Is there any downside to running xfs with selinux?
I'm just testing(playing) with test2 and I was thinking of using lvm/xfs/selinux. Choosing xfs because it is a good fs and easier to grow online than ext3. Plus I'm just testing :)
On Fri, 2004-10-08 at 13:23, Justin Conover wrote:
Is there any downside to running xfs with selinux?
I'm just testing(playing) with test2 and I was thinking of using lvm/xfs/selinux. Choosing xfs because it is a good fs and easier to grow online than ext3. Plus I'm just testing :)
We haven't tried xfs with SELinux ourselves, but it _should_ work. Please report any problems. It has xattr handlers for the security namespace. There was an earlier problem with xfs preventing SELinux from internally accessing the xattrs, but I believe that has been fixed.
On Fri, 2004-10-08 at 13:29 -0400, Stephen Smalley wrote:
On Fri, 2004-10-08 at 13:23, Justin Conover wrote:
Is there any downside to running xfs with selinux?
I'm just testing(playing) with test2 and I was thinking of using lvm/xfs/selinux. Choosing xfs because it is a good fs and easier to grow online than ext3. Plus I'm just testing :)
We haven't tried xfs with SELinux ourselves, but it _should_ work. Please report any problems. It has xattr handlers for the security namespace. There was an earlier problem with xfs preventing SELinux from internally accessing the xattrs, but I believe that has been fixed.
The one catch is to use a larger inode size; 512 should be sufficient. XFS stores the xattr in the inode if there's enough space in it. Otherwise it has to allocate a whole block to store the xattr, which incurs a performance penalty and a waste of space. The default size (256) isn't big enough for the context. So when you mkfs, add -i size=512 to the command line options.
How does Fedora handle the size, does it use 256 or 512 be default? If its 256, shouldn't they change this?
On Fri, 08 Oct 2004 13:51:00 -0400, Christopher J. PeBenito cpebenito@tresys.com wrote:
On Fri, 2004-10-08 at 13:29 -0400, Stephen Smalley wrote:
On Fri, 2004-10-08 at 13:23, Justin Conover wrote:
Is there any downside to running xfs with selinux?
I'm just testing(playing) with test2 and I was thinking of using lvm/xfs/selinux. Choosing xfs because it is a good fs and easier to grow online than ext3. Plus I'm just testing :)
We haven't tried xfs with SELinux ourselves, but it _should_ work. Please report any problems. It has xattr handlers for the security namespace. There was an earlier problem with xfs preventing SELinux from internally accessing the xattrs, but I believe that has been fixed.
The one catch is to use a larger inode size; 512 should be sufficient. XFS stores the xattr in the inode if there's enough space in it. Otherwise it has to allocate a whole block to store the xattr, which incurs a performance penalty and a waste of space. The default size (256) isn't big enough for the context. So when you mkfs, add -i size=512 to the command line options.
-- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150
On Sat, 2004-10-09 at 12:37 -0500, Justin Conover wrote:
How does Fedora handle the size, does it use 256 or 512 be default? If its 256, shouldn't they change this?
It uses the default 256. I have several filesystems I built with 256 inode size, but I have had no problems running selinux with it.. presumably I do have wasted space and performance decreases but it is not noticeable in normal use. I suspect a benchmark would have to be used to see it. I do notice that compared to my ext3 setup before I do have much lower cpu usage on file moves across filesystems, so I'm pleased with XFS, but the performance difference between them is debatable (and has been here before).
Perhaps it should be changed yes, I was unaware of the issue before I created the filesystems.
On Fri, 08 Oct 2004 13:51:00 -0400, Christopher J. PeBenito cpebenito@tresys.com wrote:
On Fri, 2004-10-08 at 13:29 -0400, Stephen Smalley wrote:
On Fri, 2004-10-08 at 13:23, Justin Conover wrote:
Is there any downside to running xfs with selinux?
I'm just testing(playing) with test2 and I was thinking of using lvm/xfs/selinux. Choosing xfs because it is a good fs and easier to grow online than ext3. Plus I'm just testing :)
We haven't tried xfs with SELinux ourselves, but it _should_ work. Please report any problems. It has xattr handlers for the security namespace. There was an earlier problem with xfs preventing SELinux from internally accessing the xattrs, but I believe that has been fixed.
The one catch is to use a larger inode size; 512 should be sufficient. XFS stores the xattr in the inode if there's enough space in it. Otherwise it has to allocate a whole block to store the xattr, which incurs a performance penalty and a waste of space. The default size (256) isn't big enough for the context. So when you mkfs, add -i size=512 to the command line options.
-- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
On Sunday 10 October 2004 05:53, Andrew Farris fedora@andrewfarris.com wrote:
On Sat, 2004-10-09 at 12:37 -0500, Justin Conover wrote:
How does Fedora handle the size, does it use 256 or 512 be default? If its 256, shouldn't they change this?
It uses the default 256. I have several filesystems I built with 256 inode size, but I have had no problems running selinux with it.. presumably I do have wasted space and performance decreases but it is not noticeable in normal use.
That depends on your situation. I first heard of the issue when someone reported on IRC that they tried installing SE Linux on an XFS system and it used up all their free disk space and made their system virtually unusable as a result.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120622
Above is a bug report I filed requesting that 512 bytes be the default.
selinux@lists.fedoraproject.org
-
Andrew Farris -
Christopher J. PeBenito -
Justin Conover -
Russell Coker -
Stephen Smalley