From: Gwendal Grignou <gwendal@chromium.org>
To: eguan@redhat.com
Cc: fstests@vger.kernel.org
Subject: [PATCH] Make SELinux protection conditional
Date: Mon, 6 Mar 2017 14:14:16 -0800 [thread overview]
Message-ID: <20170306221416.18520-1-gwendal@chromium.org> (raw)
In-Reply-To: <20170127211003.ypphb36xhsn4vczq@thunk.org>
When selinux utilities are present, xfstests add options to help circumvent
selinux protection. However, on Chrome OS, it leads to the opposite effect,
when it prevents mount to succeed.
BUG=chromium:669641
TEST=xfstest test ext4/001 completes where it use to display:
common/rc: could not mount /dev/loop29 on /usr/local/autotest/tmp/xfstests_TEST
Signed-off-by: Gwendal Grignou <gwendal@chromium.org>
---
common/config | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/common/config b/common/config
index fb60216c..0c7335ad 100644
--- a/common/config
+++ b/common/config
@@ -35,6 +35,7 @@
# RMT_TAPE_DEV - the remote tape device for the xfsdump tests
# RMT_IRIXTAPE_DEV- the IRIX remote tape device for the xfsdump tests
# RMT_TAPE_USER - remote user for tape device
+# SELINUX_MOUNT_OPTIONS - Options to use when SELinux is enabled.
#
# - These can be added to $HOST_CONFIG_DIR (witch default to ./config)
# below or a separate local configuration file can be used (using
@@ -262,7 +263,7 @@ esac
# So, mount with a context, and they won't be created
# # nfs_t is a "liberal" context so we can use it.
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
- SELINUX_MOUNT_OPTIONS="-o context=system_u:object_r:nfs_t:s0"
+ : ${SELINUX_MOUNT_OPTIONS:="-o context=system_u:object_r:nfs_t:s0"}
export SELINUX_MOUNT_OPTIONS
fi
--
2.12.0.rc1.440.g5b76565f74-goog
next prev parent reply other threads:[~2017-03-06 22:14 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-23 17:57 xfstest and chromeos Gwendal Grignou
2017-01-26 5:14 ` Eryu Guan
2017-01-26 7:17 ` Mike Frysinger
2017-01-27 3:45 ` Theodore Ts'o
2017-01-27 8:40 ` Mike Frysinger
2017-01-27 16:37 ` Theodore Ts'o
2017-01-27 18:02 ` Mike Frysinger
2017-01-27 19:31 ` Gwendal Grignou
2017-01-27 21:10 ` Theodore Ts'o
2017-03-06 22:14 ` Gwendal Grignou [this message]
2017-03-07 0:56 ` Mike Frysinger
2017-03-20 21:20 ` [PATCH] Code to allow cros-compilation on chromeOS Gwendal Grignou
2017-03-24 4:23 ` Eryu Guan
2017-03-24 23:53 ` Gwendal Grignou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170306221416.18520-1-gwendal@chromium.org \
--to=gwendal@chromium.org \
--cc=eguan@redhat.com \
--cc=fstests@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.