Re: Cephfs and SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hmm, SELinux appears to use the "security.selinux" xattr namespace,
and "security.*" is allowed through Ceph's filters. Can you check and
make sure that it's in fact using the xattr labeling scheme and not
something else? Maybe strace the process and check exactly which
syscall fails in what way.
-Greg

On Mon, Feb 18, 2013 at 4:19 PM, Darryl Bond <dbond@xxxxxxxxxxxxx> wrote:
> I believe that it was the kernel client. I had installed the rpms from
> the Ceph download (0.56.3)
> mount -t cephfs ...
>
> I was using 3.7.7 yesterday.
>
> Darryl
>
>
>
> On 02/19/13 10:12, Gregory Farnum wrote:
>>
>> This is using the kernel client? What kernel version does Fedora 18 use?
>>
>> I would expect this to work fine as CephFS enables xattrs by default, but
>> perhaps we've made a mistake in filtering somewhere…
>> -Greg
>>
>>
>> On Sunday, February 17, 2013 at 3:56 PM, Darryl Bond wrote:
>>
>>> Hello,
>>> I have mounted a cephfs filesystem on Fedora18 client. I am using
>>> SELinux and get permission denied unless I setenforce 0.
>>> The filesystem cannot be labelled to allow it to work with SELinux.
>>> # chcon --reference=/var /mnt
>>> chcon: failed to change context of /mnt to system_u:object_r:var_t:s0:
>>> Operation not supported
>>>
>>>
>>> I can't see any options to enable extended attributes in MDS or
>>> mount.ceph
>>>
>>> Regards
>>> Darryl
>>
>>
>
>
> The contents of this electronic message and any attachments are intended
> only for the addressee and may contain legally privileged, personal,
> sensitive or confidential information. If you are not the intended
> addressee, and have received this email, any transmission, distribution,
> downloading, printing or photocopying of the contents of this message or
> attachments is strictly prohibited. Any legal privilege or confidentiality
> attached to this message and attachments is not waived, lost or destroyed by
> reason of delivery to any person other than intended addressee. If you have
> received this message and are not the intended addressee you should notify
> the sender by return email and destroy all copies of the message and any
> attachments. Unless expressly attributed, the views expressed in this email
> do not necessarily represent the views of the company.
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux