ReiserFS chicken and egg
Stephen Smalley
sds at tycho.nsa.gov
Wed Mar 29 12:24:05 UTC 2006
On Tue, 2006-03-28 at 15:52 -0600, Ian Pilcher wrote:
> Ian Pilcher wrote:
> > audit(1143579721.063:15): avc: denied { search } for pid=1709
> > comm="mount" name="/" dev=md8 ino=2
> > scontext=system_u:system_r:mount_t:s0
> > tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
>
> I created a brand new ReiserFS filesystem on a spare device and tried to
> mount it on /mnt/tmp via /etc/fstab. Upon rebooting, dmesg contains:
>
> ReiserFS: md9: warning: xattrs/ACLs enabled and couldn't find/create
> .reiserfs_priv. Failing mount.
>
> So it looks like the mount command can't find the SELinux contexts for
> the filesystem, because the SELinux contexts for the filesystem aren't
> set, because it can't find the SELinux contexts for the filesystem....
Sorry, reiserfs xattrs are known to be broken with SELinux at present,
because reiserfs doesn't yet implement the inode_init_security method
for labeling new inodes atomically at creation time. As a workaround,
mount it with a context= mount to override the use of xattrs.
Dan and Chris - please drop the fs_use_xattr line for reiserfs in policy
and possibly add a genfscon entry back for reiserfs so that SELinux
doesn't try using xattrs on reiserfs.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list