Feature #13231
closedkclient: support SELinux
0%
Description
I cannot set selinux labbels on ceph mount.
Environment:
[root@host16-rack08 ~]# modinfo ceph
filename: /lib/modules/3.10.0-229.7.2.el7.x86_64/kernel/fs/ceph/ceph.ko
license: GPL
description: Ceph filesystem for Linux
author: Patience Warnick <patience@newdream.net>
author: Yehuda Sadeh <yehuda@hq.newdream.net>
author: Sage Weil <sage@newdream.net>
alias: fs-ceph
rhelversion: 7.1
srcversion: 2086D500AFAF47B7260E08A
depends: libceph
intree: Y
vermagic: 3.10.0-229.7.2.el7.x86_64 SMP mod_unload modversions
signer: Red Hat Enterprise Linux kernel signing key
sig_key: 27:3C:C8:38:6D:A0:EE:8F:0E:C6:C6:F4:20:E2:4D:7B:AF:35:A9:78
sig_hashalgo: sha256
Here is my cephfs mountpoint:
[root@host16-rack08 ~]# mount |grep ceph
10.1.4.118:6789:/ on /var/lib/openshift/openshift.local.volumes/pods/2a79c5b9-62da-11e5-b8c5-b8ca3a627d6c/volumes/kubernetes.io~cephfs/cephfs type ceph (rw,relatime,name=kube,secret=<hidden>,nodcache)
Applying selinux label just failed:
[root@host16-rack08 ~]# setfattr -n security.selinux -v system_u:object_r:svirt_sandbox_file_t:s0 /var/lib/openshift/openshift.local.volumes/pods/2a79c5b9-62da-11e5-b8c5-b8ca3a627d6c/volumes/kubernetes.io~cephfs/cephfs
setfattr: /var/lib/openshift/openshift.local.volumes/pods/2a79c5b9-62da-11e5-b8c5-b8ca3a627d6c/volumes/kubernetes.io~cephfs/cephfs: Operation not supported
[root@host16-rack08 ~]# setfattr -n security.foo -v system_u:object_r:svirt_sandbox_file_t:s0 /var/lib/openshift/openshift.local.volumes/pods/2a79c5b9-62da-11e5-b8c5-b8ca3a627d6c/volumes/kubernetes.io~cephfs/cephfs
[root@host16-rack08 ~]# getfattr -d /var/lib/openshift/openshift.local.volumes/pods/2a79c5b9-62da-11e5-b8c5-b8ca3a627d6c/volumes/kubernetes.io~cephfs/cephfs -m -getfattr: Removing leading '/' from absolute path names
- file: var/lib/openshift/openshift.local.volumes/pods/2a79c5b9-62da-11e5-b8c5-b8ca3a627d6c/volumes/kubernetes.io~cephfs/cephfs
ceph.dir.entries="4"
ceph.dir.files="4"
ceph.dir.rbytes="0"
ceph.dir.rctime="0.090"
ceph.dir.rentries="1"
ceph.dir.rfiles="0"
ceph.dir.rsubdirs="1"
ceph.dir.subdirs="0"
security.foo="system_u:object_r:svirt_sandbox_file_t:s0"