| 1 |
On Wed, 2003-11-19 at 00:03, Tad wrote: |
| 2 |
> For anyone that is interested, I've created a patch to XFS that adds the |
| 3 |
> security.* extended attribute namespace needed by SElinux. |
| 4 |
|
| 5 |
> The other option was to add true support for the security namespace. |
| 6 |
|
| 7 |
Due to some prodding from Primer on IRC, I had a talk with a XFS |
| 8 |
developer in #xfs. And from what's been described, your implementation |
| 9 |
sounded correct. I created a patch for 2.6.0-test10 using your patch. |
| 10 |
I'll be seeing what the XFS people have to say about it. |
| 11 |
|
| 12 |
http://dev.gentoo.org/~pebenito/xfs-security-namespace-2.6.0-test10.diff |
| 13 |
|
| 14 |
I have lightly tested this, and it does work correctly with SELinux. |
| 15 |
The XFS line in the fs_use file in the policy would have to be |
| 16 |
uncommented, and the policy reloaded. If people are interested, you can |
| 17 |
try it out, but I wouldn't use it on anything important yet, in case |
| 18 |
things change. |
| 19 |
|
| 20 |
XFS mounting filesystem loop0 |
| 21 |
Ending clean XFS mount for filesystem: loop0 |
| 22 |
SELinux: initialized (dev loop0, type xfs), uses xattr |
| 23 |
|
| 24 |
> I haven't looked at xfsdump/xfsrestore so I don't know if they will require |
| 25 |
> changes. I'm hoping that they take the flags field whole and don't do |
| 26 |
> anything with it that could disrupt the new XFS_ATTR_SECURITY bit. |
| 27 |
|
| 28 |
I'll pass these concerns on to the XFS people. |
| 29 |
-- |
| 30 |
Chris PeBenito |
| 31 |
<pebenito@g.o> |
| 32 |
Developer, |
| 33 |
Hardened Gentoo Linux |
| 34 |
Embedded Gentoo Linux |
| 35 |
|
| 36 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
| 37 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
Archives