Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Unresolved
Priority: Minor
Fix Version/s: None
Affects Version/s: None
Labels:
None

Severity:
3
Rank (Obsolete):
9223372036854775807

Description

I just tried setting up a test server on el8 and took a bit of time to realize selinux was the problem, even if set to permissive.

Setting selinux to disabled allowed me to mount the server normally.

The problem seems to be that selinux thinks there is no xattr support and throws the baby with the water?

Might be relevant: I've only tested with a loop mount, it might work with real devices.

Here are the traces I have; happy to provide more if required:

# rm -f mgt && truncate -s 50M mgt && mkfs.lustre --mgs mgt
# mount -t lustre -o loop ./mgt /mnt/lustre/mgt/
mount.lustre: mount /dev/loop0 at /mnt/lustre/mgt failed: Operation not supported
# dmesg | tail
[  100.138808] LDISKFS-fs (loop0): mounted filesystem with ordered data mode. Opts: user_xattr,errors=remount-ro,no_mbcache,nodelalloc
[  101.210730] SELinux: (dev lustre, type lustre) has no xattr support
[  101.236892] Lustre: server umount MGS complete
# (nothing obvious in lctl dk as the umount was not initiated from lustre code)
# bpftrace -e 'kprobe:server_put_super { printf("umount: %s\n", kstack); }'
Attaching 1 probe...
umount: 
        server_put_super+1
        generic_shutdown_super+108
        kill_anon_super+20
        deactivate_locked_super+52
        mount_fs+308
        vfs_kern_mount.part.35+84
        do_mount+508
        ksys_mount+182
        __x64_sys_mount+33
        do_syscall_64+91
        entry_SYSCALL_64_after_hwframe+101
# cd /usr/src/debug/kernel-4.18.0-240.15.1.el8_3/linux-4.18.0-240.15.1.el8_3.x86_64/
# vim -t mount_fs
...
struct dentry *
mount_fs(struct file_system_type *type, int flags, const char *name, void *data)
{
...
        error = security_sb_kern_mount(sb, flags, secdata);
        if (error)
                goto out_sb;
...
out_sb:
        dput(root);
        deactivate_locked_super(sb);
...

So the selinux message in dmesg was a real hard error and not a safe-to-ignore warning as I'm used to...

I didn't look further into why selinux thinks there is no xattr support, but quick tracing shows selinux_sb_kern_mount() is called twice - once for osd_mount for the actual ldiskfs device which works, and once more for the actual lustre layer mount call which I guess is probably expected not to have xattrs, so I guess selinux got a bit more strict lately, or a policy change? I'm not sure policies can make the difference between the "lustre" server mount and the "lustre" client mount unfortunately.

Attachments

Issue Links

is related to

LU-12514 separate out the lustre mount code for server and clients

Open

Activity

People

Assignee:: WC Triage

Reporter:: Dominique Martinet

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 04/Apr/21 2:38 AM

Updated:: 04/Apr/21 2:21 PM