1 |
There is an upcoming problem for SELinux users that use reiserfs. The |
2 |
new SELinux API that was accepted into 2.6 uses extended attributes with |
3 |
security labels for labeling files. This SELinux API has been backported |
4 |
to 2.4 (present in masked selinux-sources-2.4.21-r2). Ext3 already has |
5 |
these required extended attribute features, but reiserfs does not, |
6 |
meaning you cannot use reiserfs with the new API SELinux. No one is |
7 |
interested in making reiserfs work; even Hans Reiser says to wait till |
8 |
Reiser4. |
9 |
|
10 |
I want to get everyone converted to the new API because it will |
11 |
significantly more difficult supporting both APIs, especially since |
12 |
there are different sets of userland patches. The NSA doesn't maintain |
13 |
the old API either. But this reiserfs problem is a blocker. SuSE has |
14 |
some reiserfs patches for extended attributes, but they lack security |
15 |
labels. I've been trying to add on the security labels to the SuSE |
16 |
patches, but have not been successful. |
17 |
|
18 |
So this is a notice to reiserfs users. It might be a good idea to |
19 |
convert your systems to ext3, if possible. We do want to support |
20 |
reiserfs, but it may not be doable till 2.6/Reiser4. |
21 |
|
22 |
If any kernel people are interested in helping to get this to work, let |
23 |
me know, it would be a huge help. |
24 |
|
25 |
-- |
26 |
Chris PeBenito |
27 |
<pebenito@g.o> |
28 |
Developer, SELinux |
29 |
Hardened Gentoo Linux |
30 |
|
31 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
32 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |