From: jim owens <jowens@hp.com>
To: Chris Mason <chris.mason@oracle.com>
Cc: linux-btrfs@vger.kernel.org
Subject: btrfs with selinux
Date: Wed, 10 Dec 2008 09:33:49 -0500 [thread overview]
Message-ID: <493FD34D.8050802@hp.com> (raw)
In-Reply-To: <1228916750.11900.11.camel@think.oraclecorp.com>
Chris Mason wrote:
> On Tue, 2008-12-09 at 15:22 -0500, jim owens wrote:
>> I have been working on changing the xattr code with the first
>> step getting it functioning properly when selinux is enabled
>> so we can see just how costly btrfs xattrs are in actual use.
>
> Not really on topic, but how are things broken today with selinux?
With selinux enabled you can not create any files on
a btrfs filesystem (as of dec9 git tree with fedora 9),
even as root!
There are 2 things needed to make it work:
1) the /etc/selinux load-into-kernel database must be
patched to recognize btrfs has xattrs. One of our
security people, Paul Moore, has submitted it to
the upstream refpolicy. But it won't be merged
until I finish my testing.
After the database is patched, the dec9 git tree
will allow file create on btrfs... but the selinux
xattrs are not set. Thus "cp -a" will copy the
files but all "selinux context" values are wrong.
2) I have btrfs patches to interface correctly with
the LSM so we save the selinux context. I'll be
sending them up as soon as I have finished testing.
jim
P.S. sane people just disable selinux on install :)
next prev parent reply other threads:[~2008-12-10 14:33 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-09 14:59 Selective Compression/Encryption Lee Trager
2008-12-09 15:45 ` Miguel Figueiredo Mascarenhas Sousa Filipe
[not found] ` <200812091722.21567.mail@earthworm.de>
2008-12-09 18:09 ` Lee Trager
2008-12-09 22:14 ` Miguel Figueiredo Mascarenhas Sousa Filipe
[not found] ` <1228863790.8130.14.camel@mattos-laptop>
2008-12-10 12:11 ` Miguel Figueiredo Mascarenhas Sousa Filipe
2008-12-09 23:05 ` Diego Calleja
2008-12-09 23:50 ` jim owens
2008-12-10 0:03 ` calin
2008-12-10 13:44 ` Chris Mason
2008-12-10 17:55 ` Christoph Hellwig
2008-12-10 18:02 ` Linda Knippers
2008-12-10 18:11 ` Joshua J. Berry
2008-12-10 9:06 ` Mattos, Oliver
2008-12-10 9:32 ` Jeremy Sanders
2008-12-10 12:19 ` Miguel Figueiredo Mascarenhas Sousa Filipe
2008-12-09 16:35 ` Chris Mason
2008-12-09 18:14 ` Lee Trager
2008-12-09 19:26 ` Joshua J. Berry
2008-12-09 20:22 ` jim owens
2008-12-10 13:45 ` Chris Mason
2008-12-10 14:33 ` jim owens [this message]
2008-12-11 22:03 ` Lee Trager
2008-12-12 14:19 ` Chris Mason
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=493FD34D.8050802@hp.com \
--to=jowens@hp.com \
--cc=chris.mason@oracle.com \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.