On Mon, Jan 16, 2017 at 6:39 PM, <sf...@users.sourceforge.net> wrote: > > Arun Chandran: >> No, It succeeded and created with label "k1", please see below > > Ok, then let's make sure again. > - you wrote that the smack label for root user is "_". Yes. That is correct. # id uid=0(root) gid=0(root) groups=0(root),10(wheel) # cat /proc/self/attr/current _
> - "sudo mount -t aufs ..." created the file with access="_". No with 'sudo mount ..' the .wh.* files are created with label of the user test not with the label of root. [This is because objects gets label of the process; label of user test is "k1"; sudo is not changing label] sudo mount and labels: ------------------------------ # mkdir layer0 layer1 # echo 0 > layer0/0.txt # echo 1 > layer1/1.txt # sudo mount -t aufs -o br=./layer1=rw:./layer0=ro -o udba=reval -o smackfsroot=k1 none ./rootfs_mnt Password: # for i in `find layer*`; do chsmack $i; done find: 'layer1/.wh..wh.plnk': Permission denied find: 'layer1/.wh..wh.orph': Permission denied layer0 access="k1" layer0/0.txt access="k1" layer1 access="k1" layer1/.wh..wh.plnk access="k1" layer1/.wh..wh.aufs access="k1" layer1/1.txt access="k1" layer1/.wh..wh.orph access="k1" # # id uid=1001(test) gid=1001(test) groups=1001(test) # root mount and labels: ------------------------------ All the steps same as above except mounted rootfs_mnt from root terminal. # for i in `find layer*`; do chsmack $i; done layer0 access="k1" layer0/0.txt access="k1" layer1 access="k1" layer1/.wh..wh.plnk access="_" layer1/.wh..wh.aufs access="_" layer1/1.txt access="k1" layer1/.wh..wh.orph access="_" # id uid=0(root) gid=0(root) groups=0(root),10(wheel) # # chsmack rootfs_mnt/ rootfs_mnt/ access="k1" # --Arun ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi