1 |
On Wed, 2003-11-19 at 00:03, Tad wrote: |
2 |
> For anyone that is interested, I've created a patch to XFS that adds the |
3 |
> security.* extended attribute namespace needed by SElinux. |
4 |
|
5 |
> The other option was to add true support for the security namespace. |
6 |
|
7 |
Due to some prodding from Primer on IRC, I had a talk with a XFS |
8 |
developer in #xfs. And from what's been described, your implementation |
9 |
sounded correct. I created a patch for 2.6.0-test10 using your patch. |
10 |
I'll be seeing what the XFS people have to say about it. |
11 |
|
12 |
http://dev.gentoo.org/~pebenito/xfs-security-namespace-2.6.0-test10.diff |
13 |
|
14 |
I have lightly tested this, and it does work correctly with SELinux. |
15 |
The XFS line in the fs_use file in the policy would have to be |
16 |
uncommented, and the policy reloaded. If people are interested, you can |
17 |
try it out, but I wouldn't use it on anything important yet, in case |
18 |
things change. |
19 |
|
20 |
XFS mounting filesystem loop0 |
21 |
Ending clean XFS mount for filesystem: loop0 |
22 |
SELinux: initialized (dev loop0, type xfs), uses xattr |
23 |
|
24 |
> I haven't looked at xfsdump/xfsrestore so I don't know if they will require |
25 |
> changes. I'm hoping that they take the flags field whole and don't do |
26 |
> anything with it that could disrupt the new XFS_ATTR_SECURITY bit. |
27 |
|
28 |
I'll pass these concerns on to the XFS people. |
29 |
-- |
30 |
Chris PeBenito |
31 |
<pebenito@g.o> |
32 |
Developer, |
33 |
Hardened Gentoo Linux |
34 |
Embedded Gentoo Linux |
35 |
|
36 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
37 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |