Re: "operation not support" when execute #restorecon -R /

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Casey Schaufler <casey@schaufler-ca.com>
To: casinee app <appcasinee@gmail.com>
Cc: David Quigley <selinux@davequigley.com>,
	SE-Linux <selinux@tycho.nsa.gov>,
	Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: "operation not support" when execute #restorecon -R /
Date: Wed, 13 Jun 2012 09:16:43 -0700	[thread overview]
Message-ID: <4FD8BCEB.30904@schaufler-ca.com> (raw)
In-Reply-To: <CAO-AVB7QdNtzoZWKQ0R0mBOrzEFy5e1kovZs5CVW-795K6WpkQ@mail.gmail.com>

On 6/12/2012 7:29 PM, casinee app wrote:
> 2012/6/13 David Quigley <selinux@davequigley.com>:
>> On 06/05/2012 21:34, casinee app wrote:
>>> the NFS. I had applied a patch to the kernel to support the xattr of
>>> NFS filesystem.
>>>
>>> 2012/6/5 David Quigley <selinux@davequigley.com>
>>>
>>>> On 06/05/2012 02:51, casinee app wrote:
>>>>
>>>>> Hi,
>>>>> when i execute #restorecon -R / , all the output is "... operation
>>>>> not support".  I had check the source code, and in
>>>>> linux/security/selinux/hooks.c :
>>>>>
>>>>>          ...
>>>>>  sbsec = inode->i_sb->s_security;
>>>>>  if (!(sbsec->flags & SE_SBLABELSUPP))
>>>>>  {
>>>>>  return -EOPNOTSUPP;
>>>>>  }
>>>>>         ...
>>>>> it returned. The  SE_SBLABELSUPP defined as 0x40, i want to know how
>>>>> can i do to make the filesystem to support the SecurityContext of
>>>>> selinux.
>>>>> Thanks.
>>>>
>>>> Which filesystem is this?
>>>>
>>>> Dave
>>
>> Where did you get this patch? Is it supposed to be generic xattr support in
>> NFS? if so what version?
>>
> I got the patch from the website  http://namei.org/nfsxattr/ .  After
> i applied the patch,
> when i config the kernel, i can see the options like this:
> ...
> <*>   NFS client support
>   [*]     NFS client support for NFS version 3
>   [*]   NFS client support for the NFSv3 ACL protocol extension
>   [*]   NFS client support for the NFSv3 XATTR protocol extension (EXPERIMENTAL)
>   [*]     Extended attributes in the user namespace (EXPERIMENTAL)
>   [*]   NFS client support for NFS version 4 (EXPERIMENTAL)
>   [*]   Root file system on NFS
>  <M>   NFS server support
>     -*-     NFS server support for NFS version 3
>    [*]       NFS server support for the NFSv3 ACL protocol extension
>    [*]       NFS server support for the NFSv3 XATTR protocol extension
> (EXPERIMENTAL)
>    [*]     NFS server support for NFS version 4 (EXPERIMENTAL)

Ah, James' generic xattr patches. Very useful, fully functional, the
right thing is every way and totally despised by the NFS and IETF crowd.
They're fine to use for experimental purposes, but it is hard to imagine
them ever getting upstream.


>
>
>> Dave
>>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2012-06-13 16:16 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-06-05  6:51 "operation not support" when execute #restorecon -R / casinee app
2012-06-05 11:04 ` David Quigley
2012-06-06  1:34   ` casinee app
2012-06-12 20:40     ` David Quigley
2012-06-13  2:29       ` casinee app
2012-06-13 16:16         ` Casey Schaufler [this message]
2012-06-13 18:17           ` David Quigley
2012-06-13 18:36             ` Stephen Smalley
2012-06-13 18:42               ` David Quigley
2012-06-13 19:00               ` Stephen Smalley
2012-06-13 20:24             ` Vu, Joseph

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4FD8BCEB.30904@schaufler-ca.com \
    --to=casey@schaufler-ca.com \
    --cc=appcasinee@gmail.com \
    --cc=selinux@davequigley.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.