virtiofs mounted filesystems & SELinux
Connor Kuehl
ckuehl at redhat.com
Wed Jun 2 20:55:40 UTC 2021
On 5/21/21 11:59 AM, Link Dupont wrote:
Adding the virtio-fs mailing list.
> I am mounting a filesystem into a domain using the virtiofs driver.
>
> <filesystem accessmode="passthrough" type="mount">
> <source dir="/home"/>
> <target dir="/home"/>
> <driver type="virtiofs"/>
> </filesystem>
>
> Both my host (Fedora 34) and guest (CentOS 8.4) are running with SELinux
> enforcing. From my host, I can see that the SELinux context type is set to
> user_home_dir_t.
>
> $ ls -ldZ /home/link
> drwxr-xr-x. 61 link link system_u:object_r:user_home_dir_t:s0 8192 May 21
> 12:41 /home/link
>
>>From within the guest however, the volume is unlabeled_t
>
> $ ls -lZd /home/link
> drwxr-xr-x. 61 link link system_u:object_r:unlabeled_t:s0 8192 May 21 12:53 /
> home/link
>
> Is there a way to pass the SELinux context through to the guest? Or mount the
> volume with the correct options to map SELinux contexts?
>
>
Hi,
I'm afraid I actually don't know that much about SELinux but I read
that it relies on using extended attributes in the file system to
accomplish its labeling.
Do you still experience this issue when you enable extended attribute
support[1] in virtiofsd? The example in the optional parameters snippet
enables extended attributes with the xattr='on' element.
Connor
[1] https://libvirt.org/kbase/virtiofs.html#optional-parameters
More information about the libvirt-users
mailing list