[LU-7002] mkfs.lustre mishandles SELinux context of temporary directory

Related — Mon, 24 Oct 2016 16:08:37 +0000

After Shadow's patch for ~~LU-2655~~ (see http://review.whamcloud.com/5135), in ldiskfs_write_ldd() if SELinux is enabled then the security context of the temporary mount point is appended to the mount options. Unfortunately this is done by appending the context to ldd_mount_opts and so it gets written into CONFIGS/mountdata.

# lsb_release -d
Description:	  CentOS Linux release 7.1.1503 (Core) 
# git describe
v2_7_57_0-60-g0addfa9
# getenforce
Enforcing
# insmod ./ldiskfs/ldiskfs.ko 
# dd if=/dev/zero of=/tmp/lustre-mdt1 bs=1K count=200000
200000+0 records in
200000+0 records out
204800000 bytes (205 MB) copied, 1.40722 s, 146 MB/s
# mkfs.lustre --fsname=lustre --mgs --mdt --index=0 /tmp/lustre-mdt1

   Permanent disk data:
Target:     lustre:MDT0000
Index:      0
Lustre FS:  lustre
Mount type: ldiskfs
Flags:      0x65
              (MDT MGS first_time update )
Persistent mount opts: user_xattr,errors=remount-ro
Parameters:

checking for existing Lustre data: not found
formatting backing filesystem ldiskfs on /dev/loop0
	   target name  lustre:MDT0000
	   4k blocks     0
	   options        -I 512 -i 2048 -q -O dirdata,uninit_bg,^extents,dir_nlink,quota,huge_file,flex_bg -E lazy_journal_init -F
mkfs_cmd = mke2fs -j -b 4096 -L lustre:MDT0000  -I 512 -i 2048 -q -O dirdata,uninit_bg,^extents,dir_nlink,quota,huge_file,flex_bg -E lazy_journal_init -F /dev/loop0
Writing CONFIGS/mountdata
# mount /tmp/lustre-mdt1 /mnt/mds1 -t ldiskfs -o loop
# hexdump -C /mnt/mds1/CONFIGS/mountdata 
00000000  01 00 d0 1d 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  01 00 00 00 65 00 00 00  00 00 00 00 01 00 00 00  |....e...........|
00000020  6c 75 73 74 72 65 00 00  00 00 00 00 00 00 00 00  |lustre..........|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000060  6c 75 73 74 72 65 3a 4d  44 54 30 30 30 30 00 00  |lustre:MDT0000..|
00000070  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00001000  75 73 65 72 5f 78 61 74  74 72 2c 65 72 72 6f 72  |user_xattr,error|
00001010  73 3d 72 65 6d 6f 75 6e  74 2d 72 6f 2c 63 6f 6e  |s=remount-ro,con|
00001020  74 65 78 74 3d 75 6e 63  6f 6e 66 69 6e 65 64 5f  |text=unconfined_|
00001030  75 3a 6f 62 6a 65 63 74  5f 72 3a 75 73 65 72 5f  |u:object_r:user_|
00001040  74 6d 70 5f 74 3a 73 30  00 00 00 00 00 00 00 00  |tmp_t:s0........|
00001050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00003000
# umount /mnt/mds1

Then when the device is mounted as lustre mount.lustre tries to clear the LDD_F_UPDATE flag from CONFIGS/mountdata, so we call ldiskfs_write_ldd() again which appends the context to the new temporary directory to ldd_mount_opts and uses the result as the options to mount the target as ldiskfs. This fails since the context option can only be specified once.

# LOAD=1 ./lustre/tests/llmount.sh
Loading modules from /root/lustre-release/lustre
...
# strace -f -o mount.strace -s 1024 mount /tmp/lustre-mdt1 /mnt/mds1 -t lustre -o loop
mount.lustre: Unable to mount /dev/loop0: Invalid argument

mount.lustre FATAL: failed to write local files: Invalid argument
# awk '$2 ~ /^mount/' mount.strace
8672  mount("/dev/loop0", "/tmp/mntACvy85", "ldiskfs", 0, "user_xattr,errors=remount-ro,context=unconfined_u:object_r:user_tmp_t:s0,context=unconfined_u:object_r:user_tmp_t:s0") = -1 EINVAL (Invalid argument)
8672  mount("/dev/loop0", "/mnt/mds1", "lustre", MS_STRICTATIME, "osd=osd-ldiskfs,user_xattr,errors=remount-ro,context=unconfined_u:object_r:user_tmp_t:s0,mgs,update,svname=lustre-MDT0000,device=/dev/loop0") = 0

mount.lustre does succeed but the LDD_F_UPDATE flag is never cleared.

# mount
...
/tmp/lustre-mdt1 on /mnt/mds1 type lustre (ro,seclabel)
# umount /mnt/mds1
# mount /tmp/lustre-mdt1 /mnt/mds1 -t lustre -o loop
mount.lustre: Unable to mount /dev/loop0: Invalid argument

mount.lustre FATAL: failed to write local files: Invalid argument
# mount
...
/tmp/lustre-mdt1 on /mnt/mds1 type lustre (ro,seclabel)

Whamcloud Community JIRA

[LU-7002] mkfs.lustre mishandles SELinux context of temporary directory