Bug 691389 - SELinux labels don't work over guestmount (FUSE)
SELinux labels don't work over guestmount (FUSE)
Status: ASSIGNED
Product: Virtualization Tools
Classification: Community
Component: libguestfs (Show other bugs)
unspecified
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Richard W.M. Jones
:
: 814933 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-03-28 08:35 EDT by Richard W.M. Jones
Modified: 2013-07-28 21:34 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Regression test for (unfixed) bug 814933. (3.07 KB, patch)
2012-04-21 10:56 EDT, Richard W.M. Jones
no flags Details | Diff

  None (edit)
Description Richard W.M. Jones 2011-03-28 08:35:20 EDT
Description of problem:

If you use guestmount to mount a filesystem that contains
extended attributes (xattrs) or ACLs, then you cannot "see"
these on the host side under the mount point.  This is not
exactly unexpected: on the appliance side you have to mount
the filesystem with the -o acl and -o user_xattr options
if you expect to see ACLs and xattrs, and we were not doing
this, so libguestfs would never see them.  (Note that ACLs
are implemented on Linux using xattrs).

I added a third sub-parameter to the --mount flag allowing
mount options to be specified.  Now you can do:

 -m /dev/sda1:/:acl,user_xattr

However, even with this extra flag, the xattrs (and hence
ACLs) were not being passed over to the host side.  It
appears that our code contains a bug which causes the
syscall to fail badly.  For example stracing 'getfattr'
shows:

lstat("user_xattr", {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
listxattr("user_xattr", (nil), 0)       = -1 ERANGE (Numerical result out of range)

Obviously the ERANGE error really shouldn't be happening
there.

Version-Release number of selected component (if applicable):

libguestfs 1.9.13.

How reproducible:

Always.

Steps to Reproduce:
1. Create a test filesystem containing some files with xattrs.
2. Mount it using guestmount.
3. Try to use getfattr command on the host side.
  
Actual results:

getfattr dies with "Numerical result out of range" error.

Expected results:

Should pass through the xattrs, ACLs etc with fidelity.

Additional info:

Original bug report was
https://www.redhat.com/archives/libguestfs/2011-March/msg00126.html
Comment 1 Richard W.M. Jones 2011-03-28 08:38:59 EDT
This patch allows mount options to be specified:
https://www.redhat.com/archives/libguestfs/2011-March/msg00134.html
Comment 3 Richard W.M. Jones 2011-03-28 12:35:43 EDT
Upstream commits which fix reading:

http://git.annexia.org/?p=libguestfs.git;a=commitdiff;h=4e529e06a4500959cd783f5029354fea47a253a6
http://git.annexia.org/?p=libguestfs.git;a=commitdiff;h=0d6fd9e1d2488841c912c5351086e536772837ef

Since I have not tested writing/setting extended attributes
or ACLs, leaving the bug in MODIFIED for now.
Comment 4 Richard W.M. Jones 2012-04-21 10:54:28 EDT
*** Bug 814933 has been marked as a duplicate of this bug. ***
Comment 5 Richard W.M. Jones 2012-04-21 10:55:17 EDT
Set back to ASSIGNED to indicate this bug isn't fully fixed.
Comment 6 Richard W.M. Jones 2012-04-21 10:56:47 EDT
Created attachment 579191 [details]
Regression test for (unfixed) bug 814933.

Regression test for (unfixed) bug 814933.  This test runs
emacs in batch mode to edit a file, demonstrating that
it fails with an selinux error.

Note You need to log in before you can comment on or make changes to this bug.