[LU-7002] mkfs.lustre mishandles SELinux context of temporary directory Created: 13/Aug/15  Updated: 24/Oct/16  Resolved: 14/Mar/16

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: Lustre 2.5.0, Lustre 2.7.0, Lustre 2.8.0
Fix Version/s: Lustre 2.9.0

Type: Bug Priority: Minor
Reporter: John Hammond Assignee: John Hammond
Resolution: Fixed Votes: 0
Labels: SELinux, utils

Issue Links:
Related
is related to LU-2655 Make ability to mount lustre server t... Resolved
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

After Shadow's patch for LU-2655 (see http://review.whamcloud.com/5135), in ldiskfs_write_ldd() if SELinux is enabled then the security context of the temporary mount point is appended to the mount options. Unfortunately this is done by appending the context to ldd_mount_opts and so it gets written into CONFIGS/mountdata.

# lsb_release -d
Description:	  CentOS Linux release 7.1.1503 (Core) 
# git describe
v2_7_57_0-60-g0addfa9
# getenforce
Enforcing
# insmod ./ldiskfs/ldiskfs.ko 
# dd if=/dev/zero of=/tmp/lustre-mdt1 bs=1K count=200000
200000+0 records in
200000+0 records out
204800000 bytes (205 MB) copied, 1.40722 s, 146 MB/s
# mkfs.lustre --fsname=lustre --mgs --mdt --index=0 /tmp/lustre-mdt1

   Permanent disk data:
Target:     lustre:MDT0000
Index:      0
Lustre FS:  lustre
Mount type: ldiskfs
Flags:      0x65
              (MDT MGS first_time update )
Persistent mount opts: user_xattr,errors=remount-ro
Parameters:

checking for existing Lustre data: not found
formatting backing filesystem ldiskfs on /dev/loop0
	   target name  lustre:MDT0000
	   4k blocks     0
	   options        -I 512 -i 2048 -q -O dirdata,uninit_bg,^extents,dir_nlink,quota,huge_file,flex_bg -E lazy_journal_init -F
mkfs_cmd = mke2fs -j -b 4096 -L lustre:MDT0000  -I 512 -i 2048 -q -O dirdata,uninit_bg,^extents,dir_nlink,quota,huge_file,flex_bg -E lazy_journal_init -F /dev/loop0
Writing CONFIGS/mountdata
# mount /tmp/lustre-mdt1 /mnt/mds1 -t ldiskfs -o loop
# hexdump -C /mnt/mds1/CONFIGS/mountdata 
00000000  01 00 d0 1d 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  01 00 00 00 65 00 00 00  00 00 00 00 01 00 00 00  |....e...........|
00000020  6c 75 73 74 72 65 00 00  00 00 00 00 00 00 00 00  |lustre..........|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000060  6c 75 73 74 72 65 3a 4d  44 54 30 30 30 30 00 00  |lustre:MDT0000..|
00000070  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00001000  75 73 65 72 5f 78 61 74  74 72 2c 65 72 72 6f 72  |user_xattr,error|
00001010  73 3d 72 65 6d 6f 75 6e  74 2d 72 6f 2c 63 6f 6e  |s=remount-ro,con|
00001020  74 65 78 74 3d 75 6e 63  6f 6e 66 69 6e 65 64 5f  |text=unconfined_|
00001030  75 3a 6f 62 6a 65 63 74  5f 72 3a 75 73 65 72 5f  |u:object_r:user_|
00001040  74 6d 70 5f 74 3a 73 30  00 00 00 00 00 00 00 00  |tmp_t:s0........|
00001050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00003000
# umount /mnt/mds1

Then when the device is mounted as lustre mount.lustre tries to clear the LDD_F_UPDATE flag from CONFIGS/mountdata, so we call ldiskfs_write_ldd() again which appends the context to the new temporary directory to ldd_mount_opts and uses the result as the options to mount the target as ldiskfs. This fails since the context option can only be specified once.

# LOAD=1 ./lustre/tests/llmount.sh
Loading modules from /root/lustre-release/lustre
...
# strace -f -o mount.strace -s 1024 mount /tmp/lustre-mdt1 /mnt/mds1 -t lustre -o loop
mount.lustre: Unable to mount /dev/loop0: Invalid argument

mount.lustre FATAL: failed to write local files: Invalid argument
# awk '$2 ~ /^mount/' mount.strace
8672  mount("/dev/loop0", "/tmp/mntACvy85", "ldiskfs", 0, "user_xattr,errors=remount-ro,context=unconfined_u:object_r:user_tmp_t:s0,context=unconfined_u:object_r:user_tmp_t:s0") = -1 EINVAL (Invalid argument)
8672  mount("/dev/loop0", "/mnt/mds1", "lustre", MS_STRICTATIME, "osd=osd-ldiskfs,user_xattr,errors=remount-ro,context=unconfined_u:object_r:user_tmp_t:s0,mgs,update,svname=lustre-MDT0000,device=/dev/loop0") = 0

mount.lustre does succeed but the LDD_F_UPDATE flag is never cleared.

# mount
...
/tmp/lustre-mdt1 on /mnt/mds1 type lustre (ro,seclabel)
# umount /mnt/mds1
# mount /tmp/lustre-mdt1 /mnt/mds1 -t lustre -o loop
mount.lustre: Unable to mount /dev/loop0: Invalid argument

mount.lustre FATAL: failed to write local files: Invalid argument
# mount
...
/tmp/lustre-mdt1 on /mnt/mds1 type lustre (ro,seclabel)


 Comments   
Comment by Joseph Gmitter (Inactive) [ 13/Aug/15 ]

John,
Assigning to you as I understand you are taking on this work.
Thanks.
Joe

Comment by Gerrit Updater [ 05/Feb/16 ]

Frederic Saunier (frederic.saunier@atos.net) uploaded a new patch: http://review.whamcloud.com/18319
Subject: LU-7002 utils: SELinux context repeated in mount opts
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 62cddd677017bad162a568202b5f8ac940424c1b

Comment by Gerrit Updater [ 14/Mar/16 ]

Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/18319/
Subject: LU-7002 utils: SELinux context repeated in mount opts
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: a40a4e630c515301497f409a491fd3eb6a715f01

Generated at Sat Feb 10 02:05:09 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.