Enable NFS v4.2 security labels

Contributors

Beginning with ONTAP 9.9.1, NFS security labels can be enabled. They are disabled by default.

About this task

With NFS v4.2 security labels, ONTAP NFS servers are Mandatory Access Control (MAC) aware, storing and retrieving sec_label attributes sent by clients.

For more information, see RFC7240

Note

NFS v4.2 security labels are not currently supported for NDMP dump operations. If security labels are encountered on files or directories, the dump fails.

Steps
  1. Change the privilege setting to advanced:

    set -privilege advanced

  2. Enable security labels:

    vserver nfs modify -vserver svm_name -v4.2-seclabel enabled