-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/26/2013 12:56 PM, Christopher J. PeBenito wrote: > On 03/25/13 17:14, Rob Shelley wrote: >> I am evaluating OCFS2 on a CentOS 6.3 cluster and have run into a little >> bit of a snag with SELinux. After the OCFS2 partition is mounted no >> writes can be performed to the shared device from either node because >> they are being blocked by SELinux. The core of the issue is that the >> CentOS default policy does not list OCFS2 as a filesystem that supports >> xattrs in filesystem.te. It's a one line fix: >> >> fs_use_xattr ocfs2 gen_context(system_u:object_r:fs_t,s0); >> >> However, it would seem that the only way to implement this change in >> filesystem.te is by rebuilding the base policy. (I have not found a way >> to just reload the filesytem module of the base policy.) And even if >> there were an easy way to reload just the filesystem module of the base >> policy I believe this would be overwritten if an update is released. >> >> So, I was wondering if there was a way to incorporate this line into a >> module, say ocfs2.te. My initial attempts have failed, but I am assuming >> that is because I do not have the correct dependencies listed in the >> require section. >> >> Any suggestions? > > Unfortunately you can only add fs_use statements to the base module, so > you'd have to rebuild the base module. > You should be able to mount the file system with a single label. mount -o context="system_u..." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlFR70gACgkQrlYvE4MpobNnFACglqXTfagTP1SGv4B48u40GcAR v6EAni59zLo5gElDUCDuVueMXSI/0Ek2 =zKaF -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
