On Tue, 2013-04-23 at 14:04 -0400, Steve Dickson wrote: > On 23/04/13 13:22, J. Bruce Fields wrote: > >>> What exactly was failing? > >> > > >> > Sorry I can't find the results right now. I'll re-run and let you know. > > The server is returning -EOPNOTSUPP in response to an nfs4 SETATTR which > > sets a mode. > > > > The operation shouldn't be failing, and if it does it should return an > > NFS error, not -ERRNO. > > > > I can't reproduce this just by doing chmod on the linux client. I'm not > > sure what pynfs is doing differently to trigger the bug. > thanks for talking a look... > > Hmm... I wonder if the fact nfsd4_set_nfs4_label() is returning > -EOPNOTSUPP instead of something like nfserr_attrnotsupp when > labels are not configured... Something you've pointed out > twice now... > http://www.spinics.net/lists/linux-nfs/msg36104.html > > If it is this problem I wonder why a chmod would not trigger it... Do you by any chance have EVM enabled? EVM includes the i_mode in the HMAC calculation. Anytime the i_mode changes, the existing HMAC is verified, before recalculating the HMAC to reflect the change. The hooks are there to update the HMAC, when using chmod. I posted a couple of patches to audit this type of error last week, but haven't sent a pull request yet. evm: audit integrity metadata failures integrity: move integrity_audit_msg() evm: calculate HMAC after initializing posix acl thanks, Mimi -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
