On May 13, 2014, at 7:57 PM, David Brown <dav...@davidb.org> wrote: > On Tue, May 13, 2014 at 08:44:44PM -0300, Bernardo Donadio wrote: >> Hi! >> >> I'm trying to do a send/receive of a snapshot between two disks on Fedora 20 >> with Linux 3.15-rc5 (and also tried with 3.14 and 3.11) and SELinux >> disabled, and then I'm receiving the following error: >> >> [root@darwin /]# btrfs subvolume snapshot -r / @.$(date >> +%Y-%m-%d-%H%M%S)Create a readonly snapshot of '/' in './@.2014-05-13-203532' >> [root@darwin /]# btrfs send @.2014-05-13-203532 | btrfs receive /mnt/cold/ >> At subvol @.2014-05-13-203532 >> At subvol @.2014-05-13-203532 >> ERROR: lsetxattr bin security.selinux=system_u:object_r:bin_t:s0 failed. >> Operation not supported >> >> I'm missing something? Is this a bug? > > Is selinux 'disabled' or just non-enforcing? If it is enabled, but > even non-enforcing, it still won't allow the security attributes to be > set.
Reverse that. If selinux is disabled, labels can't be set. If not enforcing, you won't get AVC denials for the vast majority of events, but labels can be set and e.g. restorecon will still work. selinux=0 kernel param is disabled. enforcing=0 kernel param is enabled but not enforcing (for most things). selinux=0 isn't recommended. enforcing=0 is better, and then ausearch -m AVC to find denials and report them so they get fixed. Chris Murphy -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
