* f2fs xattr and SELinux
@ 2013-12-01 17:09 Konstantin Dorfman
0 siblings, 0 replies; 5+ messages in thread
From: Konstantin Dorfman @ 2013-12-01 17:09 UTC (permalink / raw)
To: linux-fsdevel, Jaegeuk Kim
Hi all,
I'm trying to use f2fs xattr with SELinux (on android) and getting
following error:
root# restorecon -Rv /data
Relabeling /data from u:object_r:unlabeled:s0 to
u:object_r:system_data_file:s0.
Could not label /data with u:object_r:system_data_file:s0: Operation not
supported on transport endpoint
Also, output of `ls -Z` command (all files/dirs are unlabeled):
root# ls -Z /data
drwxrwx--x system system u:object_r:unlabeled:s0 app
drwxr-x--x root root u:object_r:unlabeled:s0 app_tests
drwxr-x--x root root u:object_r:unlabeled:s0 audio-encode
drwxr-x--x root root u:object_r:unlabeled:s0 busybox
drwxrwx--x system system u:object_r:unlabeled:s0 connectivity
drwxr-x--x root root u:object_r:unlabeled:s0 data_test
drwxr-x--x root root u:object_r:unlabeled:s0 evt-test
drwxr-x--x root root u:object_r:unlabeled:s0 fstest
drwxr-x--x root root u:object_r:unlabeled:s0 gps-test
drwxr-x--x root root u:object_r:unlabeled:s0 graphics_tests
drwxr-x--x root root u:object_r:unlabeled:s0
instrumentation_tests
drwxr-x--x root root u:object_r:unlabeled:s0 kernel-tests
drwxrwx--- root root u:object_r:unlabeled:s0 lost+found
drwxrwx--- media_rw media_rw u:object_r:unlabeled:s0 media
mount output is:
/dev/block/bootdevice/by-name/userdata /data f2fs
rw,nosuid,nodev,relatime,background_gc_on,discard,user_xattr,acl,active_logs=6
0 0
Any comments/ideas about why xattr is not working for me on f2fs?
Thanks,
Kostya
--
sent by an employee of the Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
hosted by The Linux Foundation
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: f2fs xattr and SELinux
@ 2013-12-02 0:09 Jaegeuk Kim
2013-12-02 15:00 ` Konstantin Dorfman
2013-12-03 16:31 ` Konstantin Dorfman
0 siblings, 2 replies; 5+ messages in thread
From: Jaegeuk Kim @ 2013-12-02 0:09 UTC (permalink / raw)
To: Konstantin Dorfman, linux-fsdevel@vger.kernel.org,
김재극
Hi,
Could you check the config of F2FS?
There should be a seclabel config.
Thanks,
------- Original Message -------
Sender : Konstantin Dorfman<kdorfman@codeaurora.org>
Date : 2013-12-02 02:09 (GMT+09:00)
Title : f2fs xattr and SELinux
Hi all,
I'm trying to use f2fs xattr with SELinux (on android) and getting
following error:
root# restorecon -Rv /data
Relabeling /data from u:object_r:unlabeled:s0 to
u:object_r:system_data_file:s0.
Could not label /data with u:object_r:system_data_file:s0: Operation not
supported on transport endpoint
Also, output of `ls -Z` command (all files/dirs are unlabeled):
root# ls -Z /data
drwxrwx--x system system u:object_r:unlabeled:s0 app
drwxr-x--x root root u:object_r:unlabeled:s0 app_tests
drwxr-x--x root root u:object_r:unlabeled:s0 audio-encode
drwxr-x--x root root u:object_r:unlabeled:s0 busybox
drwxrwx--x system system u:object_r:unlabeled:s0 connectivity
drwxr-x--x root root u:object_r:unlabeled:s0 data_test
drwxr-x--x root root u:object_r:unlabeled:s0 evt-test
drwxr-x--x root root u:object_r:unlabeled:s0 fstest
drwxr-x--x root root u:object_r:unlabeled:s0 gps-test
drwxr-x--x root root u:object_r:unlabeled:s0 graphics_tests
drwxr-x--x root root u:object_r:unlabeled:s0
instrumentation_tests
drwxr-x--x root root u:object_r:unlabeled:s0 kernel-tests
drwxrwx--- root root u:object_r:unlabeled:s0 lost+found
drwxrwx--- media_rw media_rw u:object_r:unlabeled:s0 media
mount output is:
/dev/block/bootdevice/by-name/userdata /data f2fs
rw,nosuid,nodev,relatime,background_gc_on,discard,user_xattr,acl,active_logs=6
0 0
Any comments/ideas about why xattr is not working for me on f2fs?
