Rob Norris
3ca81f610b
Normally, kernel gives any LSM registering a `sb_eat_lsm_opts` hook a
first look at mount options coming in from a userspace mount request.
The LSM may process and/or remove any options. Whatever is left is
passed to the filesystem.
This is how the dataset properties `context`, `fscontext`, `defcontext`
and `rootcontext` are used to configure ZFS mounts for SELinux. libzfs
will fetch those properties from the dataset, then add them to the mount
options.
In 0f608aa6ca (#18216) we added our own mount shims to cover the loss of
the kernel-provided ones. It turns out that if a filesystem provides a
`.parse_monolithic callback`, it is expected to do _all_ mount option
parameter processing - the kernel will not get involved at all. Because
of that, LSMs are never given a chance to process mount options. The
`context` properties are never seen by SELinux, nor are any other
options targetting other LSMs.
Fix this by calling `security_sb_eat_lsm_opts()` in
`zpl_parse_monolithic()`, before we stash the remaining options for
`zfs_domount()`.
Sponsored-by: TrueNAS
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Rob Norris <rob.norris@truenas.com>
Closes #18376
OpenZFS is an advanced file system and volume manager which was originally developed for Solaris and is now maintained by the OpenZFS community. This repository contains the code for running OpenZFS on Linux and FreeBSD.
Official Resources
- Documentation - for using and developing this repo
- ZoL site - Linux release info & links
- Mailing lists
- OpenZFS site - for conference videos and info on other platforms (illumos, OSX, Windows, etc)
Installation
Full documentation for installing OpenZFS on your favorite operating system can be found at the Getting Started Page.
Contribute & Develop
We have a separate document with contribution guidelines.
We have a Code of Conduct.
Release
OpenZFS is released under a CDDL license.
For more details see the NOTICE, LICENSE and COPYRIGHT files; UCRL-CODE-235197
Supported Kernels and Distributions
Linux
Given the wide variety of Linux environments, we prioritize development and testing on stable, supported kernels and distributions.
Kernel (kernel.org)
All longterm kernels from kernel.org are supported. stable kernels are usually supported in the next OpenZFS release.
Supported longterm kernels: 6.18, 6.12, 6.6, 6.1, 5.15, 5.10.
Red Hat Enterprise Linux (RHEL)
All RHEL (and compatible systems: AlmaLinux OS, Rocky Linux, etc) on the full or maintenance support tracks are supported.
Supported RHEL releases: 8.10, 9.7, 10.1.
Ubuntu
All Ubuntu LTS releases are supported.
Supported Ubuntu releases: 24.04 “Noble”, 22.04 “Jammy”.
Debian
All Debian stable and LTS releases are supported.
Supported Debian releases: 13 “Trixie”, 12 “Bookworm”, 11 “Bullseye”.
Other Distributions
Generally, if a distribution is following an LTS kernel, it should work well with OpenZFS.
FreeBSD
All FreeBSD releases receiving security support are supported by OpenZFS.
Supported FreeBSD releases: 15.0, 14.3, 13.5.