From Lustre 2.8, we have basic support of SELinux on Lustre client side. It means Lustre stores the security context of files in extended attributes. In this way Lustre supports seclabel. In Lustre 2.9, an additional enhancement for SELinux support was landed.
Which version are you using? Cheers, Sebastien. > Le 15 mai 2017 à 14:39, E.S. Rosenberg <[email protected]> a écrit : > > Hi Robin, > Did you ever solve this? > We are considering trying root-on-lustre but that would be a deal-breaker. > Thanks, > Eli > > On Sat, Mar 4, 2017 at 9:38 AM, Dilger, Andreas <[email protected]> > wrote: > On Mar 2, 2017, at 05:55, Robin Humble <[email protected]> wrote: > > > > Hiya, > > > > I'm updating an image for a root-on-lustre cluster from centos6 to 7 > > and I've hit a little snag. I can't seem to mount lustre so that it > > understands seclabel. ie. setcap/getcap don't work. the upshot is that > > root can use ping (and a few other tools), but users can't. > > > > any idea what I'm doing wrong? > > > > from what little I understand about it I think seclabel is a form of > > xattr. > > I try to stay away from that myself, but newer Lustre clients support SELinux > and similar things. You probably need to strace and/or collect some kernel > debug logs (maybe with debug=-1 set) to see where the error is being > generated. > > Cheers, Andreas > -- > Andreas Dilger > Lustre Principal Architect > Intel Corporation > > > > > > > > _______________________________________________ > lustre-discuss mailing list > [email protected] > http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org > > _______________________________________________ > lustre-discuss mailing list > [email protected] > http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org _______________________________________________ lustre-discuss mailing list [email protected] http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