Thanks,
Kostya
--
sent by an employee of the Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
hosted by The Linux Foundation
-------------
Jaegeuk Kim,
Memory Solutions Lab.,
Memory Division, Samsung Electronics,
Mobile: +82-10-8853-7679
Email: jaegeuk.kim@samsung.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: f2fs xattr and SELinux
2013-12-02 0:09 Jaegeuk Kim
@ 2013-12-02 15:00 ` Konstantin Dorfman
2013-12-03 16:31 ` Konstantin Dorfman
1 sibling, 0 replies; 5+ messages in thread
From: Konstantin Dorfman @ 2013-12-02 15:00 UTC (permalink / raw)
To: jaegeuk.kim, linux-fsdevel@vger.kernel.org
Hello Jaegeuk,
What is seclabel config of F2FS partition?
I do not see seclabel mount option for /data partition (f2fs type),
while there is such option for ext4.
Thanks,
Kostya
On 12/02/2013 02:09 AM, Jaegeuk Kim wrote:
> Hi,
>
> Could you check the config of F2FS?
> There should be a seclabel config.
> Thanks,
>
>
> ------- Original Message -------
> Sender : Konstantin Dorfman<kdorfman@codeaurora.org>
> Date : 2013-12-02 02:09 (GMT+09:00)
> Title : f2fs xattr and SELinux
>
> Hi all,
>
> I'm trying to use f2fs xattr with SELinux (on android) and getting
> following error:
>
> root# restorecon -Rv /data
> Relabeling /data from u:object_r:unlabeled:s0 to
> u:object_r:system_data_file:s0.
> Could not label /data with u:object_r:system_data_file:s0: Operation not
> supported on transport endpoint
>
> Also, output of `ls -Z` command (all files/dirs are unlabeled):
>
> root# ls -Z /data
> drwxrwx--x system system u:object_r:unlabeled:s0 app
> drwxr-x--x root root u:object_r:unlabeled:s0 app_tests
> drwxr-x--x root root u:object_r:unlabeled:s0 audio-encode
> drwxr-x--x root root u:object_r:unlabeled:s0 busybox
> drwxrwx--x system system u:object_r:unlabeled:s0 connectivity
> drwxr-x--x root root u:object_r:unlabeled:s0 data_test
> drwxr-x--x root root u:object_r:unlabeled:s0 evt-test
> drwxr-x--x root root u:object_r:unlabeled:s0 fstest
> drwxr-x--x root root u:object_r:unlabeled:s0 gps-test
> drwxr-x--x root root u:object_r:unlabeled:s0 graphics_tests
> drwxr-x--x root root u:object_r:unlabeled:s0
> instrumentation_tests
> drwxr-x--x root root u:object_r:unlabeled:s0 kernel-tests
> drwxrwx--- root root u:object_r:unlabeled:s0 lost+found
> drwxrwx--- media_rw media_rw u:object_r:unlabeled:s0 media
>
> mount output is:
> /dev/block/bootdevice/by-name/userdata /data f2fs
> rw,nosuid,nodev,relatime,background_gc_on,discard,user_xattr,acl,active_logs=6
> 0 0
>
> Any comments/ideas about why xattr is not working for me on f2fs?
