[DSE-Dev] Bug#620907: policycoreutils: fixfiles does not relabel contents of btrfs subvolumes
Benoît Knecht
benoit.knecht at fsfe.org
Fri Jul 6 14:05:56 UTC 2012
severity 620907 important
found 620907 2.1.10-9
thanks
John Pham wrote:
> The fixfiles script seems unable to relabel anything in btrfs
> subvolumes. This appears to be due to the contents of subvolumes not
> counting as being on a filesystem of type 'btrfs', according to find
> which is called by this script.
Actually, the problem seems to be in /sbin/setfiles.
I have a btrfs file system mounted on /, with subvolumes /home,
/home/user, /usr, /tmp, /var and /etc. The fixfiles script uses the
get_rw_labeled_mounts function to find out on which filesystems to act,
and on my system, that function returns:
/
/boot
/dev
/dev/pts
/run
/run/lock
/run/shm
/sys
So fixfiles proceeds to call
setfiles -q -p -F /etc/selinux/default/contexts/files/file_contexts /
which correctly sets the contexts in / and its subdirectories, except
for the subvolumes listed above (I tried re-running it by hand, and
indeed it doesn't work). Running setfiles on the subvolumes explicitly
does work though, i.e.
setfiles -q -p -F /etc/selinux/default/contexts/files/file_contexts /home
fixes the contexts in /home (but not /home/user, one needs to run
setfiles on it explicitly too).
So as far as this bug is concerned, I see two solutions:
- Either fix setfiles to recurse into btrfs subvolumes;
- Or modify fixfiles so that if a filesystem listed by
get_rw_labeled_mounts is btrfs-formated, it uses
btrfs subvolume list ${FS}
to find out the paths of the subvolumes and pass them to setfiles
explicitly.
Cheers,
--
Benoît Knecht
More information about the SELinux-devel
mailing list