FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 12-14-2009, 09:11 AM
Roberto Sassu
 
Default ecryptfs selinux labeling on Fedora 12

Hi all

i'm using Fedora12 and i have configured an ecryptfs filesystem.
I see that the default behaviour for this filesystem is to use an unique mount-
wide context (ecryptfs_t) to label each file.
There's a way to override this behaviour (for example by inserting a mount
parameter), in order to use the extended attributes on the lower filesystem or
patching the distributed selinux policy is the only option possible?

Thanks in advance for replies.
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-14-2009, 02:05 PM
Stephen Smalley
 
Default ecryptfs selinux labeling on Fedora 12

On Mon, 2009-12-14 at 11:11 +0100, Roberto Sassu wrote:
> Hi all
>
> i'm using Fedora12 and i have configured an ecryptfs filesystem.
> I see that the default behaviour for this filesystem is to use an unique mount-
> wide context (ecryptfs_t) to label each file.
> There's a way to override this behaviour (for example by inserting a mount
> parameter), in order to use the extended attributes on the lower filesystem or
> patching the distributed selinux policy is the only option possible?
>
> Thanks in advance for replies.

You'd have to modify, rebuild, and replace the base policy module to
specify fs_use_xattr for ecryptfs rather than genfscon. There was an
attempt to automate probing for xattr support and use it if present, but
it ran into problems, see:
http://marc.info/?t=121379726100001&r=1&w=2

--
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 12:57 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org