| Message ID | 4F20700B.8060307@sandeen.net |
|---|---|
| State | Not Applicable, archived |
| Headers | show |
On Wed, Jan 25, 2012 at 03:11:39PM -0600, Eric Sandeen wrote: > For some reason, non-xfs filesystems aren't getting mounted with > the selinux context; perhaps because none of the xattr tests used > to work on anything but xfs? > > Anyway, 062 fails for extN unless we mount with the fs-wide > context. > > Signed-off-by: Eric Sandeen <sandeen@redhat.com> > --- > > ps: eparis says this should work for NFS as well, let's go for > it and if infrequently tested filesystems have trouble we can > exclude them as necessary. Verifying that assumption isn't hard, please do it. -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 1/25/12 3:14 PM, Christoph Hellwig wrote: > On Wed, Jan 25, 2012 at 03:11:39PM -0600, Eric Sandeen wrote: >> For some reason, non-xfs filesystems aren't getting mounted with >> the selinux context; perhaps because none of the xattr tests used >> to work on anything but xfs? >> >> Anyway, 062 fails for extN unless we mount with the fs-wide >> context. >> >> Signed-off-by: Eric Sandeen <sandeen@redhat.com> >> --- >> >> ps: eparis says this should work for NFS as well, let's go for >> it and if infrequently tested filesystems have trouble we can >> exclude them as necessary. > > Verifying that assumption isn't hard, please do it. > # mount -t nfs -o context=system_u:object_r:nfs_t:s0 localhost:/mnt/export /mnt/test # grep /mnt/export /proc/mounts localhost:/mnt/export /mnt/test nfs4 rw,context=system_u:object_r:nfs_t:s0,relatime,vers=4,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=127.0.0.1,minorversion=0,local_lock=none,addr=127.0.0.1 0 0 -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
In that case the update patch is fine with me,
Reviewed-by: Christoph Hellwig <hch@lst.de>
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/common.rc b/common.rc index 6231457..602513a 100644 --- a/common.rc +++ b/common.rc @@ -72,11 +72,11 @@ _mount_opts() # nfs_t is a "liberal" context so we can use it. if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then SELINUX_MOUNT_OPTIONS="-o context=system_u:object_r:nfs_t:s0" + export SELINUX_MOUNT_OPTIONS fi case $FSTYP in xfs) - export SELINUX_MOUNT_OPTIONS export MOUNT_OPTIONS=$XFS_MOUNT_OPTIONS ;; udf)
For some reason, non-xfs filesystems aren't getting mounted with the selinux context; perhaps because none of the xattr tests used to work on anything but xfs? Anyway, 062 fails for extN unless we mount with the fs-wide context. Signed-off-by: Eric Sandeen <sandeen@redhat.com> --- ps: eparis says this should work for NFS as well, let's go for it and if infrequently tested filesystems have trouble we can exclude them as necessary. -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html