| Summary: | SELinux labels don't work over guestmount (FUSE) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Community] Virtualization Tools | Reporter: | Richard W.M. Jones <rjones> | ||||
| Component: | libguestfs | Assignee: | Richard W.M. Jones <rjones> | ||||
| Status: | ASSIGNED --- | QA Contact: | |||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | unspecified | CC: | leiwang, qwan, virt-maint | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | Type: | --- | |||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
Description of problem: If you use guestmount to mount a filesystem that contains extended attributes (xattrs) or ACLs, then you cannot "see" these on the host side under the mount point. This is not exactly unexpected: on the appliance side you have to mount the filesystem with the -o acl and -o user_xattr options if you expect to see ACLs and xattrs, and we were not doing this, so libguestfs would never see them. (Note that ACLs are implemented on Linux using xattrs). I added a third sub-parameter to the --mount flag allowing mount options to be specified. Now you can do: -m /dev/sda1:/:acl,user_xattr However, even with this extra flag, the xattrs (and hence ACLs) were not being passed over to the host side. It appears that our code contains a bug which causes the syscall to fail badly. For example stracing 'getfattr' shows: lstat("user_xattr", {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 listxattr("user_xattr", (nil), 0) = -1 ERANGE (Numerical result out of range) Obviously the ERANGE error really shouldn't be happening there. Version-Release number of selected component (if applicable): libguestfs 1.9.13. How reproducible: Always. Steps to Reproduce: 1. Create a test filesystem containing some files with xattrs. 2. Mount it using guestmount. 3. Try to use getfattr command on the host side. Actual results: getfattr dies with "Numerical result out of range" error. Expected results: Should pass through the xattrs, ACLs etc with fidelity. Additional info: Original bug report was https://www.redhat.com/archives/libguestfs/2011-March/msg00126.html