From: David Brown <davidb@davidb.org>
To: Chris Murphy <lists@colorremedies.com>
Cc: Bernardo Donadio <bcdonadio@gmail.com>, linux-btrfs@vger.kernel.org
Subject: Re: lsetxattr error when doing send/receive
Date: Wed, 14 May 2014 07:41:54 -0700 [thread overview]
Message-ID: <20140514144154.GA9110@davidb.org> (raw)
In-Reply-To: <5B4A1BF5-7178-448B-8989-50B793C0912D@colorremedies.com>
On Wed, May 14, 2014 at 12:52:50AM -0600, Chris Murphy wrote:
>
>On May 13, 2014, at 7:57 PM, David Brown <davidb@davidb.org> wrote:
>
>> On Tue, May 13, 2014 at 08:44:44PM -0300, Bernardo Donadio wrote:
>>> Hi!
>>>
>>> I'm trying to do a send/receive of a snapshot between two disks on Fedora 20 with Linux 3.15-rc5 (and also tried with 3.14 and 3.11) and SELinux disabled, and then I'm receiving the following error:
>>>
>>> [root@darwin /]# btrfs subvolume snapshot -r / @.$(date +%Y-%m-%d-%H%M%S)Create a readonly snapshot of '/' in './@.2014-05-13-203532'
>>> [root@darwin /]# btrfs send @.2014-05-13-203532 | btrfs receive /mnt/cold/
>>> At subvol @.2014-05-13-203532
>>> At subvol @.2014-05-13-203532
>>> ERROR: lsetxattr bin security.selinux=system_u:object_r:bin_t:s0 failed. Operation not supported
>>>
>>> I'm missing something? Is this a bug?
>>
>> Is selinux 'disabled' or just non-enforcing? If it is enabled, but
>> even non-enforcing, it still won't allow the security attributes to be
>> set.
>
>Reverse that. If selinux is disabled, labels can't be set. If not
>enforcing, you won't get AVC denials for the vast majority of events,
>but labels can be set and e.g. restorecon will still work.
$ selinuxenabled ; echo $?
0
$ touch /var/tmp/foo
$ sudo setfattr -n security.selinux -v system_u:object_r:bin_t:s0 /var/tmp/foo
$ ls -lZ /var/tmp/foo
-rw-rw-r--. davidb davidb system_u:object_r:bin_t:s0 /var/tmp/foo
and on a machine with selinux disabled:
$ selinuxenabled ; echo $?
1
$ touch /var/tmp/foo
$ sudo setfattr -n security.selinux -v system_u:object_r:bin_t:s0 /var/tmp/foo
$ ls -lZ /var/tmp/foo
-rw-rw-r--. davidb davidb system_u:object_r:bin_t:s0 /var/tmp/foo
so it doesn't actually seem to matter. At this point, I'm suspecting
this was actually a bug in a kernel I was running at some point, and I
just haven't bothered trying to enable selinux since then. I
definitely have received errors in the past from rsync that look like
the above error that I could fix by booting with selinux disabled.
David
next prev parent reply other threads:[~2014-05-14 14:41 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-13 23:44 lsetxattr error when doing send/receive Bernardo Donadio
2014-05-14 1:57 ` David Brown
2014-05-14 3:16 ` Bernardo Donadio
2014-05-14 6:56 ` Chris Murphy
2014-05-14 6:52 ` Chris Murphy
2014-05-14 14:41 ` David Brown [this message]
2014-05-15 5:06 ` Bernardo Donadio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140514144154.GA9110@davidb.org \
--to=davidb@davidb.org \
--cc=bcdonadio@gmail.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=lists@colorremedies.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.