You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What I'd like:
I would like to enable fscache in order to allow caching of NFS files. Currently my issue is that on running cachefilesd I either receive:
About to bind cache
CacheFiles bind failed: errno 13 (Permission denied)
or
About to bind cache
CacheFiles bind failed: errno 22 (Invalid argument)
The last happens if I specify, which should be the correct selinux policy to reference
secctx system_u:system_r:cachefiles_kernel_t:s0
It looks like the policy is missing in bottlerocket os:
I've been playing around with this, and I found a few things, but first some clarifications for others that find this issue:
It looks like the policy is missing in bottlerocket os
By default, the cachefilesd package will configure cachefiles_kernel_t as the SELinux context in /etc/cachefilesd.conf. You can skip this by commenting the line as follows:
# secctx system_u:system_r:cachefiles_kernel_t:s0
That will force the process to use the parent's SELinux context. The Bottlerocket SELinux policy is way different than the refpolicy which is what this project assumes is available in the host and therefore attempts to set the "standard" label for cachefilesd. This SELinux context isn't necessary as long as you use the correct SELinux context with the correct privilege, and with this lets move to my findings.
I first loaded the cachefiles kernel module, just as the systemd service for cachefilesd does:
What I'd like:
I would like to enable fscache in order to allow caching of NFS files. Currently my issue is that on running cachefilesd I either receive:
or
The last happens if I specify, which should be the correct selinux policy to reference
It looks like the policy is missing in bottlerocket os:
I appreciate if that policy could be added.
Related links:
Any alternatives you've considered:
The text was updated successfully, but these errors were encountered: