[lustre-discuss] seclabel

E.S. Rosenberg esr+lustre at mail.hebrew.edu
Tue May 16 05:26:29 PDT 2017


I hope to move us to 2.9 in the very near future, currently 2.8

On Tue, May 16, 2017 at 11:17 AM, Sebastien Buisson <sbuisson at ddn.com>
wrote:

> From Lustre 2.8, we have basic support of SELinux on Lustre client side.
> It means Lustre stores the security context of files in extended
> attributes. In this way Lustre supports seclabel.
> In Lustre 2.9, an additional enhancement for SELinux support was landed.
>
> Which version are you using?
>
> Cheers,
> Sebastien.
>
> > Le 15 mai 2017 à 14:39, E.S. Rosenberg <esr+lustre at mail.hebrew.edu> a
> écrit :
> >
> > Hi Robin,
> > Did you ever solve this?
> > We are considering trying root-on-lustre but that would be a
> deal-breaker.
> > Thanks,
> > Eli
> >
> > On Sat, Mar 4, 2017 at 9:38 AM, Dilger, Andreas <
> andreas.dilger at intel.com> wrote:
> > On Mar 2, 2017, at 05:55, Robin Humble <rjh+lustre at cita.utoronto.ca>
> wrote:
> > >
> > > Hiya,
> > >
> > > I'm updating an image for a root-on-lustre cluster from centos6 to 7
> > > and I've hit a little snag. I can't seem to mount lustre so that it
> > > understands seclabel. ie. setcap/getcap don't work. the upshot is that
> > > root can use ping (and a few other tools), but users can't.
> > >
> > > any idea what I'm doing wrong?
> > >
> > > from what little I understand about it I think seclabel is a form of
> > > xattr.
> >
> > I try to stay away from that myself, but newer Lustre clients support
> SELinux
> > and similar things.  You probably need to strace and/or collect some
> kernel
> > debug logs (maybe with debug=-1 set) to see where the error is being
> generated.
> >
> > Cheers, Andreas
> > --
> > Andreas Dilger
> > Lustre Principal Architect
> > Intel Corporation
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > lustre-discuss mailing list
> > lustre-discuss at lists.lustre.org
> > http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
> >
> > _______________________________________________
> > lustre-discuss mailing list
> > lustre-discuss at lists.lustre.org
> > http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lustre.org/pipermail/lustre-discuss-lustre.org/attachments/20170516/e8008eda/attachment.htm>


More information about the lustre-discuss mailing list