Re: Setting security.NTACL xattrs fails

[Santosh Pradhan <spradhan@xxxxxxxxxx>]

On 08/08/2014 11:22 AM, Ravishankar N wrote:
> fuse_setxattr() permits setting security.XXX only if selinux is 
> enabled. The command succeeds  if the volume is fuse-mounted the 
> following way:
> #glusterfs --volfile-server=<server IP> --volfile-id=<vol name> 
> --selinux  <mount point>

Good catch ! Thanks Ravi.

> I am not sure how to enable selinux when mounting a gluster volume via 
> nfs.

Gluster NFS which is of version 3 (As per NFSv3 protocol spec) does not 
support extended attributes. So it is N/A for NFS. :)

Thanks,
Santosh


> On 08/08/2014 12:37 AM, Santosh Pradhan wrote:
> > On 08/07/2014 09:52 AM, Pranith Kumar Karampuri wrote:
> > > hi Diego,
> > > I tried the operation on my machine and it is failing with operation 
> > > not supported, both on the bricks and mount. Could you please give 
> > > the output of the execution on your machines & gluster mount point.
> > >
> > > Brick:
> > > 09:49:17 :) ⚡ touch testfile && setfattr -n security.NTACL -v foo 
> > > testfile
> > > setfattr: testfile: Operation not permitted
> >
> > Which is the filesystem in use (in bricks) ? If ext3/4, you may need 
> > to mount it with user_xattr option to enable extended attribute 
> > support, XFS has it enabled by default though.
> >
> > Thanks,
> > Santosh
> >
> > > Mount:
> > > 09:49:13 :( ⚡ touch testfile && setfattr -n security.NTACL -v foo 
> > > testfile
> > > setfattr: testfile: Operation not supported
> > >
> > > Pranith
> > >
> > > On 08/06/2014 08:10 PM, Diego Woitasen wrote:
> > > > On Wed, Aug 6, 2014 at 11:30 AM, Diego Woitasen 
> > > > <diego@xxxxxxxxxxxxxxx> wrote:
> > > > > Hi,
> > > > >   I have an issue with xattrs with the security prefix. This 
> > > > > command work in all the servers involved (bricks, clients) in all 
> > > > > the filesystems mounted (including the bricks), but fails on the 
> > > > > volume mounted in the clients.
> > > > >
> > > > > touch testfile && setfattr -n security.NTACL -v foo testfile
> > > > >
> > > > > If I try "-n whatever", works.
> > > > >
> > > > > # uname -a
> > > > > Linux storage01 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 
> > > > > 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
> > > > > # glusterfs --version
> > > > > glusterfs 3.5.1
> > > > >
> > > > > All the boxes have the same version.
> > > > >
> > > > > Hints are welcome :)
> > > > >
> > > > > Regards,
> > > > >    Diego
> > > > >
> > > > > --
> > > > > Diego Woitasen
> > > > > - Linux and Open Source solutions architect
> > > > > - DevOps Engineer, Infrastructure developer
> > > > > http://www.woitasen.com.ar
> > > > Adding more data to the issue: I see this in the log of the two 
> > > > bricks:
> > > >
> > > > [2014-08-06 14:39:06.231495] E [marker.c:2542:marker_removexattr_cbk]
> > > > 0-gv0-marker: No data available occurred while creating symlinks
> > > > [2014-08-06 14:39:06.231543] I
> > > > [server-rpc-fops.c:727:server_removexattr_cbk] 0-gv0-server: 124:
> > > > REMOVEXATTR /testfile (473fd975-a619-47d7-9ebc-d2a077ed1ac8) of key
> > > > security.ima ==> (No data available)
> > >
> > > _______________________________________________
> > > Gluster-users mailing list
> > > Gluster-users@xxxxxxxxxxx
> > > http://supercolony.gluster.org/mailman/listinfo/gluster-users
> >
> > _______________________________________________
> > Gluster-users mailing list
> > Gluster-users@xxxxxxxxxxx
> > http://supercolony.gluster.org/mailman/listinfo/gluster-users

_______________________________________________
Gluster-users mailing list
Gluster-users@xxxxxxxxxxx
http://supercolony.gluster.org/mailman/listinfo/gluster-users