| 1 |
On Sun, 2003-11-16 at 15:52, Tad wrote: |
| 2 |
> I have been experimenting with running SELinux on filesystems other than |
| 3 |
> ext2 and ext3. My first attempt was with reiserfs(3.6) plus some patches |
| 4 |
> from SUSE. I was able to get it (sort of) working after I fixed a locking |
| 5 |
> issue. I found that it was a bit slow and tended to loose corrupt the |
| 6 |
> context label. I decided that the xattr patch for reiserfs was just to slow |
| 7 |
> and hackish. |
| 8 |
|
| 9 |
Its unfortunate that ReiserFS only has those patches. I'm told that |
| 10 |
Hans Reiser is against extended attributes, so Reiser4 may or may not |
| 11 |
have them. |
| 12 |
|
| 13 |
> To get SElinux to work on XFS all that seems needed is a minor change to |
| 14 |
> xfs_iops.[hc] so that it will recognize and allow security.* xattrs. I've |
| 15 |
> made the changes, and created a 2.4.21 kernel with XFS, the ea+acl patchset |
| 16 |
> and SElinux. |
| 17 |
> |
| 18 |
> I'm testing my changes right now and would like to know if anyone else is |
| 19 |
> interested in a SElinux+xfs combination. |
| 20 |
|
| 21 |
I myself don't use XFS; however, if you drop a link to your fixed XFS |
| 22 |
patches, and the patch to add the security. handling I'd be happy to |
| 23 |
look at them, and possibly add them to selinux-sources. It would be |
| 24 |
more difficult to add it to hardened-sources, but that is a possibility |
| 25 |
too. |
| 26 |
|
| 27 |
What would be even more useful is if you could create a patch for 2.6. |
| 28 |
Then we could test it, send it over to the NSA so they could try it out |
| 29 |
too. If we could get it into 2.6, that'd be great. It would probably |
| 30 |
have to be a configure option, like it is for ext[23]. |
| 31 |
|
| 32 |
-- |
| 33 |
Chris PeBenito |
| 34 |
<pebenito@g.o> |
| 35 |
Developer, |
| 36 |
Hardened Gentoo Linux |
| 37 |
Embedded Gentoo Linux |
| 38 |
|
| 39 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
| 40 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
Archives