[zfs-discuss] Caching, xattr, Docker, SELinux

Gordan Bobic gordan.bobic at gmail.com
Tue Apr 19 07:19:26 EDT 2016


It would appear that zfs receive doesn't expire/flush metadata entries for
xattrs. Specific setup I have:

Data Server:
zfs send data/files -> docker host

Docker Host:
zfs receive data/files
data/files -> docker container
Note: data/files on docker host is set to readonly=on.

data/files thus requires svirt_sandbox_file_t SELinux context.

I do a send/receive but I forget to reset the context on the sending side.
The new files appear unreadable (all ???? in ls -la). So I go to the server
side, do restorecon on the files I added, do another send/receive, but in
the container it STILL appears as all ????.

The "fix" is to:
echo 3 > /proc/sys/vm/drop_caches
but that is really quite crippling on a busy server (it goes slowly until
the caches warm up again.

This seems like a bug - the SELinux context in the xattrs should get
expired if changed via zfs receive.

Has anyone else observed something like this? Could it be that readonly=on
is causing an over-optimization by assuming the data on the readonly FS
cannot change when in fact it can?

Gordan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.zfsonlinux.org/pipermail/zfs-discuss/attachments/20160419/10349385/attachment.html>


More information about the zfs-discuss mailing list