ReiserFS chicken and egg
Ian Pilcher
i.pilcher at comcast.net
Wed Mar 29 19:34:59 UTC 2006
Stephen Smalley wrote:
> On Wed, 2006-03-29 at 06:27 -0600, Ian Pilcher wrote:
>> Stephen Smalley wrote:
>>> Sorry, reiserfs xattrs are known to be broken with SELinux at present,
>>> because reiserfs doesn't yet implement the inode_init_security method
>>> for labeling new inodes atomically at creation time. As a workaround,
>>> mount it with a context= mount to override the use of xattrs.
>> I tried context=system_u:object_r:file_t:s0 and got the same error. Is
>> there something else I should be using?
>
> By the "same error", you mean another avc denial for search access to
> unlabeled_t:dir by mount_t? Did you get a SELinux: initialized (dev
> xxx, type reiserfs), uses mountpoint labeling message
> in /var/log/messages?
>
Sorry about the delay...jury duty.
Just tried again to be sure:
mkfs.reiserfs /dev/md9
/etc/fstab contains:
/dev/md9 /mnt/tmp reiserfs context=system_u:object_r:file_t:s0 0 2
Rebooted and the mount failed. dmesg | grep md9 shows:
audit(1143660461.416:15): avc: denied { search } for pid=1714
comm="mount" name="/" dev=md9 ino=2
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
ReiserFS: md9: warning: xattrs/ACLs enabled and couldn't find/create
.reiserfs_priv. Failing mount.
It doesn't look like the context option had any affect at all.
--
========================================================================
Ian Pilcher i.pilcher at comcast.net
========================================================================
More information about the fedora-selinux-list
mailing list