Project

General

Profile

Actions
Copy link

Bug #49286

closed

fix setting selinux context on file with r/o permissions

Added by Jeff Layton about 3 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
Jeff Layton
Category:
Correctness/Safety
Target version:
Ceph - v17.0.0
% Done:

0%

Source:
Development
Tags:
Backport:
pacific,octopus,nautilus
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(FS):
Client, MDS
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

If you do this on a ganesha NFS mount with SELinux enabled, it will fail (as shown):

openat(AT_FDCWD, "/mnt/cephfsgw1/jlayton/opentest.new", O_RDWR|O_CREAT|O_EXCL, 0444) = -1 EACCES (Permission denied)

What happens is that the create works just fine, but then ganesha does a follow-on setxattr to set the SELinux context. That fails because the mode doesn't allow writes and I'm not a privileged user.

This wouldn't be such an issue, but git happens to create files like that so that makes git clone break.

There are a couple of potential solutions but they are all quite ugly. I'll have to do some exploration as to the least ugly fix.

Actions
Copy link
 #1

Updated by Patrick Donnelly about 3 years ago

  • Category set to Correctness/Safety
  • Target version set to v17.0.0
  • Source set to Development
  • Backport set to pacific,octopus,nautilus
  • Component(FS) Client, MDS added
Actions
Copy link
 #3

Updated by Jeff Layton about 3 years ago

  • Status changed from New to Resolved
Actions
Copy link

Also available in: Atom PDF