1 |
On 29/01/2013 13:14, Duncan wrote: |
2 |
> For at least reiserfs, and presumably for ext4, since it has |
3 |
> similar kconfig options, *_FS_XATTR isn't enough, |
4 |
> *_FS_SECURITY must be enabled as well. |
5 |
|
6 |
Good point, even I forgot that it's part of security labels rather than |
7 |
xattr strict (funnily enough, PaX wasn't last time I checked). |
8 |
|
9 |
> Unfortunately, kernel-help for *_FS_SECURITY implies that it only needs |
10 |
> to be enabled for SELinux or the like, recommending that it be disabled |
11 |
> if you're not running such modules. Is it worth filing an upstream |
12 |
> mainline kernel bug on that as well, suggesting that it mention file-caps |
13 |
> as well? |
14 |
|
15 |
Most likely a good idea. |
16 |
|
17 |
-- |
18 |
Diego Elio Pettenò — Flameeyes |
19 |
flameeyes@×××××××××.eu — http://blog.flameeyes.eu/ |