Re: lsetxattr error when doing send/receive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, May 14, 2014 at 12:52:50AM -0600, Chris Murphy wrote:


On May 13, 2014, at 7:57 PM, David Brown <davidb@xxxxxxxxxx> wrote:


On Tue, May 13, 2014 at 08:44:44PM -0300, Bernardo Donadio wrote:

Hi!

I'm trying to do a send/receive of a snapshot between two disks on Fedora 20 with Linux 3.15-rc5 (and also tried with 3.14 and 3.11) and SELinux disabled, and then I'm receiving the following error:

[root@darwin /]# btrfs subvolume snapshot -r / @.$(date +%Y-%m-%d-%H%M%S)Create a readonly snapshot of '/' in './@.2014-05-13-203532'
[root@darwin /]# btrfs send @.2014-05-13-203532 | btrfs receive /mnt/cold/
At subvol @.2014-05-13-203532
At subvol @.2014-05-13-203532
ERROR: lsetxattr bin security.selinux=system_u:object_r:bin_t:s0 failed. Operation not supported

I'm missing something? Is this a bug?


Is selinux 'disabled' or just non-enforcing?  If it is enabled, but
even non-enforcing, it still won't allow the security attributes to be
set.


Reverse that. If selinux is disabled, labels can't be set. If not
enforcing, you won't get AVC denials for the vast majority of events,
but labels can be set and e.g. restorecon will still work.


  $ selinuxenabled ; echo $?
  0
  $ touch /var/tmp/foo
  $ sudo setfattr -n security.selinux -v system_u:object_r:bin_t:s0 /var/tmp/foo
  $ ls -lZ /var/tmp/foo
  -rw-rw-r--. davidb davidb system_u:object_r:bin_t:s0      /var/tmp/foo

and on a machine with selinux disabled:

  $ selinuxenabled ; echo $?
  1
  $ touch /var/tmp/foo
  $ sudo setfattr -n security.selinux -v system_u:object_r:bin_t:s0 /var/tmp/foo
  $ ls -lZ /var/tmp/foo
  -rw-rw-r--. davidb davidb system_u:object_r:bin_t:s0      /var/tmp/foo

so it doesn't actually seem to matter.  At this point, I'm suspecting
this was actually a bug in a kernel I was running at some point, and I
just haven't bothered trying to enable selinux since then.  I
definitely have received errors in the past from rsync that look like
the above error that I could fix by booting with selinux disabled.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Filesystem Development]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux