[PATCH] xfstests: mount other filesystems with selinux context as well

[PATCH] xfstests: mount other filesystems with selinux context as well

[Eric Sandeen]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For some reason, non-xfs filesystems aren't getting mounted with
the selinux context; perhaps because none of the xattr tests used
to work on anything but xfs?

Anyway, 062 fails for extN unless we mount with the fs-wide
context.

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
- ---

diff --git a/common.rc b/common.rc
index cab0b64..5998ff2 100644
- --- a/common.rc
+++ b/common.rc
@@ -86,14 +86,17 @@ _mount_opts()
 	export MOUNT_OPTIONS=$NFS_MOUNT_OPTIONS
 	;;
     ext2|ext3|ext4|ext4dev)
- -	# acls & xattrs aren't turned on by default on ext$FOO
+	export SELINUX_MOUNT_OPTIONS
+	# acls & xattrs aren't turned on by default on ext$FOO in old kernels
 	export MOUNT_OPTIONS="-o acl,user_xattr $EXT_MOUNT_OPTIONS"
 	;;
     reiserfs)
+	export SELINUX_MOUNT_OPTIONS
 	# acls & xattrs aren't turned on by default on reiserfs
 	export MOUNT_OPTIONS="-o acl,user_xattr $REISERFS_MOUNT_OPTIONS"
 	;;
     gfs2)
+	export SELINUX_MOUNT_OPTIONS
 	# acls aren't turned on by default on gfs2
 	export MOUNT_OPTIONS="-o acl $GFS2_MOUNT_OPTIONS"
 	;;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOzTJgAAoJECCuFpLhPd7gv14QAJPmvzzrv7hTUq6Fuw5uLrnY
AJ/h2dxdJyKfcdSQe6InI9EmDOt6kD3GPR5PnfWn06tvNz2vHDeKwb8m29vaidcW
2RGvTdtxEl/3z7ePv2PBuPqib+Ns27aaOL6cXZbv9aikN6QwDOEdja99aH6ALyN/
4sVHlyabTUS3858KDtlYlSsVm9StvMNKf3BsKhaGOBfgN1tAQkgLc4PekGiY4uFn
Dkm7G8uLgqIOuzEP0mwodAvFtDaFOuxmlJrWsKc2hzb9n6fqNBR8qb2XkpYJjoc/
8KLCNu8o1TvEVYrObRq6bRfGbLRLjbfdVBWC2382BtZnGgF5jONR6xP9CN8bKAkk
Cns7AYGIndRzXy46d1U1lxrPtHw7VTIUUPuKf3iNICQc/voiSlpEL/R3RH5rFgaw
nRA1y+ufQNxNjFBKw9FwjuQ3+Eq+NZeytFoUETZVptxgtD+hkKl5oVGsTtqS2gpq
pJoWBMb7agQdARVBgOXNQ937KFwP5NV4fMZ157K0pwp1QPkCiV6ueP23T/XRAFhU
zAHPN22h4Ab1g5xiQWVZwfqCYkm8CjV0h6GAi2uwXCij1sqiv5IYehy/XIv171y4
lEVYkQl390wpaMtmpO6xDHRMlGPQX2T00JEGoUqIpATFX6h3JkX3LdB+FIvdzh06
AtgjqsaI8FmcvMfZlcBi
=6s9a
-----END PGP SIGNATURE-----

Re: [PATCH] xfstests: mount other filesystems with selinux context as well

[Christoph Hellwig]

On Wed, Nov 23, 2011 at 11:50:26AM -0600, Eric Sandeen wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> For some reason, non-xfs filesystems aren't getting mounted with
> the selinux context; perhaps because none of the xattr tests used
> to work on anything but xfs?
> 
> Anyway, 062 fails for extN unless we mount with the fs-wide
> context.
> 
> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
> - ---
> 
> diff --git a/common.rc b/common.rc
> index cab0b64..5998ff2 100644
> - --- a/common.rc
> +++ b/common.rc
> @@ -86,14 +86,17 @@ _mount_opts()
>  	export MOUNT_OPTIONS=$NFS_MOUNT_OPTIONS
>  	;;
>      ext2|ext3|ext4|ext4dev)
> - -	# acls & xattrs aren't turned on by default on ext$FOO
> +	export SELINUX_MOUNT_OPTIONS
> +	# acls & xattrs aren't turned on by default on ext$FOO in old kernels
>  	export MOUNT_OPTIONS="-o acl,user_xattr $EXT_MOUNT_OPTIONS"
>  	;;
>      reiserfs)
> +	export SELINUX_MOUNT_OPTIONS
>  	# acls & xattrs aren't turned on by default on reiserfs
>  	export MOUNT_OPTIONS="-o acl,user_xattr $REISERFS_MOUNT_OPTIONS"
>  	;;
>      gfs2)
> +	export SELINUX_MOUNT_OPTIONS
>  	# acls aren't turned on by default on gfs2
>  	export MOUNT_OPTIONS="-o acl $GFS2_MOUNT_OPTIONS"
>  	;;

shouldn't the "export SELINUX_MOUNT_OPTIONS" simply move to common code?

