[Bug 1203114] New: /sbin/restorecon: Could not set context for XYZ: Read-only file system
https://bugzilla.suse.com/show_bug.cgi?id=1203114 Bug ID: 1203114 Summary: /sbin/restorecon: Could not set context for XYZ: Read-only file system Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel Assignee: rgoldwyn@suse.com Reporter: jslaby@suse.com QA Contact: qa-bugs@suse.de CC: dimstar@opensuse.org Found By: --- Blocker: --- MicroOS tests are failing with 5.19.6: https://openqa.opensuse.org/tests/2606876#step/disk_boot/7 It is because lots of these are generated (and the command likely doesn't succeed): [ 93.660582] dracut-pre-pivot[456]: /sbin/restorecon: Could not set context for /usr/lib/modules/5.19.6-1-default/kernel/drivers/usb/c67x00: Read-only file system [ 93.669734] dracut-pre-pivot[456]: /sbin/restorecon: Could not set context for /usr/lib/modules/5.19.6-1-default/kernel/drivers/usb/c67x00/c67x00.ko.zst: Read-only file system [ 93.681902] dracut-pre-pivot[456]: /sbin/restorecon: Could not set context for /usr/lib/modules/5.19.6-1-default/kernel/drivers/usb/cdns3: Read-only file system [ 93.688284] dracut-pre-pivot[456]: /sbin/restorecon: Could not set context for /usr/lib/modules/5.19.6-1-default/kernel/drivers/usb/cdns3/cdns-usb-common.ko.zst: Read-only file system I found this in the commit log: commit 0f72e355c4a0737691610c9d3e6d1a23324a51a4 Author: Goldwyn Rodrigues <rgoldwyn@suse.de> Date: Tue Aug 16 16:42:56 2022 -0500 btrfs: check if root is readonly while setting security xattr commit b51111271b0352aa596c5ae8faf06939e91b3b68 upstream. And if I revert it, the problem goes away. So somehow restorecon expects xattr to be working even on RO filesystem. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1203114 https://bugzilla.suse.com/show_bug.cgi?id=1203114#c1 Jiri Slaby <jslaby@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fvogt@suse.com, | |kukuk@suse.com --- Comment #1 from Jiri Slaby <jslaby@suse.com> --- CC microos-tools maintainers. This looks to be a bug in selinux-autorelabel-generator anyway. Changing a RO FS is not a good idea���. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1203114 https://bugzilla.suse.com/show_bug.cgi?id=1203114#c2 --- Comment #2 from Fabian Vogt <fvogt@suse.com> --- This is exactly the situation as outlined in https://bugzilla.suse.com/show_bug.cgi?id=1156421, microos-tools needs to be changed before the kernel behaviour change works for us. In this case I don't see a way around doing "btrfs prop set ro false" temporarily. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1203114 https://bugzilla.suse.com/show_bug.cgi?id=1203114#c3 Jiri Slaby <jslaby@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dsterba@suse.com, | |wqu@suse.com --- Comment #3 from Jiri Slaby <jslaby@suse.com> --- I am curious, can this help here: [PATCH v3 1/3] btrfs: enhance unsupported compat RO flags handling https://lore.kernel.org/all/1b3011f4b1bf4e60479568fcd3e090ea8b68d253.1660021... ? Seems not, but I don't know... -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1203114 https://bugzilla.suse.com/show_bug.cgi?id=1203114#c4 --- Comment #4 from Jiri Slaby <jslaby@suse.com> --- (In reply to Jiri Slaby from comment #0)
And if I revert it, the problem goes away.
OK, so this fixed the openQA microos tests too. Let's keep the revert in stable temporarily until this gets resolved somehow.
So somehow restorecon expects xattr to be working even on RO filesystem.
Yes, without that, attributes are not set from autorelabel and login is not possible = is denied. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1203114 https://bugzilla.suse.com/show_bug.cgi?id=1203114#c5 --- Comment #5 from Fabian Vogt <fvogt@suse.com> --- (In reply to Jiri Slaby from comment #3)
I am curious, can this help here: [PATCH v3 1/3] btrfs: enhance unsupported compat RO flags handling https://lore.kernel.org/all/1b3011f4b1bf4e60479568fcd3e090ea8b68d253. 1660021230.git.wqu@suse.com/ ? Seems not, but I don't know...
FWICT that is not related to read-only subvolumes, but rather to the compatibility level of the FS layout forcing read-only access. (In reply to Jiri Slaby from comment #4)
(In reply to Jiri Slaby from comment #0)
And if I revert it, the problem goes away.
OK, so this fixed the openQA microos tests too. Let's keep the revert in stable temporarily until this gets resolved somehow.
I adjusted microos-tools yesterday: https://build.opensuse.org/request/show/1001364 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1203114 https://bugzilla.suse.com/show_bug.cgi?id=1203114#c6 --- Comment #6 from Jiri Slaby <jslaby@suse.com> --- (In reply to Fabian Vogt from comment #5)
I adjusted microos-tools yesterday: https://build.opensuse.org/request/show/1001364
LGTM/works for me. When this reaches factory, I will drop the revert. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1203114 Goldwyn Rodrigues <rgoldwyn@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|rgoldwyn@suse.com |fvogt@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1203114 https://bugzilla.suse.com/show_bug.cgi?id=1203114#c7 --- Comment #7 from Jiri Slaby <jslaby@suse.com> --- (In reply to Jiri Slaby from comment #6)
I will drop the revert.
Done. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1203114 https://bugzilla.suse.com/show_bug.cgi?id=1203114#c8 Fabian Vogt <fvogt@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #8 from Fabian Vogt <fvogt@suse.com> --- All done. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com