[lustre-discuss] seclabel

[Sebastien Buisson]

From Lustre 2.8, we have basic support of SELinux on Lustre client side. It means Lustre stores the security context of files in extended attributes. In this way Lustre supports seclabel.
In Lustre 2.9, an additional enhancement for SELinux support was landed.

Which version are you using?

Cheers,
Sebastien.

> Le 15 mai 2017 à 14:39, E.S. Rosenberg <esr+lustre at mail.hebrew.edu> a écrit :
> 
> Hi Robin,
> Did you ever solve this?
> We are considering trying root-on-lustre but that would be a deal-breaker.
> Thanks,
> Eli
> 
> On Sat, Mar 4, 2017 at 9:38 AM, Dilger, Andreas <andreas.dilger at intel.com> wrote:
> On Mar 2, 2017, at 05:55, Robin Humble <rjh+lustre at cita.utoronto.ca> wrote:
> >
> > Hiya,
> >
> > I'm updating an image for a root-on-lustre cluster from centos6 to 7
> > and I've hit a little snag. I can't seem to mount lustre so that it
> > understands seclabel. ie. setcap/getcap don't work. the upshot is that
> > root can use ping (and a few other tools), but users can't.
> >
> > any idea what I'm doing wrong?
> >
> > from what little I understand about it I think seclabel is a form of
> > xattr.
> 
> I try to stay away from that myself, but newer Lustre clients support SELinux
> and similar things.  You probably need to strace and/or collect some kernel
> debug logs (maybe with debug=-1 set) to see where the error is being generated.
> 
> Cheers, Andreas
> --
> Andreas Dilger
> Lustre Principal Architect
> Intel Corporation
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> lustre-discuss mailing list
> lustre-discuss at lists.lustre.org
> http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
> 
> _______________________________________________
> lustre-discuss mailing list
> lustre-discuss at lists.lustre.org
> http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org