On 2013-04-19 17:29, Fabrice BOYRIE wrote:
> Hello > > I'm playing with zfs on linux using package from SL-addons > I've had a first problem with installation > > First small one > dkms build of zfs.ko needs at least > libuuid-devel, zlib-devel, kernel-devel, gcc > It should be in requires. > > Bigger one: problem with selinux > When I mount zfs volume, I've the following errors: > SELinux: initialized (dev zfs, type zfs), not configured for labeling > and even root can't write on the disk > > I've modified selinux-policy srpm adding the following patch > policy-zfs.patch > > diff -Nur nsaserefpolicy/policy/modules/kernel/filesystem.te > serefpolicy-3.7.19/policy/modules/kernel/filesystem.te > --- aserefpolicy/policy/modules/kernel/filesystem.te 2010-04-13 > 20:44:37.000000000 +0200 > +++ serefpolicy-3.7.19/policy/modules/kernel/filesystem.te 2013-04-19 > 17:30:43.952120437 +0200 > @@ -21,6 +21,7 @@ > > # Use xattrs for the following filesystem types. > # Requires that a security xattr handler exist for the filesystem. > +fs_use_xattr zfs gen_context(system_u:object_r:fs_t,s0); > fs_use_xattr btrfs gen_context(system_u:object_r:fs_t,s0); > fs_use_xattr encfs gen_context(system_u:object_r:fs_t,s0); > fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0); > > With this patch applied, selinux seems working (I can write and i can use > chcon). But at next update, it will breaks. And I don't understand enough > selinux to make a specific module. > > How solves this problems ? > > Thanks in advance > > Fabrice BOYRIE Hello Fabrice, While the patch is simple, the filesystem module is quite complicated and it would require quite some work to make a standalone module only for ZFS. Sadly for now i think that it's simpler to patch the actual package than anything else, and as long as the upstream vendor doesn't explicitely support ZFS in their SELinux rule, you/we'll have to continue use a patched package. Regards, Olivier
