| 1 |
There is an upcoming problem for SELinux users that use reiserfs. The |
| 2 |
new SELinux API that was accepted into 2.6 uses extended attributes with |
| 3 |
security labels for labeling files. This SELinux API has been backported |
| 4 |
to 2.4 (present in masked selinux-sources-2.4.21-r2). Ext3 already has |
| 5 |
these required extended attribute features, but reiserfs does not, |
| 6 |
meaning you cannot use reiserfs with the new API SELinux. No one is |
| 7 |
interested in making reiserfs work; even Hans Reiser says to wait till |
| 8 |
Reiser4. |
| 9 |
|
| 10 |
I want to get everyone converted to the new API because it will |
| 11 |
significantly more difficult supporting both APIs, especially since |
| 12 |
there are different sets of userland patches. The NSA doesn't maintain |
| 13 |
the old API either. But this reiserfs problem is a blocker. SuSE has |
| 14 |
some reiserfs patches for extended attributes, but they lack security |
| 15 |
labels. I've been trying to add on the security labels to the SuSE |
| 16 |
patches, but have not been successful. |
| 17 |
|
| 18 |
So this is a notice to reiserfs users. It might be a good idea to |
| 19 |
convert your systems to ext3, if possible. We do want to support |
| 20 |
reiserfs, but it may not be doable till 2.6/Reiser4. |
| 21 |
|
| 22 |
If any kernel people are interested in helping to get this to work, let |
| 23 |
me know, it would be a huge help. |
| 24 |
|
| 25 |
-- |
| 26 |
Chris PeBenito |
| 27 |
<pebenito@g.o> |
| 28 |
Developer, SELinux |
| 29 |
Hardened Gentoo Linux |
| 30 |
|
| 31 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
| 32 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
Archives