documentation feedback