MAC subsystem and ZFS?

[Borja Marcos]

On Feb 11, 2009, at 6:52 PM, Robert Watson wrote:

> On Mon, 9 Feb 2009, Borja Marcos wrote:
>
>> On Feb 7, 2009, at 11:21 PM, Robert Watson wrote:
>>
>>>> I'm trying to upgrade the configuration of some web services,  
>>>> already using the MAC subsystem, to use ZFS instead of UFS, but I  
>>>> see that ZFS doesn't support MAC labels, even for a whole  
>>>> filesystem, which would be fine for me, I don't need multilabel  
>>>> support.
>>>> Any ideas? Have I missed anything?
>>> Hmmm.  Sounds like a bug -- all file systems should be able to  
>>> operate in single-label mode, even if they don't support EAs and  
>>> multilabel mode. Could you describe the symptoms you're  
>>> experiencing in a bit more detail?
>>
>> I can read the MAC label from a ZFS dataset, but cannot change it.  
>> Example follows:
> This is the expected behavior for a single-label file system -- that  
> is to say, a file system that doesn't support storing multiple  
> labels.  If EA support in ZFS is mature, it should be fairly  
> straight forward to implement multi-label support.  The following  
> changes were made to UFS/UFS2 to support per-file label storage:

Hmm. But, expected to be unable to change the label for the whole  
filesystem? (ZFS dataset = filesystem)

In my example, pool/test is a dataset, a separate filesystem.

I'm not dealing with multi-label support and I know there's a serious  
problem to implement such EAs in ZFS, as far as I know. ZFS is  
designed to be interoperable, and a ZFS pool created in, say, FreeBSD  
or Mac OS X should be perfectly readable for, for example, Solaris.  
What happens to this kind of attributes that cannot be understood by  
the others?

It's a pity that the usage of strong systems such as this MAC  
subsystem is only marginal... It's hard to standardize anything.





Borja.