Bug 466701
| Summary: | RFE: an error when mounting the same NFS mount with different SELinux contexts | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Murray McAllister <mmcallis> | ||||||
| Component: | kernel | Assignee: | Eric Paris <eparis> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Red Hat Kernel QE team <kernel-qe> | ||||||
| Severity: | low | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | 5.2 | CC: | dwalsh, dzickus, eparis, jlayton, kzak, steved, syeghiay, vdanen | ||||||
| Target Milestone: | rc | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2009-09-02 08:57:00 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Dan, Any ideas? I think Eric can explain this. Sadly this is expected behaviour. This is because I completely rewrote FS mounting since RHEL5 upstream. I'll see what we can do. I do not plan to fail the mount. And as you know you can get the expected behaviour with nosharecache or whatever that black magic to not share superblocks is... Updating PM score. Created attachment 334585 [details]
patch to printk a warning when selinux options don't match
jlayton has comments on list and I'm going to have to send a -v2. Moving back to assigned. This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. in kernel-2.6.18-152.el5 You can download this test kernel from http://people.redhat.com/dzickus/el5 Please do NOT transition this bugzilla state to VERIFIED until our QE team has sent specific instructions indicating when to do so. However feel free to provide a comment indicating that this fix has been verified. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2009-1243.html |
Created attachment 320157 [details] testing multiple NFS mounts on Red Hat Enterprise Linux 5 and Rawhide Description of problem: No error occurs when mounting the same NFS mount with different SELinux contexts. The second mount point uses the same context as the the first. Version-Release number of selected component (if applicable): * Red Hat Enterprise Linux Client release 5.2 (Tikanga) * util-linux-2.13-0.47.el5 * nfs-utils-lib-1.0.8-7.2.z2 * nfs-utils-1.0.9-35z.el5_2 * portmap-4.0-65.2.2.1 * policycoreutils-1.33.12-14.el5 * libselinux-devel-1.33.4-5.el5 * libselinux-python-1.33.4-5.el5 * libselinux-1.33.4-5.el5 * selinux-policy-targeted-2.4.6-137.1.el5_2 * selinux-policy-2.4.6-137.1.el5_2 How reproducible: Always. Steps to Reproduce: 1. Make 3 directories: /export, /test, /test1 2. add "/export *(ro)" to /etc/exports 3. Mount /export to /test using -o context. 4. Mount /export to /test1 using a different context. See attached for tests. Actual results: First mount uses the context specified with -o context. Second mount point uses the context specified by the first mount command. Expected results: An error similar to what is in Rawhide (see below). Additional info: Errors occur on Rawhide. Terminal shows: mount.nfs: an incorrect mount option was specified /var/log/messages: localhost kernel: SELinux: mount invalid. Same superblock, different security settings for (dev 0:14, type nfs) See attached for tests.