1 |
On Sun, 2003-11-16 at 15:52, Tad wrote: |
2 |
> I have been experimenting with running SELinux on filesystems other than |
3 |
> ext2 and ext3. My first attempt was with reiserfs(3.6) plus some patches |
4 |
> from SUSE. I was able to get it (sort of) working after I fixed a locking |
5 |
> issue. I found that it was a bit slow and tended to loose corrupt the |
6 |
> context label. I decided that the xattr patch for reiserfs was just to slow |
7 |
> and hackish. |
8 |
|
9 |
Its unfortunate that ReiserFS only has those patches. I'm told that |
10 |
Hans Reiser is against extended attributes, so Reiser4 may or may not |
11 |
have them. |
12 |
|
13 |
> To get SElinux to work on XFS all that seems needed is a minor change to |
14 |
> xfs_iops.[hc] so that it will recognize and allow security.* xattrs. I've |
15 |
> made the changes, and created a 2.4.21 kernel with XFS, the ea+acl patchset |
16 |
> and SElinux. |
17 |
> |
18 |
> I'm testing my changes right now and would like to know if anyone else is |
19 |
> interested in a SElinux+xfs combination. |
20 |
|
21 |
I myself don't use XFS; however, if you drop a link to your fixed XFS |
22 |
patches, and the patch to add the security. handling I'd be happy to |
23 |
look at them, and possibly add them to selinux-sources. It would be |
24 |
more difficult to add it to hardened-sources, but that is a possibility |
25 |
too. |
26 |
|
27 |
What would be even more useful is if you could create a patch for 2.6. |
28 |
Then we could test it, send it over to the NSA so they could try it out |
29 |
too. If we could get it into 2.6, that'd be great. It would probably |
30 |
have to be a configure option, like it is for ext[23]. |
31 |
|
32 |
-- |
33 |
Chris PeBenito |
34 |
<pebenito@g.o> |
35 |
Developer, |
36 |
Hardened Gentoo Linux |
37 |
Embedded Gentoo Linux |
38 |
|
39 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
40 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |