Re: lsetxattr error when doing send/receive
On May 13, 2014, at 7:57 PM, David Brown dav...@davidb.org wrote: On Tue, May 13, 2014 at 08:44:44PM -0300, Bernardo Donadio wrote: Hi! I'm trying to do a send/receive of a snapshot between two disks on Fedora 20 with Linux 3.15-rc5 (and also tried with 3.14 and 3.11) and SELinux disabled, and then I'm receiving the following error: [root@darwin /]# btrfs subvolume snapshot -r / @.$(date +%Y-%m-%d-%H%M%S)Create a readonly snapshot of '/' in './@.2014-05-13-203532' [root@darwin /]# btrfs send @.2014-05-13-203532 | btrfs receive /mnt/cold/ At subvol @.2014-05-13-203532 At subvol @.2014-05-13-203532 ERROR: lsetxattr bin security.selinux=system_u:object_r:bin_t:s0 failed. Operation not supported I'm missing something? Is this a bug? Is selinux 'disabled' or just non-enforcing? If it is enabled, but even non-enforcing, it still won't allow the security attributes to be set. Reverse that. If selinux is disabled, labels can't be set. If not enforcing, you won't get AVC denials for the vast majority of events, but labels can be set and e.g. restorecon will still work. selinux=0 kernel param is disabled. enforcing=0 kernel param is enabled but not enforcing (for most things). selinux=0 isn't recommended. enforcing=0 is better, and then ausearch -m AVC to find denials and report them so they get fixed. Chris Murphy -- To unsubscribe from this list: send the line unsubscribe linux-btrfs in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: lsetxattr error when doing send/receive
On May 13, 2014, at 9:16 PM, Bernardo Donadio bcdona...@gmail.com wrote: On 05/13/2014 10:57 PM, David Brown wrote: $ selinuxenabled; echo $? It does return '1'. I know SELinux is disabled because I can't boot with it on (and I have no fucking clue why). What exactly is the error complaining about, BTW? How are you disabling it? I suggest enabling it. Then setting enforcing=0 so that it can maintain the proper labeling, and see if you still get the error. A guy at #selinux@freenode said something about btrfs not supporting the FS security extensions, but he didn't know how to elaborate more. Oh dear, well that's wrong. There appear to be some xattrs that are not being restored on receive, there's another thread on that, but they aren't selinux labels. Chris Murphy -- To unsubscribe from this list: send the line unsubscribe linux-btrfs in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
lsetxattr error when doing send/receive
Hi! I'm trying to do a send/receive of a snapshot between two disks on Fedora 20 with Linux 3.15-rc5 (and also tried with 3.14 and 3.11) and SELinux disabled, and then I'm receiving the following error: [root@darwin /]# btrfs subvolume snapshot -r / @.$(date +%Y-%m-%d-%H%M%S)Create a readonly snapshot of '/' in './@.2014-05-13-203532' [root@darwin /]# btrfs send @.2014-05-13-203532 | btrfs receive /mnt/cold/ At subvol @.2014-05-13-203532 At subvol @.2014-05-13-203532 ERROR: lsetxattr bin security.selinux=system_u:object_r:bin_t:s0 failed. Operation not supported I'm missing something? Is this a bug? -- Bernardo Donadio -- To unsubscribe from this list: send the line unsubscribe linux-btrfs in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: lsetxattr error when doing send/receive
On Tue, May 13, 2014 at 08:44:44PM -0300, Bernardo Donadio wrote: Hi! I'm trying to do a send/receive of a snapshot between two disks on Fedora 20 with Linux 3.15-rc5 (and also tried with 3.14 and 3.11) and SELinux disabled, and then I'm receiving the following error: [root@darwin /]# btrfs subvolume snapshot -r / @.$(date +%Y-%m-%d-%H%M%S)Create a readonly snapshot of '/' in './@.2014-05-13-203532' [root@darwin /]# btrfs send @.2014-05-13-203532 | btrfs receive /mnt/cold/ At subvol @.2014-05-13-203532 At subvol @.2014-05-13-203532 ERROR: lsetxattr bin security.selinux=system_u:object_r:bin_t:s0 failed. Operation not supported I'm missing something? Is this a bug? Is selinux 'disabled' or just non-enforcing? If it is enabled, but even non-enforcing, it still won't allow the security attributes to be set. $ selinuxenabled; echo $? should give '1' if it is truly disabled. I believe you have to disable it at startup time, so if you've changed the config file, you might need to reboot. David -- To unsubscribe from this list: send the line unsubscribe linux-btrfs in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html