Bug 691389

Summary: SELinux labels don't work over guestmount (FUSE)
Product: [Community] Virtualization Tools Reporter: Richard W.M. Jones <rjones>
Component: libguestfsAssignee: Richard W.M. Jones <rjones>
Status: ASSIGNED --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: leiwang, mbooth, qwan, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Description Flags
Regression test for (unfixed) bug 814933. none

Description Richard W.M. Jones 2011-03-28 08:35:20 EDT
Description of problem:

If you use guestmount to mount a filesystem that contains
extended attributes (xattrs) or ACLs, then you cannot "see"
these on the host side under the mount point.  This is not
exactly unexpected: on the appliance side you have to mount
the filesystem with the -o acl and -o user_xattr options
if you expect to see ACLs and xattrs, and we were not doing
this, so libguestfs would never see them.  (Note that ACLs
are implemented on Linux using xattrs).

I added a third sub-parameter to the --mount flag allowing
mount options to be specified.  Now you can do:

 -m /dev/sda1:/:acl,user_xattr

However, even with this extra flag, the xattrs (and hence
ACLs) were not being passed over to the host side.  It
appears that our code contains a bug which causes the
syscall to fail badly.  For example stracing 'getfattr'

lstat("user_xattr", {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
listxattr("user_xattr", (nil), 0)       = -1 ERANGE (Numerical result out of range)

Obviously the ERANGE error really shouldn't be happening

Version-Release number of selected component (if applicable):

libguestfs 1.9.13.

How reproducible:


Steps to Reproduce:
1. Create a test filesystem containing some files with xattrs.
2. Mount it using guestmount.
3. Try to use getfattr command on the host side.
Actual results:

getfattr dies with "Numerical result out of range" error.

Expected results:

Should pass through the xattrs, ACLs etc with fidelity.

Additional info:

Original bug report was
Comment 1 Richard W.M. Jones 2011-03-28 08:38:59 EDT
This patch allows mount options to be specified:
Comment 3 Richard W.M. Jones 2011-03-28 12:35:43 EDT
Upstream commits which fix reading:


Since I have not tested writing/setting extended attributes
or ACLs, leaving the bug in MODIFIED for now.
Comment 4 Richard W.M. Jones 2012-04-21 10:54:28 EDT
*** Bug 814933 has been marked as a duplicate of this bug. ***
Comment 5 Richard W.M. Jones 2012-04-21 10:55:17 EDT
Set back to ASSIGNED to indicate this bug isn't fully fixed.
Comment 6 Richard W.M. Jones 2012-04-21 10:56:47 EDT
Created attachment 579191 [details]
Regression test for (unfixed) bug 814933.

Regression test for (unfixed) bug 814933.  This test runs
emacs in batch mode to edit a file, demonstrating that
it fails with an selinux error.