* [PATCH xfstests] _qmount: mount w/o selinux xattrs
@ 2010-07-01 19:58 Eric Sandeen
2010-07-02 7:10 ` Christoph Hellwig
0 siblings, 1 reply; 7+ messages in thread
From: Eric Sandeen @ 2010-07-01 19:58 UTC (permalink / raw)
To: xfs mailing list
when selinux is on it can change quota usage due to extra
xattr blocks.
Mounting with a context prevents this. We already do so
for xfs in general because so many things look at detailed
on-disk format, and extra xattrs confuses those tests.
For other filesystems, we've left selinux alone so far,
as that seemed the best way to test.
However, it throws quota accounting off, so add a fixup
in _qmount()
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
---
diff --git a/common.quota b/common.quota
index d32e285..87a766c 100644
--- a/common.quota
+++ b/common.quota
@@ -131,8 +131,17 @@ _choose_prid()
_qmount()
{
+ # SELinux adds extra xattrs which can mess up our expected usage.
+ # So, mount with a context, and they won't be created
+ # nfs_t is a "liberal" context so we can use it.
+ # Only set it if we didn't inherit SELINUX_MOUNT_OPTIONS for
+ # all mounts anyway.
+ if [ -z "$SELINUX_MOUNT_OPTIONS" -a -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
+ QUOTA_SELINUX_MOUNT_OPTIONS="-o context=system_u:object_r:nfs_t:s0"
+ fi
+
umount $SCRATCH_DEV >/dev/null 2>&1
- _scratch_mount || _fail "qmount failed"
+ _scratch_mount $QUOTA_SELINUX_MOUNT_OPTIONS || _fail "qmount failed"
chmod ugo+rwx $SCRATCH_MNT
}
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [PATCH xfstests] _qmount: mount w/o selinux xattrs
2010-07-01 19:58 [PATCH xfstests] _qmount: mount w/o selinux xattrs Eric Sandeen
@ 2010-07-02 7:10 ` Christoph Hellwig
2010-07-02 17:48 ` Eric Sandeen
0 siblings, 1 reply; 7+ messages in thread
From: Christoph Hellwig @ 2010-07-02 7:10 UTC (permalink / raw)
To: Eric Sandeen; +Cc: xfs mailing list
On Thu, Jul 01, 2010 at 02:58:07PM -0500, Eric Sandeen wrote:
> when selinux is on it can change quota usage due to extra
> xattr blocks.
>
> Mounting with a context prevents this. We already do so
> for xfs in general because so many things look at detailed
> on-disk format, and extra xattrs confuses those tests.
>
> For other filesystems, we've left selinux alone so far,
> as that seemed the best way to test.
>
> However, it throws quota accounting off, so add a fixup
> in _qmount()
What about just disabling selinux for all filesystems instead of just
XFS for the general case.
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH xfstests] _qmount: mount w/o selinux xattrs
2010-07-02 7:10 ` Christoph Hellwig
@ 2010-07-02 17:48 ` Eric Sandeen
2010-07-09 16:12 ` Christoph Hellwig
0 siblings, 1 reply; 7+ messages in thread
From: Eric Sandeen @ 2010-07-02 17:48 UTC (permalink / raw)
To: Christoph Hellwig; +Cc: xfs mailing list
On 07/02/2010 02:10 AM, Christoph Hellwig wrote:
> On Thu, Jul 01, 2010 at 02:58:07PM -0500, Eric Sandeen wrote:
>> when selinux is on it can change quota usage due to extra
>> xattr blocks.
>>
>> Mounting with a context prevents this. We already do so
>> for xfs in general because so many things look at detailed
>> on-disk format, and extra xattrs confuses those tests.
>>
>> For other filesystems, we've left selinux alone so far,
>> as that seemed the best way to test.
>>
>> However, it throws quota accounting off, so add a fixup
>> in _qmount()
>
> What about just disabling selinux for all filesystems instead of just
> XFS for the general case.
Well it seems like if we -can- test with it on, that's good.
Certain distros ship with it on by default, so exercising lots
of scenarios with it on seems beneficial...
-Eric
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH xfstests] _qmount: mount w/o selinux xattrs
2010-07-02 17:48 ` Eric Sandeen
@ 2010-07-09 16:12 ` Christoph Hellwig
2010-07-12 19:29 ` Eric Sandeen
0 siblings, 1 reply; 7+ messages in thread
From: Christoph Hellwig @ 2010-07-09 16:12 UTC (permalink / raw)
To: Eric Sandeen; +Cc: Christoph Hellwig, xfs mailing list
On Fri, Jul 02, 2010 at 12:48:55PM -0500, Eric Sandeen wrote:
> > What about just disabling selinux for all filesystems instead of just
> > XFS for the general case.
>
> Well it seems like if we -can- test with it on, that's good.
> Certain distros ship with it on by default, so exercising lots
> of scenarios with it on seems beneficial...
It seems, but I'd rather do it consistently for all filesystems.
