> "jon bird": >> Thanks for your assistance with this, for completeness I will post back >> if >> I have any success getting it to work in case anyone else is trying to >> do >> something similar. > > Such report will be appricated. I will, even if no one will. > It will be a good test to see how good or bad aufs supports xattr. > Good luck and enjoy. > Thanks (I think!).
Ok, so I added this to my policy: fs_use_xattr aufs gen_context(system_u:object_r:fs_t,s0); Which mirrors pretty much all the other file systems which use XATTR, including in the reference policy overlayfs. On setting up my aufs test mount I now get: kernel: SELinux: initialized (dev aufs, type aufs), uses xattr Which looks good. Unfortunately that is where the good news ends. Attempting to do a "ls" of the mount, the console hung and I had to reboot it to recover. I've now enabled AUFS_DEBUG in the kernel and tried again. This time I triggered a kernel BUG: May 07 12:44:54.426410 [39682] sdr kernel: Kernel BUG at c02b1120 [verbose debug info unavailable] May 07 12:44:54.701095 [39682] sdr kernel: invalid opcode: 0000 [#1] PREEMPT SMP May 07 12:44:54.701309 [39682] sdr kernel: Modules linked in: sch311x_wdt nfsd exportfs gpio_pca953x i2c_i801 i2c_core snd_hda_intel snd_hda_controller snd_hda_codec snd_pcm snd_timer May 07 12:44:54.701477 [39682] sdr kernel: CPU: 1 PID: 906 Comm: ls Not tainted 3.16.57 #6 May 07 12:44:54.701631 [39682] sdr kernel: Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./To be filled by O.E.M., BIOS 080015 05/10/2011 May 07 12:44:54.701788 [39682] sdr kernel: task: f6930190 ti: f68da000 task.ti: f68da000 May 07 12:44:54.701934 [39682] sdr kernel: EIP: 0060:[<c02b1120>] EFLAGS: 00010286 CPU: 1 May 07 12:44:54.702073 [39682] sdr kernel: EIP is at si_read_lock+0x140/0x170 May 07 12:44:54.702208 [39682] sdr kernel: EAX: f6972000 EBX: f3c48000 ECX: 00000389 EDX: ffffffff May 07 12:44:54.702349 [39682] sdr kernel: ESI: f48a8c00 EDI: 00000028 EBP: f68dbe38 ESP: f68dbdf4 May 07 12:44:54.702490 [39682] sdr kernel: DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 May 07 12:44:54.702663 [39682] sdr kernel: CR0: 80050033 CR2: 084d60cc CR3: 35878000 CR4: 000007d0 May 07 12:44:54.702804 [39682] sdr kernel: Stack: May 07 12:44:54.702942 [39682] sdr kernel: 00000000 c02b6d10 00000004 f68dbe04 0000100c f48a8c00 f511f080 f516db80 May 07 12:44:54.703084 [39682] sdr kernel: f68dbe38 c02db2fa c02bd7d1 f48a8c00 f4bc5448 f511f080 c066c140 f516db80 May 07 12:44:54.703229 [39682] sdr kernel: c02db891 00000001 c05f246f f4b32200 000000ff c02ed250 000000ff f4bc5460 May 07 12:44:54.703421 [39682] sdr kernel: Call Trace: May 07 12:44:54.703580 [39682] sdr kernel: [<c02b6d10>] ? au_xino_do_write+0x20/0x70 May 07 12:44:54.703718 [39682] sdr kernel: [<c02db2fa>] ? au_lgxattr+0x1a/0x180 May 07 12:44:54.703850 [39682] sdr kernel: [<c02bd7d1>] ? au_cpup_attr_nlink+0x71/0x180 May 07 12:44:54.704008 [39682] sdr kernel: [<c02db891>] ? aufs_getxattr+0x21/0x30 May 07 12:44:54.704142 [39682] sdr kernel: [<c02ed250>] ? inode_doinit_with_dentry+0x120/0x5e0 May 07 12:44:54.704278 [39682] sdr kernel: [<c02e6010>] ? security_d_instantiate+0x10/0x20 May 07 12:44:54.704412 [39682] sdr kernel: [<c01dd35f>] ? d_splice_alias+0x2f/0xe0 May 07 12:44:54.704586 [39682] sdr kernel: [<c02cf40d>] ? aufs_lookup+0x1ad/0x2d0 May 07 12:44:54.704723 [39682] sdr kernel: [<c01cff6f>] ? lookup_real+0xf/0x40 May 07 12:44:54.704855 [39682] sdr kernel: [<c01d072b>] ? __lookup_hash+0x2b/0x40 May 07 12:44:54.704988 [39682] sdr kernel: [<c01d2f11>] ? path_lookupat+0x7f1/0xc50 May 07 12:44:54.705121 [39682] sdr kernel: [<c032613a>] ? vsnprintf+0x14a/0x3b0 May 07 12:44:54.705251 [39682] sdr kernel: [<c0328698>] ? lockref_get+0x8/0x20 May 07 12:44:54.705411 [39682] sdr kernel: [<c01d3388>] ? filename_lookup+0x18/0xb0 May 07 12:44:54.705545 [39682] sdr kernel: [<c01d6d64>] ? user_path_at_empty+0x34/0x80 May 07 12:44:54.705680 [39682] sdr kernel: [<c0328718>] ? lockref_put_or_lock+0x8/0x30 May 07 12:44:54.705814 [39682] sdr kernel: [<c01dc358>] ? dput+0x78/0x1b0 May 07 12:44:54.705943 [39682] sdr kernel: [<c01d6dbb>] ? user_path_at+0xb/0x10 May 07 12:44:54.706074 [39682] sdr kernel: [<c01e8ba3>] ? SyS_lgetxattr+0x33/0xa0 May 07 12:44:54.706204 [39682] sdr kernel: [<c052714d>] ? sysenter_do_call+0x1b/0x1b May 07 12:44:54.706337 [39682] sdr kernel: Code: 00 8b 46 28 85 c0 7e 34 b8 ff ff ff ff f0 0f c1 46 28 83 e8 01 78 27 8d 46 10 e8 ec 62 eb ff e9 36 ff ff ff 8d b4 26 00 00 00 00 <0f> 0b 8d b6 00 00 00 00 89 f0 e8 61 fe ff ff eb bf 0f 0b ba 68 May 07 12:44:54.706511 [39682] sdr kernel: EIP: [<c02b1120>] si_read_lock+0x140/0x170 SS:ESP 0068:f68dbdf4 May 07 12:44:54.706658 [39682] sdr kernel: ---[ end trace 1cf4303cf7d5ed4e ]--- May 07 12:44:54.706797 [39682] sdr kernel: ------------[ cut here ]------------ May 07 12:44:54.706928 [39682] sdr kernel: Kernel BUG at c02c8730 [verbose debug info unavailable] May 07 12:44:54.707070 [39682] sdr kernel: invalid opcode: 0000 [#2] PREEMPT SMP May 07 12:44:54.707204 [39682] sdr kernel: Modules linked in: sch311x_wdt nfsd exportfs gpio_pca953x i2c_i801 i2c_core snd_hda_intel snd_hda_controller snd_hda_codec snd_pcm snd_timer May 07 12:44:55.039319 [39682] sdr kernel: CPU: 1 PID: 906 Comm: ls Tainted: G D 3.16.57 #6 May 07 12:44:55.039634 [39682] sdr kernel: Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./To be filled by O.E.M., BIOS 080015 05/10/2011 May 07 12:44:55.039904 [39682] sdr kernel: task: f6930190 ti: f68da000 task.ti: f68da000 May 07 12:44:55.040610 [39682] sdr kernel: EIP: 0060:[<c02c8730>] EFLAGS: 00010286 CPU: 1 May 07 12:44:55.040874 [39682] sdr kernel: EIP is at au_do_flush+0x1e0/0x210 May 07 12:44:55.041099 [39682] sdr kernel: EAX: 00000389 EBX: f511fe80 ECX: ffffffff EDX: f6972000 May 07 12:44:55.041330 [39682] sdr kernel: ESI: f552fa00 EDI: f48a8c00 EBP: f3c48000 ESP: f68dbc7c May 07 12:44:55.041559 [39682] sdr kernel: DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 May 07 12:44:55.041785 [39682] sdr kernel: CR0: 8005003b CR2: 084d60cc CR3: 006f7000 CR4: 000007d0 May 07 12:44:55.042020 [39682] sdr kernel: Stack: May 07 12:44:55.042242 [39682] sdr kernel: f3deb100 c02caff0 00000000 00000008 00000000 f552fa00 f3deb100 00000000 May 07 12:44:55.042470 [39682] sdr kernel: c01c604e 00000001 0000000c f3deb108 c01e1c8a f3deb100 f6088900 f6930190 May 07 12:44:55.042704 [39682] sdr kernel: f6088938 f693054c c0138398 00000000 c0520628 00000000 00000001 00000000 May 07 12:44:55.042936 [39682] sdr kernel: Call Trace: May 07 12:44:55.043158 [39682] sdr kernel: [<c02caff0>] ? aufs_flush_dir+0x10/0x10 May 07 12:44:55.043496 [39682] sdr kernel: [<c01c604e>] ? filp_close+0x1e/0x50 May 07 12:44:55.043722 [39682] sdr kernel: [<c01e1c8a>] ? put_files_struct+0x5a/0xa0 