Project

General

Profile

Bug #49286

fix setting selinux context on file with r/o permissions

Added by Jeff Layton 13 days ago. Updated 3 days ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
Correctness/Safety
Target version:
% Done:

0%

Source:
Development
Tags:
Backport:
pacific,octopus,nautilus
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Client, MDS
Labels (FS):
Pull request ID:
Crash signature:

Description

If you do this on a ganesha NFS mount with SELinux enabled, it will fail (as shown):

openat(AT_FDCWD, "/mnt/cephfsgw1/jlayton/opentest.new", O_RDWR|O_CREAT|O_EXCL, 0444) = -1 EACCES (Permission denied)

What happens is that the create works just fine, but then ganesha does a follow-on setxattr to set the SELinux context. That fails because the mode doesn't allow writes and I'm not a privileged user.

This wouldn't be such an issue, but git happens to create files like that so that makes git clone break.

There are a couple of potential solutions but they are all quite ugly. I'll have to do some exploration as to the least ugly fix.

History

#1 Updated by Patrick Donnelly 8 days ago

  • Category set to Correctness/Safety
  • Target version set to v17.0.0
  • Source set to Development
  • Backport set to pacific,octopus,nautilus
  • Component(FS) Client, MDS added

#2 Updated by Jeff Layton 3 days ago

#3 Updated by Jeff Layton 3 days ago

  • Status changed from New to Resolved

Also available in: Atom PDF