On Tue, Aug 19, 2014 at 10:28:54AM -0700, Zach Brown wrote: > On Tue, Aug 19, 2014 at 11:32:16AM +0800, Eryu Guan wrote: > > Hi, > > > > Description of the problem: > > > > mount btrfs with selinux context, then create a subvolume, the new > > subvolume cannot be mounted, even with the same context. > > > > mkfs -t btrfs /dev/sda5 > > mount -o context=system_u:object_r:nfs_t:s0 /dev/sda5 /mnt/btrfs > > btrfs subvolume create /mnt/btrfs/subvol > > mount -o subvol=subvol,context=system_u:object_r:nfs_t:s0 /dev/sda5 > > /mnt/test > > Submit a xfstest?
Sure, will do. Thanks, Eryu > > > The security_sb_copy_data() takes out selinux context data to > > "secdata", then mount_subvol() calls mount_fs() (via vfs_kern_mount()) > > again without selinux context, so mount_subvol() fails, which fails > > the whole mount. > > > > Not sure what's the proper fix. Zach suggestted that the fix will > > probably be to rework the vfs functions a bit as he said in rh > > bugzilla[1]. > > Yeah, I have no idea what'd be preferred here: > > - rework the vfs _kern_ mount api to offer one that doesn't mess with > selinux mount options > - add a flag to have the second _kern_ mount ignore selinux (but not > MS_KERNMOUNT?) > - binary data and fs selinux handling? (like nfs) > > - z -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
