Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 10 May 2002 22:44:45 -0700 (PDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 11155 for review
Message-ID:  <200205110544.g4B5ij801583@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=11155

Change 11155 by rwatson@rwatson_paprika on 2002/05/10 22:43:48

	Document some useful recovery procedures if your extended attribute
	file gets toasted, or if the label format changes out from under
	you.  Fear the voice of experience.

Affected files ...

... //depot/projects/trustedbsd/mac/MACREADME#18 edit

Differences ...

==== //depot/projects/trustedbsd/mac/MACREADME#18 (text+ko) ====

@@ -105,7 +105,10 @@
 gate label set requests, and the resulting labels on disk may be
 invalid, resulting in a panic.  Instead, make sure to reinitialize all
 of the "freebsd.mac" attributes to their default (with extattrctl(8))
-before starting them again on the new kernel.
+before starting them again on the new kernel.  Using the
+security.mac.debug_label_fallback tunable/sysctl will permit the
+MAC framework to ignore certain classes of poorly initialized labels,
+but not all.
 
 Don't downgrade a UFS-based filesystem from multilevel to singlelevel,
 and then back to multilevel without a reboot.  The label cache can
@@ -127,3 +130,15 @@
 
 before running mergemaster, as mergemaster gets confused if a
 file is replaced with a directory.
+
+Things to try if things go wrong
+--------------------------------
+
+- If your filesystems are multilevel and you toast the label data
+  (or get caught up in a label format upgrade), set
+  security.mac.debug_label_fallback (tunable or sysctl) to 1,
+  and on discovery of a corrupted label, the MAC framework will
+  fall backi to the per-mount label.  Boot the system and delete
+  or upgrade the extended attribute backing files to the new
+  format.  Alternatively, boot the system and remove the
+  multilevel flags from /etc/fstab.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205110544.g4B5ij801583>