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH xfstests] _qmount: mount w/o selinux xattrs
2010-07-09 16:12 ` Christoph Hellwig
@ 2010-07-12 19:29 ` Eric Sandeen
2010-07-12 22:13 ` Dave Chinner
0 siblings, 1 reply; 7+ messages in thread
From: Eric Sandeen @ 2010-07-12 19:29 UTC (permalink / raw)
To: Christoph Hellwig; +Cc: xfs mailing list
On 07/09/2010 11:12 AM, Christoph Hellwig wrote:
> On Fri, Jul 02, 2010 at 12:48:55PM -0500, Eric Sandeen wrote:
>>> What about just disabling selinux for all filesystems instead of just
>>> XFS for the general case.
>>
>> Well it seems like if we -can- test with it on, that's good.
>> Certain distros ship with it on by default, so exercising lots
>> of scenarios with it on seems beneficial...
>
> It seems, but I'd rather do it consistently for all filesystems.
>
except we can't, because xfs actually has such low-level format checking
that selinux -will- break it badly.
I guess we could flag which tests can't run w/ extra xattrs,
and only mount w/ the context for those?
-Eric
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH xfstests] _qmount: mount w/o selinux xattrs
2010-07-12 19:29 ` Eric Sandeen
@ 2010-07-12 22:13 ` Dave Chinner
2010-07-13 16:40 ` Eric Sandeen
0 siblings, 1 reply; 7+ messages in thread
From: Dave Chinner @ 2010-07-12 22:13 UTC (permalink / raw)
To: Eric Sandeen; +Cc: Christoph Hellwig, xfs mailing list
On Mon, Jul 12, 2010 at 02:29:14PM -0500, Eric Sandeen wrote:
> On 07/09/2010 11:12 AM, Christoph Hellwig wrote
> > On Fri, Jul 02, 2010 at 12:48:55PM -0500, Eric Sandeen wrote:
> >>> What about just disabling selinux for all filesystems instead of just
> >>> XFS for the general case.
> >>
> >> Well it seems like if we -can- test with it on, that's good.
> >> Certain distros ship with it on by default, so exercising lots
> >> of scenarios with it on seems beneficial...
> >
> > It seems, but I'd rather do it consistently for all filesystems.
> >
>
> except we can't, because xfs actually has such low-level format checking
> that selinux -will- break it badly.
>
> I guess we could flag which tests can't run w/ extra xattrs,
> and only mount w/ the context for those?
Maybe use a group to define all the tests that can't run with
selinux enabled and check it before running each test? i.e. use
notrun to prevent such tests from running. The attr group isprobably
a good start for the tests that will break w/ selinux enabled....
Cheers.
Dave.
--
Dave Chinner
david@fromorbit.com
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH xfstests] _qmount: mount w/o selinux xattrs
2010-07-12 22:13 ` Dave Chinner
@ 2010-07-13 16:40 ` Eric Sandeen
0 siblings, 0 replies; 7+ messages in thread
From: Eric Sandeen @ 2010-07-13 16:40 UTC (permalink / raw)
To: Dave Chinner; +Cc: Christoph Hellwig, xfs mailing list
On 07/12/2010 05:13 PM, Dave Chinner wrote:
> On Mon, Jul 12, 2010 at 02:29:14PM -0500, Eric Sandeen wrote:
>> On 07/09/2010 11:12 AM, Christoph Hellwig wrote
>>> On Fri, Jul 02, 2010 at 12:48:55PM -0500, Eric Sandeen wrote:
>>>>> What about just disabling selinux for all filesystems instead of just
>>>>> XFS for the general case.
>>>>
>>>> Well it seems like if we -can- test with it on, that's good.
>>>> Certain distros ship with it on by default, so exercising lots
>>>> of scenarios with it on seems beneficial...
>>>
>>> It seems, but I'd rather do it consistently for all filesystems.
>>>
>>
>> except we can't, because xfs actually has such low-level format checking
>> that selinux -will- break it badly.
>>
>> I guess we could flag which tests can't run w/ extra xattrs,
>> and only mount w/ the context for those?
>
> Maybe use a group to define all the tests that can't run with
> selinux enabled and check it before running each test? i.e. use
> notrun to prevent such tests from running. The attr group isprobably
> a good start for the tests that will break w/ selinux enabled....
Something like that ... but there are more tests than just the attr
group, I'm afraid.
I'd have to re-run to see which break, guess I'll put that on the list.
-Eric
> Cheers.
>
> Dave.
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2010-07-13 16:37 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-07-01 19:58 [PATCH xfstests] _qmount: mount w/o selinux xattrs Eric Sandeen
2010-07-02 7:10 ` Christoph Hellwig
2010-07-02 17:48 ` Eric Sandeen
2010-07-09 16:12 ` Christoph Hellwig
2010-07-12 19:29 ` Eric Sandeen
2010-07-12 22:13 ` Dave Chinner
2010-07-13 16:40 ` Eric Sandeen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.