unionfs, tmpfs, and xattrs
Bill Nottingham
notting at redhat.com
Tue Feb 7 22:37:50 UTC 2006
So, I'm playing some with unionfs (http://www.fsl.cs.sunysb.edu/project-unionfs.html),
which works fine with SELinux as long as the underlying filesystems that you're
using in the union all support xattrs.
Which brings us to tmpfs.
The way xattrs appear to work on tmpfs is that the VFS tries the getxattr
op of tmpfs (which fails, as it doesn't exist), and then does an end-run
around in the selinux code to get an attribute, as long as you're only
looking for the security xattr.
This means that anything on tmpfs can have a xattr retrieved from userspace
just fine with getxattr(2), but if you try and get it in the kernel via
'normal' means (such as the inode's getxattr method), it will fail. This
breaks tmpfs as part of a unionfs branch pretty badly.
Why was xattrs-on-tmpfs done this way? It seems somewhat hackish.
I could theoretically patch unionfs to call the vfs method, but... ew.
Bill
More information about the fedora-selinux-list
mailing list