[Linux-cluster] GFS, xattr and SElinux

Ryan O'Hara rohara at redhat.com
Wed Dec 5 17:17:57 UTC 2007


jr wrote:
> Hi Guys,
> does GFS not work with SELinux at all, even though SElinux seems to
> initialize the Filesystem right after the mount correctly, and the files
> show labels? (ls -lZ) (this is CentOS 5.1 with the most recent packages,
> using GFS non2).
> it seems as if i ran into something like that.
> even though ls -lZ would show the correct file labels, SELinux denies
> access to unlabeled_t.
> after restarting one of the nodes in the cluster, that node shows
> unlabeled_t when using ls -lZ on the GFS mounted directory. on other
> nodes, it's correctly httpd_config_t though.
> is there anything known with this or any suggestions?
> thanks a lot.
> regards,
> johannes

There are 2 things that come to mind:

1. I believe that although we have added selinux support for GFS(1) in 
RHEL5, the policy does not reflect this. In order to get things working, 
you may have to edit your selinux policy such that gfs is defined to 
support selinux xattrs.

2. I just fixed a bug in the GFS(1) selinux xattr operations. The 
various functions that handle selinux xattrs were incorrectly checking 
read/write permissions, which is wrong. This could result in permission 
denials, as you mentioned.




More information about the Linux-cluster mailing list