Re: [PATCH] xfstests: mount other filesystems with selinux context as well

[Eric Sandeen]

On 11/28/11 5:02 AM, Christoph Hellwig wrote:
> On Wed, Nov 23, 2011 at 11:50:26AM -0600, Eric Sandeen wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> For some reason, non-xfs filesystems aren't getting mounted with
>> the selinux context; perhaps because none of the xattr tests used
>> to work on anything but xfs?
>>
>> Anyway, 062 fails for extN unless we mount with the fs-wide
>> context.
>>
>> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
>> - ---
>>
>> diff --git a/common.rc b/common.rc
>> index cab0b64..5998ff2 100644
>> - --- a/common.rc
>> +++ b/common.rc
>> @@ -86,14 +86,17 @@ _mount_opts()
>>  	export MOUNT_OPTIONS=$NFS_MOUNT_OPTIONS
>>  	;;
>>      ext2|ext3|ext4|ext4dev)
>> - -	# acls & xattrs aren't turned on by default on ext$FOO
>> +	export SELINUX_MOUNT_OPTIONS
>> +	# acls & xattrs aren't turned on by default on ext$FOO in old kernels
>>  	export MOUNT_OPTIONS="-o acl,user_xattr $EXT_MOUNT_OPTIONS"
>>  	;;
>>      reiserfs)
>> +	export SELINUX_MOUNT_OPTIONS
>>  	# acls & xattrs aren't turned on by default on reiserfs
>>  	export MOUNT_OPTIONS="-o acl,user_xattr $REISERFS_MOUNT_OPTIONS"
>>  	;;
>>      gfs2)
>> +	export SELINUX_MOUNT_OPTIONS
>>  	# acls aren't turned on by default on gfs2
>>  	export MOUNT_OPTIONS="-o acl $GFS2_MOUNT_OPTIONS"
>>  	;;
> 
> shouldn't the "export SELINUX_MOUNT_OPTIONS" simply move to common code?

I wasn't sure if nfs would grok it.

-Eric

Re: [PATCH] xfstests: mount other filesystems with selinux context as well

[Christoph Hellwig]

On Thu, Jan 19, 2012 at 12:37:48PM -0600, Eric Sandeen wrote:
> > shouldn't the "export SELINUX_MOUNT_OPTIONS" simply move to common code?
> 
> I wasn't sure if nfs would grok it.

I don't think it does - selinux needs special handling for filesystems
that do not support xattrs.

[PATCH V2] xfstests: mount other filesystems with selinux context as well

[Eric Sandeen]

For some reason, non-xfs filesystems aren't getting mounted with
the selinux context; perhaps because none of the xattr tests used
to work on anything but xfs?

Anyway, 062 fails for extN unless we mount with the fs-wide
context.

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
---

ps: eparis says this should work for NFS as well, let's go for
it and if infrequently tested filesystems have trouble we can
exclude them as necessary.

diff --git a/common.rc b/common.rc
index 6231457..602513a 100644
--- a/common.rc
+++ b/common.rc
@@ -72,11 +72,11 @@ _mount_opts()
     # nfs_t is a "liberal" context so we can use it.
     if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
 	SELINUX_MOUNT_OPTIONS="-o context=system_u:object_r:nfs_t:s0"
+	export SELINUX_MOUNT_OPTIONS
     fi
 
     case $FSTYP in
     xfs)
-	export SELINUX_MOUNT_OPTIONS
 	export MOUNT_OPTIONS=$XFS_MOUNT_OPTIONS
 	;;
     udf)

Re: [PATCH V2] xfstests: mount other filesystems with selinux context as well

[Christoph Hellwig]

On Wed, Jan 25, 2012 at 03:11:39PM -0600, Eric Sandeen wrote:
> For some reason, non-xfs filesystems aren't getting mounted with
> the selinux context; perhaps because none of the xattr tests used
> to work on anything but xfs?
> 
> Anyway, 062 fails for extN unless we mount with the fs-wide
> context.
> 
> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
> ---
> 
> ps: eparis says this should work for NFS as well, let's go for
> it and if infrequently tested filesystems have trouble we can
> exclude them as necessary.

Verifying that assumption isn't hard, please do it.

Re: [PATCH V2] xfstests: mount other filesystems with selinux context as well

[Eric Sandeen]

On 1/25/12 3:14 PM, Christoph Hellwig wrote:
> On Wed, Jan 25, 2012 at 03:11:39PM -0600, Eric Sandeen wrote:
>> For some reason, non-xfs filesystems aren't getting mounted with
>> the selinux context; perhaps because none of the xattr tests used
>> to work on anything but xfs?
>>
>> Anyway, 062 fails for extN unless we mount with the fs-wide
>> context.
>>
>> Signed-off-by: Eric Sandeen <sandeen@redhat.com>
>> ---
>>
>> ps: eparis says this should work for NFS as well, let's go for
>> it and if infrequently tested filesystems have trouble we can
>> exclude them as necessary.
> 
> Verifying that assumption isn't hard, please do it.
> 

# mount -t nfs -o context=system_u:object_r:nfs_t:s0 localhost:/mnt/export /mnt/test
# grep /mnt/export /proc/mounts 
localhost:/mnt/export /mnt/test nfs4 rw,context=system_u:object_r:nfs_t:s0,relatime,vers=4,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=127.0.0.1,minorversion=0,local_lock=none,addr=127.0.0.1 0 0

Re: [PATCH V2] xfstests: mount other filesystems with selinux context as well

[Christoph Hellwig]

In that case the update patch is fine with me,

Reviewed-by: Christoph Hellwig <hch@lst.de>