systemd-nspawn: dont try to mount non existing selinux directories #4569

Merged
merged 1 commit into from Nov 7, 2016

Projects

None yet

3 participants

@tblume
Contributor
tblume commented Nov 4, 2016

The #ifdef HAVE_SELINUX is not sufficient to cover the case when selinux is shipped
but not installed or not activated.
Suggesting to replace the ifdef by a check whether /sys/fs/selinux is present.
This avoids unnecessary error messages from failing mounts.

src/nspawn/nspawn-mount.c
+ if (streq_ptr(mount_table[k].where, "/sys/fs/selinux") && is_dir("/sys/fs/selinux", true) < 0) {
+ log_debug("SELINUX not active, skipping selinux mounts.");
+ continue;
+ }
@poettering
poettering Nov 4, 2016 Member

this sounds unnecessary. the "fatal" bool in the table for the two selinux entries is "false", hence we try the mount, it fails, but we don't mind.

Or are you saying that the log messages generated in this case have a too high log level?

@poettering
poettering Nov 4, 2016 Member

(if the log messages are generated with a too high log level, we should fix that really)

@tblume
tblume Nov 4, 2016 Contributor

Indeed, the thing that disturbs are the mount failure warnings.
On the other hand I see that the mount_verbose function was explicitly introduced to get more descriptive warnings from failing mounts.
Therefore I thought that just suppressing warnings from failing mounts wouldn't be the way to go.

@tblume
tblume Nov 4, 2016 Contributor

So, would you agree then to replace the LOG_WARNING in the mount_verbose call by LOG_DEBUG?

@poettering
poettering Nov 4, 2016 Member

well, depends. I'd downgrade it to LOG_DEBUG if "fatal" is set to false for the entry. @keszybz opinions?

@keszybz
keszybz Nov 5, 2016 Member

Yeah, LOG_DEBUG is reasonable.

@tblume tblume systemd-nspawn: decrease non-fatal mount errors to debug level
non-fatal mount errors shouldn't be logged as warnings.
43009af
@tblume
Contributor
tblume commented Nov 7, 2016

Ok, thanks, I have updated my commit.

@keszybz keszybz merged commit bdb4e0c into systemd:master Nov 7, 2016

5 checks passed

default Build finished.
Details
semaphoreci The build passed on Semaphore.
Details
xenial-amd64 autopkgtest finished (success)
Details
xenial-i386 autopkgtest finished (success)
Details
xenial-s390x autopkgtest finished (success)
Details
@tblume tblume deleted the tblume:systemd-nspawn-mount-error2 branch Jan 17, 2017
@Werkov Werkov pushed a commit to Werkov/systemd that referenced this pull request Jan 26, 2017
@tblume @fbuihuu tblume + fbuihuu systemd-nspawn: decrease non-fatal mount errors to debug level (#4569)
non-fatal mount errors shouldn't be logged as warnings.
(cherry picked from commit bdb4e0c)

[tblume: fixes bsc#1004289]
bbf60e2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment