Adding the <binary xattr='on'> element to the <filesystem> device does
seem to spawn virtiofsd with the option string "source=/home,xattr". My
guest can no longer mount the device though.
It errors with:
[ 170.225553] 9pnet_virtio: no channels available
mount: mount(2) failed: No such file or directory
I think what this is doing is causing libvirt to create the device as a
virtiofs device instead of a 9p device. The EL7 kernel doesn't have a
virtiofs driver, so it can't mount virtiofs devices.
My knowledge is unfortunately limited about the nuances between 9p and
virtiofs. So I'm mostly experimenting by trial-and-error here.
On Wed, Jun 2 2021 at 03:55:40 PM -0500, Connor Kuehl
<ckuehl@xxxxxxxxxx> wrote:
On 5/21/21 11:59 AM, Link Dupont wrote:
Adding the virtio-fs mailing list.
I am mounting a filesystem into a domain using the virtiofs driver.
<filesystem accessmode="passthrough" type="mount">
<source dir="/home"/>
<target dir="/home"/>
<driver type="virtiofs"/>
</filesystem>
Both my host (Fedora 34) and guest (CentOS 8.4) are running with
SELinux
enforcing. From my host, I can see that the SELinux context type is
set to
user_home_dir_t.
$ ls -ldZ /home/link
drwxr-xr-x. 61 link link system_u:object_r:user_home_dir_t:s0 8192
May 21
12:41 /home/link
From within the guest however, the volume is unlabeled_t
$ ls -lZd /home/link
drwxr-xr-x. 61 link link system_u:object_r:unlabeled_t:s0 8192 May
21 12:53 /
home/link
Is there a way to pass the SELinux context through to the guest? Or
mount the
volume with the correct options to map SELinux contexts?
Hi,
I'm afraid I actually don't know that much about SELinux but I read
that it relies on using extended attributes in the file system to
accomplish its labeling.
Do you still experience this issue when you enable extended attribute
support[1] in virtiofsd? The example in the optional parameters
snippet
enables extended attributes with the xattr='on' element.
Connor
[1] https://libvirt.org/kbase/virtiofs.html#optional-parameters
