On Mon, Oct 06, 2014 at 09:29:25AM -0400, Josef Bacik wrote: > On 09/23/2014 01:40 AM, Qu Wenruo wrote: > >[BUG] > >Originally when mount btrfs with "-o subvol=" mount option, btrfs will > >lose all security lable. > >And if the btrfs fs is mounted somewhere else, due to the lost of > >security lable, SELinux will refuse to mount since the same super block > >is being mounted using different security lable. > > > >[REPRODUCER] > >With SELinux enabled: > > #mkfs -t btrfs /dev/sda5 > > #mount -o context=system_u:object_r:nfs_t:s0 /dev/sda5 /mnt/btrfs > > #btrfs subvolume create /mnt/btrfs/subvol > > #mount -o subvol=subvol,context=system_u:object_r:nfs_t:s0 /dev/sda5 > > /mnt/test > > > >kernel message: > >SELinux: mount invalid. Same superblock, different security settings > >for (dev sda5, type btrfs) > > > >[REASON] > >This happens because btrfs will call vfs_kern_mount() and then > >mount_subtree() to handle subvolume name lookup. > >First mount will cut off all the security lables and when it comes to > >the second vfs_kern_mount(), it has no security label now. > > > >[FIX] > >This patch will makes btrfs behavior much more like nfs, > >which has the type flag FS_BINARY_MOUNTDATA, > >making btrfs handles the security label internally. > >So security label will be set in the real mount time and won't lose > >label when use with "subvol=" mount option. > > > > Please make this an xfstest, I'm going to change how subvols are mounted in > a bit and I'd like to make sure I don't break anything. Thanks,
Hi Qu, I'll submit one xfstest, just want to make sure you don't do duplicated work here. Thanks, Eryu -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