>
> Thanks,
> Kostya
>
--
sent by an employee of the Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
hosted by The Linux Foundation
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: f2fs xattr and SELinux
2013-12-02 0:09 Jaegeuk Kim
2013-12-02 15:00 ` Konstantin Dorfman
@ 2013-12-03 16:31 ` Konstantin Dorfman
2013-12-04 8:02 ` Jaegeuk Kim
1 sibling, 1 reply; 5+ messages in thread
From: Konstantin Dorfman @ 2013-12-03 16:31 UTC (permalink / raw)
To: jaegeuk.kim, linux-fsdevel@vger.kernel.org
Hello all,
As I can see from the code of system/extras/ext4_utils/make_ext4fs.c (it
is utility to create android ext4 images from Google):
...
ret = inode_set_selinux(entry_inode, dentries[i].secon);
if (ret)
error("failed to set SELinux context on %s\n", dentries[i].path);
...
This utility creates security context per file on target filesystem,
while running in userspace.
I'm looking for similar process for f2fs filesystem. Probably this
process will create seclabel configuration for F2FS.
Any ideas?
Thanks,
Kostya
On 12/02/2013 02:09 AM, Jaegeuk Kim wrote:
> Hi,
>
> Could you check the config of F2FS?
> There should be a seclabel config.
> Thanks,
>
>
> ------- Original Message -------
> Sender : Konstantin Dorfman<kdorfman@codeaurora.org>
> Date : 2013-12-02 02:09 (GMT+09:00)
> Title : f2fs xattr and SELinux
>
> Hi all,
>
> I'm trying to use f2fs xattr with SELinux (on android) and getting
> following error:
>
> root# restorecon -Rv /data
> Relabeling /data from u:object_r:unlabeled:s0 to
> u:object_r:system_data_file:s0.
> Could not label /data with u:object_r:system_data_file:s0: Operation not
> supported on transport endpoint
>
> Also, output of `ls -Z` command (all files/dirs are unlabeled):
>
> root# ls -Z /data
> drwxrwx--x system system u:object_r:unlabeled:s0 app
> drwxr-x--x root root u:object_r:unlabeled:s0 app_tests
> drwxr-x--x root root u:object_r:unlabeled:s0 audio-encode
> drwxr-x--x root root u:object_r:unlabeled:s0 busybox
> drwxrwx--x system system u:object_r:unlabeled:s0 connectivity
> drwxr-x--x root root u:object_r:unlabeled:s0 data_test
> drwxr-x--x root root u:object_r:unlabeled:s0 evt-test
> drwxr-x--x root root u:object_r:unlabeled:s0 fstest
> drwxr-x--x root root u:object_r:unlabeled:s0 gps-test
> drwxr-x--x root root u:object_r:unlabeled:s0 graphics_tests
> drwxr-x--x root root u:object_r:unlabeled:s0
> instrumentation_tests
> drwxr-x--x root root u:object_r:unlabeled:s0 kernel-tests
> drwxrwx--- root root u:object_r:unlabeled:s0 lost+found
> drwxrwx--- media_rw media_rw u:object_r:unlabeled:s0 media
>
> mount output is:
> /dev/block/bootdevice/by-name/userdata /data f2fs
> rw,nosuid,nodev,relatime,background_gc_on,discard,user_xattr,acl,active_logs=6
> 0 0
>
> Any comments/ideas about why xattr is not working for me on f2fs?
>
> Thanks,
> Kostya
>
--
sent by an employee of the Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
hosted by The Linux Foundation
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: f2fs xattr and SELinux
2013-12-03 16:31 ` Konstantin Dorfman
@ 2013-12-04 8:02 ` Jaegeuk Kim
0 siblings, 0 replies; 5+ messages in thread
From: Jaegeuk Kim @ 2013-12-04 8:02 UTC (permalink / raw)
To: Konstantin Dorfman; +Cc: linux-fsdevel@vger.kernel.org
Hi,
The following patch is to support security labels.
commit 8ae8f1627f39bae505b90cade50cd8a911b8bda6
Author: Jaegeuk Kim <jaegeuk.kim@samsung.com>
Date: Mon Jun 3 19:46:19 2013 +0900
f2fs: support xattr security labels
Please use the latest f2fs source codes.
Thanks,
This patch adds the support of security labels for f2fs, which will
be used
by Linus Security Models (LSMs).
