"jon bird":
> I did indeed take a look at this and concluded that I didn't think I'd
> need them (if at all) at this point however I have just tried using both
> icexsec and then for good measure icex on the mount, neither made any
> noticeable difference:
Then let's forget about ICEX for now, and let's focus the problem why
selinux handles aufs as "not configured for labeling".
> That said, I did start having a bit of an explore as to where the message
> "not configured for labeling" was coming from. As best I can fathom it's
> from within security/selinux/hooks.c and there is a block of code which is
> as follows:
>
> if (!sbsec->behavior) {
:::
> The message itself is emitted based on the value of 'sbsec->behavior'
> which I think should (may?) be SECURITY_FS_USE_XATTR.
Ok, then when and who should set a correct value to sbsec->behavior?
More info about your system will be necessary for furthur investigation.
Next time you post, please include these info.
----------------------------------------
(from aufs README file)
- /proc/mounts (instead of the output of mount(8))
- /sys/module/aufs/*
- /sys/fs/aufs/* (if you have them)
- /debug/aufs/* (if you have them)
- linux kernel version
if your kernel is not plain, for example modified by distributor,
the url where i can download its source is necessary too.
- aufs version which was printed at loading the module or booting the
system, instead of the date you downloaded.
- configuration (define/undefine CONFIG_AUFS_xxx)
- kernel configuration or /proc/config.gz (if you have it)
- LSM (linux security module, if you are using)
- behaviour which you think to be incorrect
- actual operation, reproducible one is better
- mailto: aufs-users at lists.sourceforge.net
----------------------------------------
> I did spot in your code this line commented out in inode.h:
>
> /* void au_xattr_init(struct super_block *sb); */
>
> which may of course be where this code should end up to get this information?
No.
This is an obsoleted function which tried support posix_acl BEFORE linux
mainline established a concrete scheme for xattr. After the scheme is
fixed, those functions were commented out.
J. R. Okajima
