ecryptfs selinux labeling on Fedora 12
On Mon, 2009-12-14 at 11:11 +0100, Roberto Sassu wrote:
> Hi all
> i'm using Fedora12 and i have configured an ecryptfs filesystem.
> I see that the default behaviour for this filesystem is to use an unique mount-
> wide context (ecryptfs_t) to label each file.
> There's a way to override this behaviour (for example by inserting a mount
> parameter), in order to use the extended attributes on the lower filesystem or
> patching the distributed selinux policy is the only option possible?
> Thanks in advance for replies.
You'd have to modify, rebuild, and replace the base policy module to
specify fs_use_xattr for ecryptfs rather than genfscon. There was an
attempt to automate probing for xattr support and use it if present, but
it ran into problems, see:
National Security Agency
fedora-selinux-list mailing list