Quote from http://en.wikipedia.org/wiki/Linux_Security_Modules:
"Linux Security Modules (LSM) is a framework that allows the Linux
kernel to
support a variety of computer security models while avoiding
favoritism toward
any single security implementation. The framework is licensed under
the terms of
the GNU General Public License and is standard part of the Linux
kernel since
Linux 2.6. AppArmor, SELinux, Smack and TOMOYO Linux are the
currently accepted
modules in the official kernel.".
Signed-off-by: Jaegeuk Kim <jaegeuk.kim@samsung.com>
2013-12-03 (화), 18:31 +0200, Konstantin Dorfman:
> Hello all,
>
> As I can see from the code of system/extras/ext4_utils/make_ext4fs.c (it
> is utility to create android ext4 images from Google):
> ...
> ret = inode_set_selinux(entry_inode, dentries[i].secon);
> if (ret)
> error("failed to set SELinux context on %s\n", dentries[i].path);
> ...
>
> This utility creates security context per file on target filesystem,
> while running in userspace.
> I'm looking for similar process for f2fs filesystem. Probably this
> process will create seclabel configuration for F2FS.
>
> Any ideas?
>
> Thanks,
> Kostya
>
> On 12/02/2013 02:09 AM, Jaegeuk Kim wrote:
> > Hi,
> >
> > Could you check the config of F2FS?
> > There should be a seclabel config.
> > Thanks,
> >
> >
> > ------- Original Message -------
> > Sender : Konstantin Dorfman<kdorfman@codeaurora.org>
> > Date : 2013-12-02 02:09 (GMT+09:00)
> > Title : f2fs xattr and SELinux
> >
> > Hi all,
> >
> > I'm trying to use f2fs xattr with SELinux (on android) and getting
> > following error:
> >
> > root# restorecon -Rv /data
> > Relabeling /data from u:object_r:unlabeled:s0 to
> > u:object_r:system_data_file:s0.
> > Could not label /data with u:object_r:system_data_file:s0: Operation not
> > supported on transport endpoint
> >
> > Also, output of `ls -Z` command (all files/dirs are unlabeled):
> >
> > root# ls -Z /data
> > drwxrwx--x system system u:object_r:unlabeled:s0 app
> > drwxr-x--x root root u:object_r:unlabeled:s0 app_tests
> > drwxr-x--x root root u:object_r:unlabeled:s0 audio-encode
> > drwxr-x--x root root u:object_r:unlabeled:s0 busybox
> > drwxrwx--x system system u:object_r:unlabeled:s0 connectivity
> > drwxr-x--x root root u:object_r:unlabeled:s0 data_test
> > drwxr-x--x root root u:object_r:unlabeled:s0 evt-test
> > drwxr-x--x root root u:object_r:unlabeled:s0 fstest
> > drwxr-x--x root root u:object_r:unlabeled:s0 gps-test
> > drwxr-x--x root root u:object_r:unlabeled:s0 graphics_tests
> > drwxr-x--x root root u:object_r:unlabeled:s0
> > instrumentation_tests
> > drwxr-x--x root root u:object_r:unlabeled:s0 kernel-tests
> > drwxrwx--- root root u:object_r:unlabeled:s0 lost+found
> > drwxrwx--- media_rw media_rw u:object_r:unlabeled:s0 media
> >
> > mount output is:
> > /dev/block/bootdevice/by-name/userdata /data f2fs
> > rw,nosuid,nodev,relatime,background_gc_on,discard,user_xattr,acl,active_logs=6
> > 0 0
> >
> > Any comments/ideas about why xattr is not working for me on f2fs?
> >
> > Thanks,
> > Kostya
> >
>
>
--
Jaegeuk Kim
Samsung
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-12-04 8:03 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-12-01 17:09 f2fs xattr and SELinux Konstantin Dorfman
-- strict thread matches above, loose matches on Subject: below --
2013-12-02 0:09 Jaegeuk Kim
2013-12-02 15:00 ` Konstantin Dorfman
2013-12-03 16:31 ` Konstantin Dorfman
2013-12-04 8:02 ` Jaegeuk Kim
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).