On Fri, Apr 19, 2013 at 08:43:56PM +0200, Stephan Wiesand wrote:
> Hello,
> 
> On Apr 19, 2013, at 18:12 , Olivier Mauras wrote:
> 
> > On 2013-04-19 17:29, Fabrice BOYRIE wrote:
> >> [...]
> >> Bigger one: problem with selinux
> >> When I mount zfs volume, I've the following errors:
> >> SELinux: initialized (dev zfs, type zfs), not configured for labeling
> >> and even root can't write on the disk
> >>   
...
> >> 
> >>   How solves this problems ?
> >> 
> >> Thanks in advance
> >> 
> >> Fabrice BOYRIE
> >> 
> > Hello Fabrice,
> > 
> > While the patch is simple, the filesystem module is quite complicated and it would require quite some work to make a standalone module only for ZFS.
> > Sadly for now i think that it's simpler to patch the actual package than anything else
> 
> depending on your definition of "simple", mounting with "fscontext=" may actually be simpler. And it will work across policy updates.
> 
> > and as long as the upstream vendor doesn't explicitely support ZFS in their SELinux rule, you/we'll have to continue use a patched package.
> 
> If you believe the above patch is sufficient (I don't quite get the "Requires that a security xattr handler exist for the filesystem" part), filing a BZ with TUV would probably make sense.
> 
> Regards,
> 	Stephan
...

SELinux Integration
https://github.com/zfsonlinux/zfs/issues/220

Bug 811532 - feature request: add zfs to the list of xattr supported file systems 
https://bugzilla.redhat.com/show_bug.cgi?id=811532

issue on SELinux using xattrs
https://github.com/zfsonlinux/zfs/issues/671

btw you might need to bump the default 8k stack to 16k
https://github.com/zfsonlinux/zfs/issues/1354

Cheers,

Tru
-- 
Dr Tru Huynh          | http://www.pasteur.fr/recherche/unites/Binfs/
mailto:[log in to unmask] | tel/fax +33 1 45 68 87 37/19
Institut Pasteur, 25-28 rue du Docteur Roux, 75724 Paris CEDEX 15 France