[gpfsug-discuss] selinux context

[Valdis Kl=?utf-8?Q?=c4=93?=tnieks]

On Fri, 22 May 2020 07:47:45 -0000, "Talamo Ivano Giuseppe (PSI)" said:
> After having done this on one node, the context on the directory is the expec
> expected one (system_u:object_r:home_root_t:s0). And everything works as expected (a
> new user logs in and his directory is created).
> But on all the other nodes of the cluster still the old context is shown
> (system_u:object_r:unlabeled_t:s0). Unless I run the restorecon on them too.

> Furthermore, since the filesystem is a remote-cluster mount, on all the nodes
> on the central (storage) cluster, the corrent (home_root_t) context is shown.

> I was expecting the SElinux context to be stored in the inodes, but now the
> situation looks mixed and I’m puzzled.

I suspect the issue is that the other nodes have that inode cached already, and
they don't find out that that the SELinux context has been changed.  I can't
tell from here from whether GPFS is failing to realize that a context change
means the old inode is stale just like any other inode change, or if there's
something else that has gone astray.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20200524/6faa5db6/attachment-0002.sig>