Red Hat Bugzilla – Bug 823728
selinux block setxattr in CIFS filesystems
Last modified: 2014-03-03 19:08:39 EST
Description of problem:
In CIFS filesystems, when selinux is enforcing, setxattr returns 'permission denied', when selinux is closed, setxattr works well.
Version-Release number of selected component (if applicable):
Set up samba, and mount from client, create a file, and set xattr on it.
In order to create new file, change shared directory's security attribute:
chcon -t samba_share_t /share/directory
sdparm is definitely not the right component, kernel seems more appropriate to me.
Jian Li, please post here the exact commands you run and their outputs, maybe even including lines from /var/log/messages.
I doubt this is a kernel problem either...probably selinux-policy issue, but it's difficult to know for sure. The description doesn't make it clear whether you're disabling selinux on the client or server here to get it working.
sorry, I couldn't manually reproduce it...
I have resubmit a job again, and waiting for result.
beaker job link: (RHEL6.3-20120509.1)
the test(/kernel/filesystems/cifs/xattr) is a standalone test, and setfattr after mounting some local shared directory.
checking case, and resubmit job to test with selinux closed.
job with selinux closed PASS:
Try to manual test and resubmit one on the latest distro.
It's case that miss to configure some test file's selinux attribute 'samba_share_t'.
So it's NOTABUG.