ARC: ext4 crypto test: xfstest: Need to adapat SELinux rules to allow mounting /dev/loopN |
||||||||
Issue descriptionUsing xfstests to test ext4 crypto, it does not work on -cheets: 2016-05-20T09:07:38.738166-07:00 WARNING kernel: [ 855.539560] SELinux: security_context_to_sid(system_u:object_r:nfs_t:s0) failed for (dev loop4, type ext4) errno=-22 For this test, we should relax SELinux rules.
,
Jul 15 2016
Android does not have access to /dev/loop, is this issue still valid?
,
Oct 19 2016
It is valid, xfstests is ran from chromeos, not withing ARC. in a chromeos root shell, xfstests fail mounting the test image: /bin/mount -t ext4 -o context=system_u:object_r:nfs_t:s0 /dev/loop9 /tmp/test [58785.056125] EXT4-fs (loop9): mounted filesystem with ordered data mode. Opts: [58785.056157] SELinux: security_context_to_sid(system_u:object_r:nfs_t:s0) failed for (dev loop9, type ext4) errno=-22
,
Oct 19 2016
xfstest is adding the option just for selinux:
in /usr/local/xfstests/common/config
# SELinux adds extra xattrs which can mess up our expected output.
# So, mount with a context, and they won't be created
# # nfs_t is a "liberal" context so we can use it.
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
SELINUX_MOUNT_OPTIONS="-o context=system_u:object_r:nfs_t:s0"
export SELINUX_MOUNT_OPTIONS
fi
I am guessing system_u or nfs_t are not defined, making this rule invalid.
,
Oct 21 2016
outside of container selinux is permissive, so skipping selinux mount options might be one possible way forward? (though I guess it's also trying to excercise selinux functionality?)
,
Nov 29 2016
,
Jan 20 2017
,
Jan 26 2017
Gwendal has a fix in xfs that is being reviewed.
,
Jan 26 2017
,
Jan 26 2017
,
Aug 1
,
Sep 7
,
Sep 7
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by cbiesin...@chromium.org
, Jul 14 2016