SELinux labels not defined
David Michael
fedora.dm0 at gmail.com
Sun Oct 3 09:50:55 AEDT 2021
Hi,
I tried to make an SELinux-labeled EROFS image, and the image itself
seems to contain the labels from a hex dump, but the mounted files are
all unlabeled:
# ls -lZ xml
total 8
drwxr-xr-x. 2 root root unconfined_u:object_r:var_t:s0 4096 Sep 29 21:43 dbus-1
drwxr-xr-x. 2 root root unconfined_u:object_r:fonts_cache_t:s0 4096 Sep 29 22:19 fontconfig
# mkfs.erofs test.img xml
mkfs.erofs 1.3-g4e183568-dirty
c_version: [1.3-g4e183568-dirty]
c_dbg_lvl: [ 2]
c_dry_run: [ 0]
# mount -o X-mount.mkdir test.img test
# ls -lZ test
total 8
drwxr-xr-x. 2 root root system_u:object_r:unlabeled_t:s0 78 Oct 2 18:37 dbus-1
drwxr-xr-x. 2 root root system_u:object_r:unlabeled_t:s0 48 Oct 2 18:37 fontconfig
This is running on the current Fedora kernel 5.14.9-200.fc34.x86_64 with
the relevant config options:
CONFIG_EROFS_FS=m
# CONFIG_EROFS_FS_DEBUG is not set
CONFIG_EROFS_FS_XATTR=y
CONFIG_EROFS_FS_POSIX_ACL=y
CONFIG_EROFS_FS_SECURITY=y
CONFIG_EROFS_FS_ZIP=y
I tried the earliest kernel in Fedora 34 (5.11.12-300.fc34.x86_64), and
it also has the same issue. However, the earliest kernel in Fedora 33
(5.8.15-301.fc33.x86_64) has the correct labels when the image is
mounted. Is there a problem in the file system driver, or do I need to
do something different for newer kernels?
Thanks.
David
More information about the Linux-erofs
mailing list