On Mon, 2010-07-26 at 17:35 -0400, Eric Paris wrote: > On Mon, 2010-07-26 at 16:15 -0500, Xavier Toth wrote: > > > > Fuse can deal with xattrs but only AFTER the fuse userspace program > > > believes the filesystem is mounted (and if the filesystem can handle > > > it). My original patches didn't work, because I was calling getxattr > > > during the mount(2) syscall. It gets even worse. We had a 'bug' in > > > which the mount(8) program would call stat (or something like that) on > > > the root inode before it told the fuse userspace program the mount was > > > finished. The audit system checked for file capabilities on the stat > > > call, which resulted in an xattr upcall, which resulted in a deadlock > > > because the fuse userspace wouldn't answer until the mount finished. > > > The 'fix' was to stop mount(8) from calling stat on fuse mounts. > > > > So is this past tense, there was a bug in mount(8) that has been addressed? > > That's correct. mount(8) now has a --no-canonicalize option which fuse > uses to make it not call stat before it completes to avoid the deadlock. > > > > The 'right' solution (I think) is going to be 2 parts. First we need > > > to get more information in the superblock mounting. I seem to recall > > > that the only information we had was that it was 'fuse.' Not that is > > > was fuse mounting ntfs. > > > > It appear that the superblock contains s_type->name and s_subtype > > which should tell you that it is for example an fuse.ntfs mount. > > > > > After that we need to fix the other bug you > > > pointed out (and other bug I half worked on and you might be able to > > > find the patch in the archives somewhere) > > > > Sorry I'm not sure which bug you are referring to? > > http://marc.info/?l=selinux&m=121379719014155&w=2 appears to be your > > patch which I will look into applying. > > I was thinkin of these: > http://www.nsa.gov/research/selinux/list-archive/0805/26041.shtml > > genfscon is not allowed in modules. I stop looking when I realized that > those don't really handle the mls portion of the label correctly... > > > So sds wants to autodetect xattr support. that sounds great, but I > think is a large project that will require redesigning fuse. > > I am suggesting a smaller interim solution that consists of 2 steps. > > 1) get all the information about the name you need into the kernel in > the right place. aka s_type->name and s_subtype in the right hook. I > think David indicated that is going to take some kernel reworking to get > s_subtype set at the appropriate time. > > 2) add support to the policy to support filesystem labeling rules in > modules. I believe this is going to require the changes I was talking > about in the above link. If we go this route I think a new sub command for semanage would be a good thing to have. This way you could change them on the fly if necessary (although I'm not sure there is a use case for this). I think it might be a good idea to bring the fuse guys back in on this especially if we will be tinkering in their world. Dave -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
