From: Dave Chinner <david@fromorbit.com>
To: Eryu Guan <eguan@redhat.com>
Cc: fstests@vger.kernel.org
Subject: Re: [PATCH] generic/35[67]: update selinux context for mkswap
Date: Wed, 7 Dec 2016 09:54:03 +1100 [thread overview]
Message-ID: <20161206225403.GG4219@dastard> (raw)
In-Reply-To: <20161206080927.22379-1-eguan@redhat.com>
On Tue, Dec 06, 2016 at 04:09:27PM +0800, Eryu Guan wrote:
> With selinux enabled & the default selinux context in fstests,
> mkswap is denied, generic/35[67] fail as:
>
> +mkswap: unable to relabel /mnt/testarea/scratch/test-357/file1 to system_u:object_r:swapfile_t:s0: Operation not supported
>
> So mount SCRATCH_DEV with swapfile selinux context if selinux is
> enabled (SELINUX_MOUNT_OPTIONS not empty).
>
> Signed-off-by: Eryu Guan <eguan@redhat.com>
> ---
> tests/generic/356 | 4 ++++
> tests/generic/357 | 4 ++++
> 2 files changed, 8 insertions(+)
>
> diff --git a/tests/generic/356 b/tests/generic/356
> index 6bb90c0..8bebad2 100755
> --- a/tests/generic/356
> +++ b/tests/generic/356
> @@ -49,6 +49,10 @@ _require_cp_reflink
>
> echo "Format and mount"
> _scratch_mkfs > $seqres.full 2>&1
> +# the default selinux context won't allow mkswap
> +if [ "$SELINUX_MOUNT_OPTIONS" != "" ]; then
> + export SELINUX_MOUNT_OPTIONS="-o context=system_u:object_r:swapfile_t:s0"
> +fi
> _scratch_mount >> $seqres.full 2>&1
>
> testdir=$SCRATCH_MNT/test-$seq
> diff --git a/tests/generic/357 b/tests/generic/357
> index 439b314..8941927 100755
> --- a/tests/generic/357
> +++ b/tests/generic/357
> @@ -49,6 +49,10 @@ _require_cp_reflink
>
> echo "Format and mount"
> _scratch_mkfs > $seqres.full 2>&1
> +# the default selinux context won't allow mkswap
> +if [ "$SELINUX_MOUNT_OPTIONS" != "" ]; then
> + export SELINUX_MOUNT_OPTIONS="-o context=system_u:object_r:swapfile_t:s0"
> +fi
Can we put this inside the proprosed _require_scratch_swap()
function or - better - just add the swapfile capability to the
default SELINUX_MOUNT_OPTIONS parameters that we set?
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
prev parent reply other threads:[~2016-12-06 22:55 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-06 8:09 [PATCH] generic/35[67]: update selinux context for mkswap Eryu Guan
2016-12-06 22:54 ` Dave Chinner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161206225403.GG4219@dastard \
--to=david@fromorbit.com \
--cc=eguan@redhat.com \
--cc=fstests@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.