chcon: failed to change context of ‘index.php’ to ‘system_u:object_r:httpd_sys_content_t:s0’: Operation not supported

[albrin]

Vagrant version

Installed Version: 1.9.1
Latest Version: 1.9.1

Host operating system

Выпуск: Windows 10 Pro
Версия: 1607
Тип системы: 64-разрядная операционная система, процессор x64
Яндекс.Диск: Версия 1.4.14 от 26.01.2017 Сборка 5242

Guest operating system

CentOS 7 (https://atlas.hashicorp.com/centos/boxes/7)

Vagrantfile

Vagrant.configure("2") do |config|
  config.vm.box = "centos/7"
  config.vm.hostname = "vagrant.box"

  config.vm.network :private_network, ip: "192.168.30.10"

  config.vm.synced_folder ".", "/vagrant",
    type: "nfs",
    mount_options: ['dmode=775','fmode=664']

  config.vm.provider "virtualbox" do |v|
    v.gui = false
    v.customize ["modifyvm", :id, "--memory", "1024"]
    v.customize ["modifyvm", :id, "--cpus", "2"]
  end

  config.vm.provision :shell, inline: <<-SHELL
    yum -y install epel-release
    yum -y install ansible
  SHELL

  config.vm.provision "ansible_local" do |ansible|
    ansible.inventory_path = "ansible/hosts"
    ansible.playbook = "ansible/site.yml"
    ansible.limit = 'all'
  end

  # Fix: For work private_network in CentrOS 7
  config.vm.provision "shell", run: "always", inline: "systemctl restart network.service"

  config.vm.provision :shell, inline: "echo Visit http://192.168.30.10 in your browser for to view the application."
end

Debug output

—

# ls -Z /vagrant
drwxrwxr-x. vagrant vagrant system_u:object_r:vmblock_t:s0   ansible
drwxrwxr-x. vagrant vagrant system_u:object_r:vmblock_t:s0   assets
-rw-rw-r--. vagrant vagrant system_u:object_r:vmblock_t:s0   LICENSE
drwxrwxr-x. vagrant vagrant system_u:object_r:vmblock_t:s0   public
-rw-rw-r--. vagrant vagrant system_u:object_r:vmblock_t:s0   README.md
-rw-rw-r--. vagrant vagrant system_u:object_r:vmblock_t:s0   Vagrantfile

Expected behavior

SELinux change context directory (/vagrant).

Actual behavior

# chcon -R -t httpd_sys_content_t /vagrant/public/
chcon: failed to change context of ‘index.php’ to ‘system_u:object_r:httpd_sys_content_t:s0’: Operation not supported
chcon: failed to change context of ‘/vagrant/public/’ to ‘system_u:object_r:httpd_sys_content_t:s0’: Operation not supported

Steps to reproduce

1. vagrant up
2. vagrant ssh
3. sudo su -
4. chcon -R -t httpd_sys_content_t /vagrant

References

"...Specifically, we will attempt to allow apache access to vmblock_t through a custom policy..." —
#6970
The above solution I see unnecessary.
I believe that the deployment and production environment should be identical.

P.S.:
Adding a configuration to a Vagrantfile on the mount_options

...
  config.vm.synced_folder ".", "/vagrant",
    type: "nfs",
    mount_options: ['dmode=775','fmode=664','context=system_u:object_r:httpd_sys_content_t:s0']
...

I get an error

D:\Projects\vagrant-centos7-lemp>vagrant reload
==> default: Attempting graceful shutdown of VM...
==> default: Checking if box 'centos/7' is up to date...
==> default: Clearing any previously set forwarded ports...
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
    default: Adapter 2: hostonly
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: Warning: Remote connection disconnect. Retrying...
==> default: Machine booted and ready!
[default] GuestAdditions 5.1.14 running --- OK.
==> default: Checking for guest additions in VM...
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
==> default: Mounting shared folders...
    default: /vagrant => D:/Projects/vagrant-centos7-lemp
Vagrant was unable to mount VirtualBox shared folders. This is usually
because the filesystem "vboxsf" is not available. This filesystem is
made available via the VirtualBox Guest Additions and kernel module.
Please verify that these guest additions are properly installed in the
guest. This is not a bug in Vagrant and is usually caused by a faulty
Vagrant box. For context, the command attempted was:

mount -t vboxsf -o dmode=775,fmode=664,context=system_u:object_r:httpd_sys_content_t:s0,uid=1000,gid=1000 vagrant /vagrant

The error output from the command was:

unknown mount option `context="system_u:object_r:httpd_sys_content_t:s0"'
valid options:
  rw         mount read write (default)
  ro         mount read only
  uid       =<arg> default file owner user id
  gid       =<arg> default file owner group id
  ttl       =<arg> time to live for dentry
  iocharset =<arg> i/o charset (default utf8)
  convertcp =<arg> convert share name from given charset to utf8
  dmode     =<arg> mode of all directories
  fmode     =<arg> mode of all regular files
  umask     =<arg> umask of directories and regular files
  dmask     =<arg> umask of directories
  fmask     =<arg> umask of regular files

[chrisroberts]

Hi there,

This is a limitation of vboxfs mounts. A workaround may be to use something like rsync for synced folders instead.

Cheers!

[apolopena]

My vagrant rsync for synced folders workaround looked like this in the vagrantfile
config.vm.synced_folder "host/sync/location", "/guest/sync/location", :owner => "root", :group => "root", type: "rsync", rsync__exclude: [".git", ".DS_Store"], rsync__args:["-avz", "--rsync-path='sudo rsync'"]

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.