Bug 691389 - SELinux labels don't work over guestmount (FUSE)
SELinux labels don't work over guestmount (FUSE)
Product: Virtualization Tools
Classification: Community
Component: libguestfs (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Richard W.M. Jones
: 814933 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2011-03-28 08:35 EDT by Richard W.M. Jones
Modified: 2013-07-28 21:34 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Regression test for (unfixed) bug 814933. (3.07 KB, patch)
2012-04-21 10:56 EDT, Richard W.M. Jones
no flags Details | Diff

  None (edit)
Description Richard W.M. Jones 2011-03-28 08:35:20 EDT
Description of problem:

If you use guestmount to mount a filesystem that contains
extended attributes (xattrs) or ACLs, then you cannot "see"
these on the host side under the mount point.  This is not
exactly unexpected: on the appliance side you have to mount
the filesystem with the -o acl and -o user_xattr options
if you expect to see ACLs and xattrs, and we were not doing
this, so libguestfs would never see them.  (Note that ACLs
are implemented on Linux using xattrs).

I added a third sub-parameter to the --mount flag allowing
mount options to be specified.  Now you can do:

 -m /dev/sda1:/:acl,user_xattr

However, even with this extra flag, the xattrs (and hence
ACLs) were not being passed over to the host side.  It
appears that our code contains a bug which causes the
syscall to fail badly.  For example stracing 'getfattr'

lstat("user_xattr", {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
listxattr("user_xattr", (nil), 0)       = -1 ERANGE (Numerical result out of range)

Obviously the ERANGE error really shouldn't be happening

Version-Release number of selected component (if applicable):

libguestfs 1.9.13.

How reproducible:


Steps to Reproduce:
1. Create a test filesystem containing some files with xattrs.
2. Mount it using guestmount.
3. Try to use getfattr command on the host side.
Actual results:

getfattr dies with "Numerical result out of range" error.

Expected results:

Should pass through the xattrs, ACLs etc with fidelity.

Additional info:

Original bug report was
Comment 1 Richard W.M. Jones 2011-03-28 08:38:59 EDT
This patch allows mount options to be specified:
Comment 3 Richard W.M. Jones 2011-03-28 12:35:43 EDT
Upstream commits which fix reading:


Since I have not tested writing/setting extended attributes
or ACLs, leaving the bug in MODIFIED for now.
Comment 4 Richard W.M. Jones 2012-04-21 10:54:28 EDT
*** Bug 814933 has been marked as a duplicate of this bug. ***
Comment 5 Richard W.M. Jones 2012-04-21 10:55:17 EDT
Set back to ASSIGNED to indicate this bug isn't fully fixed.
Comment 6 Richard W.M. Jones 2012-04-21 10:56:47 EDT
Created attachment 579191 [details]
Regression test for (unfixed) bug 814933.

Regression test for (unfixed) bug 814933.  This test runs
emacs in batch mode to edit a file, demonstrating that
it fails with an selinux error.

Note You need to log in before you can comment on or make changes to this bug.