May 07 12:44:55.043943 [39682] sdr kernel: [<c0138398>] ? do_exit+0x1d8/0x860 May 07 12:44:55.044156 [39682] sdr kernel: [<c0520628>] ? printk+0x16/0x1a May 07 12:44:55.044368 [39682] sdr kernel: [<c013778b>] ? print_oops_end_marker+0x1b/0x20 May 07 12:44:55.044640 [39682] sdr kernel: [<c0104c57>] ? oops_end+0x67/0x90 May 07 12:44:55.044847 [39682] sdr kernel: [<c0102751>] ? do_error_trap+0x61/0xc0 May 07 12:44:55.045064 [39682] sdr kernel: [<c02b1120>] ? si_read_lock+0x140/0x170 May 07 12:44:55.045282 [39682] sdr kernel: [<c019ec24>] ? generic_file_write_iter+0x34/0xb0 May 07 12:44:55.045502 [39682] sdr kernel: [<c01c7d87>] ? new_sync_write+0x67/0xa0 May 07 12:44:55.045720 [39682] sdr kernel: [<c0102d20>] ? do_bounds+0x20/0x20 May 07 12:44:55.045931 [39682] sdr kernel: [<c0102d2e>] ? do_invalid_op+0xe/0x20 May 07 12:44:55.046155 [39682] sdr kernel: [<c0527b32>] ? error_code+0x5a/0x74 May 07 12:44:55.046369 [39682] sdr kernel: [<c01c007b>] ? page_lock_anon_vma_read+0x5b/0x110 May 07 12:44:55.046589 [39682] sdr kernel: [<c0102d20>] ? do_bounds+0x20/0x20 May 07 12:44:55.046802 [39682] sdr kernel: [<c02b1120>] ? si_read_lock+0x140/0x170 May 07 12:44:55.047019 [39682] sdr kernel: [<c02b6d10>] ? au_xino_do_write+0x20/0x70 May 07 12:44:55.047235 [39682] sdr kernel: [<c02db2fa>] ? au_lgxattr+0x1a/0x180 May 07 12:44:55.047484 [39682] sdr kernel: [<c02bd7d1>] ? au_cpup_attr_nlink+0x71/0x180 May 07 12:44:55.047744 [39682] sdr kernel: [<c02db891>] ? aufs_getxattr+0x21/0x30 May 07 12:44:55.047963 [39682] sdr kernel: [<c02ed250>] ? inode_doinit_with_dentry+0x120/0x5e0 May 07 12:44:55.048182 [39682] sdr kernel: [<c02e6010>] ? security_d_instantiate+0x10/0x20 May 07 12:44:55.048401 [39682] sdr kernel: [<c01dd35f>] ? d_splice_alias+0x2f/0xe0 May 07 12:44:55.048619 [39682] sdr kernel: [<c02cf40d>] ? aufs_lookup+0x1ad/0x2d0 May 07 12:44:55.048852 [39682] sdr kernel: [<c01cff6f>] ? lookup_real+0xf/0x40 May 07 12:44:55.049066 [39682] sdr kernel: [<c01d072b>] ? __lookup_hash+0x2b/0x40 May 07 12:44:55.049283 [39682] sdr kernel: [<c01d2f11>] ? path_lookupat+0x7f1/0xc50 May 07 12:44:55.049500 [39682] sdr kernel: [<c032613a>] ? vsnprintf+0x14a/0x3b0 May 07 12:44:55.049713 [39682] sdr kernel: [<c0328698>] ? lockref_get+0x8/0x20 May 07 12:44:55.049927 [39682] sdr kernel: [<c01d3388>] ? filename_lookup+0x18/0xb0 May 07 12:44:55.381300 [39682] sdr kernel: [<c01d6d64>] ? user_path_at_empty+0x34/0x80 May 07 12:44:55.381578 [39682] sdr kernel: [<c0328718>] ? lockref_put_or_lock+0x8/0x30 May 07 12:44:55.381812 [39682] sdr kernel: [<c01dc358>] ? dput+0x78/0x1b0 May 07 12:44:55.382028 [39682] sdr kernel: [<c01d6dbb>] ? user_path_at+0xb/0x10 May 07 12:44:55.382249 [39682] sdr kernel: [<c01e8ba3>] ? SyS_lgetxattr+0x33/0xa0 May 07 12:44:55.382472 [39682] sdr kernel: [<c052714d>] ? sysenter_do_call+0x1b/0x1b May 07 12:44:55.382707 [39682] sdr kernel: Code: b8 e6 53 5e c0 e8 61 f1 e6 ff e9 21 ff ff ff 8d 74 26 00 ba 68 00 00 00 b8 e6 53 5e c0 e8 49 f1 e6 ff e9 38 ff ff ff 8d 74 26 00 <0f> 0b 8d b6 00 00 00 00 0f 0b 8d b6 00 00 00 00 ba 68 00 00 00 May 07 12:44:55.383006 [39682] sdr kernel: EIP: [<c02c8730>] au_do_flush+0x1e0/0x210 SS:ESP 0068:f68dbc7c May 07 12:44:55.383257 [39682] sdr kernel: ---[ end trace 1cf4303cf7d5ed4f ]--- May 07 12:44:55.383560 [39682] sdr kernel: Fixing recursive fault but reboot is needed! As before the console remains stuck. Rgs, Jon.
