gfs2_quota, gfs2_jadd, gfs2_grow, or "gfs2_tool journals" fails and the logs show "SELinux: mount invalid. Same superblock, different security settings for (dev X, type gfs2)" in a RHEL 6 Resilient Storage cluster

Solution Unverified - Updated -

Environment

  • Red Hat Enterprise Linux (RHEL) 6 with the Resilient Storage Add On
  • SELinux="enabled" or "permissive" in /etc/sysconfig/selinux
  • GFS2 file system mounted using the context=<context> mount option
  • Using gfs2_quota, gfs2_grow, gfs2_jadd, or gfs2_tool journals

Issue

  • Using gfs2_quota fails with "device or resource busy"
  • Why do I see an "SELinux: mount invalid" error when using certain gfs2-related utilties?
# gfs2_quota list -f /data
Error mounting GFS2 metafs: Device or resource busy
Jul 11 13:34:31 node1 kernel: SELinux: mount invalid.  Same superblock, different security settings for (dev dm-9, type gfs2)

Resolution

Workaround: Do not use the context mount option for GFS2 file systems.

Root Cause

This is currently being investigated by Red Hat in Bugzilla #1121693.

The cause of this issue is a security feature in SELinux that prevents mounting the same file system twice using different security contexts. This is disallowed because otherwise, there would be overlap where one could access the same data in different places with different contexts.

With GFS2, the usage of a context in the mount options is problematic, because several GFS2 utilities like gfs2_quota, gfs2_jadd, gfs2_grow, and gfs2_tool journals will mount what's known as the "metafs", which is basically a small hidden directory within the larger GFS2 file system that holds important files like the journals, the statfs file, the quota file, and others. Technically the kernel sees this as mounting the same fs superblock in two different places, and because these GFS2 utilities don't properly copy the context from the mount options on the parent fs, you end up triggering the SELinux detection.

NOTE: Enabling SELinux handling on GFS2 is not considered supported

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.