[zfs-discuss] Caching, xattr, Docker, SELinux
gordan.bobic at gmail.com
Tue Apr 19 07:19:26 EDT 2016
It would appear that zfs receive doesn't expire/flush metadata entries for
xattrs. Specific setup I have:
zfs send data/files -> docker host
zfs receive data/files
data/files -> docker container
Note: data/files on docker host is set to readonly=on.
data/files thus requires svirt_sandbox_file_t SELinux context.
I do a send/receive but I forget to reset the context on the sending side.
The new files appear unreadable (all ???? in ls -la). So I go to the server
side, do restorecon on the files I added, do another send/receive, but in
the container it STILL appears as all ????.
The "fix" is to:
echo 3 > /proc/sys/vm/drop_caches
but that is really quite crippling on a busy server (it goes slowly until
the caches warm up again.
This seems like a bug - the SELinux context in the xattrs should get
expired if changed via zfs receive.
Has anyone else observed something like this? Could it be that readonly=on
is causing an over-optimization by assuming the data on the readonly FS
cannot change when in fact it can?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the zfs-discuss