is it safe to use ext4 for SELinux

is it safe to use ext4 for SELinux

[Justin P. Mattock]

I've just downloaded the fedora 11 livecd and am installing it on an
imac. during the partition scheme should I use ext4,
or stick with ext3 for SELinux to function properly?

Justin P. Mattock

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: is it safe to use ext4 for SELinux

[Doug Sikora]

I have X86_64
I'm using ext4 without any issues .. plus my /home filesystem is encrypted as well.
not sure about on an imac -- I'd say to do it and monitor the logs


I do have this awful issue with firefox 3.5.1 where it locks up the entire OS, it happens all too often, but this does not appear selinux related as there are not any odd messages in the logs. google showed many other with same issue but no resolution.



----- Original Message -----
From: "Justin P. Mattock" <justinmattock@gmail.com>
To: "SE-Linux" <selinux@tycho.nsa.gov>
Sent: Wednesday, July 29, 2009 1:16:11 PM GMT -05:00 US/Canada Eastern
Subject: is it safe to use ext4 for SELinux

I've just downloaded the fedora 11 livecd and am installing it on an
imac. during the partition scheme should I use ext4,
or stick with ext3 for SELinux to function properly?

Justin P. Mattock

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: is it safe to use ext4 for SELinux

[Christopher Pardy]

On 07/29/2009 01:16 PM, Justin P. Mattock wrote:
> I've just downloaded the fedora 11 livecd and am installing it on an
> imac. during the partition scheme should I use ext4,
> or stick with ext3 for SELinux to function properly?
> 
> Justin P. Mattock
> 
> -- 
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> with
> the words "unsubscribe selinux" without quotes as the message.

OMG wrong list!!!! send fedora related stuff to fedora-selinux please!
Also.... No, use ext4.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: is it safe to use ext4 for SELinux

[Justin P. Mattock]

Christopher Pardy wrote:
> On 07/29/2009 01:16 PM, Justin P. Mattock wrote:
>    
>> I've just downloaded the fedora 11 livecd and am installing it on an
>> imac. during the partition scheme should I use ext4,
>> or stick with ext3 for SELinux to function properly?
>>
>> Justin P. Mattock
>>
>> -- 
>> This message was distributed to subscribers of the selinux mailing list.
>> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
>> with
>> the words "unsubscribe selinux" without quotes as the message.
>>      
>
> OMG wrong list!!!! send fedora related stuff to fedora-selinux please!
> Also.... No, use ext4.
>
>    

I'll have to search for the lists to join.
in the meantime it is possible to have
SELinux on ext4

Justin P. Mattock

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: is it safe to use ext4 for SELinux

[Daniel J Walsh]

On 07/29/2009 02:04 PM, Justin P. Mattock wrote:
> Christopher Pardy wrote:
>> On 07/29/2009 01:16 PM, Justin P. Mattock wrote:
>>   
>>> I've just downloaded the fedora 11 livecd and am installing it on an
>>> imac. during the partition scheme should I use ext4,
>>> or stick with ext3 for SELinux to function properly?
>>>
>>> Justin P. Mattock
>>>
>>> -- 
>>> This message was distributed to subscribers of the selinux mailing list.
>>> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
>>> with
>>> the words "unsubscribe selinux" without quotes as the message.
>>>      
>>
>> OMG wrong list!!!! send fedora related stuff to fedora-selinux please!
>> Also.... No, use ext4.
>>
>>    
> 
> I'll have to search for the lists to join.
> in the meantime it is possible to have
> SELinux on ext4
>
Yes SELinux should work on any file system that supports extended attributes.
 
> Justin P. Mattock
> 
> -- 
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> with
> the words "unsubscribe selinux" without quotes as the message.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: is it safe to use ext4 for SELinux

[Justin P. Mattock]

On Thu, 2009-07-30 at 00:03 -0400, Daniel J Walsh wrote:
> On 07/29/2009 02:04 PM, Justin P. Mattock wrote:
> > Christopher Pardy wrote:
> >> On 07/29/2009 01:16 PM, Justin P. Mattock wrote:
> >>   
> >>> I've just downloaded the fedora 11 livecd and am installing it on an
> >>> imac. during the partition scheme should I use ext4,
> >>> or stick with ext3 for SELinux to function properly?
> >>>
> >>> Justin P. Mattock
> >>>
> >>> -- 
> >>> This message was distributed to subscribers of the selinux mailing list.
> >>> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> >>> with
> >>> the words "unsubscribe selinux" without quotes as the message.
> >>>      
> >>
> >> OMG wrong list!!!! send fedora related stuff to fedora-selinux please!
> >> Also.... No, use ext4.
> >>
> >>    
> > 
> > I'll have to search for the lists to join.
> > in the meantime it is possible to have
> > SELinux on ext4
> >
> Yes SELinux should work on any file system that supports extended attributes.
>  
> > Justin P. Mattock
> > 
> > -- 
> > This message was distributed to subscribers of the selinux mailing list.
> > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> > with
> > the words "unsubscribe selinux" without quotes as the message.
> 

I must admit that I'm out of the loop with new stuff.
(thought ext4 was not yet ready for SELinux).

Side note: fedora sure does run nice with SELinux
you can't even tell the policy/SELinux is turned on.
(I think I'm going to convert).

Thanks for the response on this, and
it is true about learning something new everyday!!

Justin P. Mattock


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: is it safe to use ext4 for SELinux

[Stephen Smalley]

On Wed, 2009-07-29 at 10:16 -0700, Justin P. Mattock wrote:
> I've just downloaded the fedora 11 livecd and am installing it on an
> imac. during the partition scheme should I use ext4,
> or stick with ext3 for SELinux to function properly?

The current policy is configured to use xattrs on any of these
filesystems:
$ grep '^fs_use_xattr' policy.conf 
fs_use_xattr btrfs system_u:object_r:fs_t;
fs_use_xattr encfs system_u:object_r:fs_t;
fs_use_xattr ext2 system_u:object_r:fs_t;
fs_use_xattr ext3 system_u:object_r:fs_t;
fs_use_xattr ext4 system_u:object_r:fs_t;
fs_use_xattr ext4dev system_u:object_r:fs_t;
fs_use_xattr gfs system_u:object_r:fs_t;
fs_use_xattr gfs2 system_u:object_r:fs_t;
fs_use_xattr jffs2 system_u:object_r:fs_t;
fs_use_xattr jfs system_u:object_r:fs_t;
fs_use_xattr lustre system_u:object_r:fs_t;
fs_use_xattr xfs system_u:object_r:fs_t;

As to whether or not they all truly work, I don't know.
I have used ext4 though without any selinux problems, and btrfs has been
reported to work as well.

I also saw some fixes for reiserfs support for security.* attributes get
committed earlier this year, so possibly we could move reiserfs back to
the fs_use_xattr list.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: is it safe to use ext4 for SELinux

[Eric Paris]

On Thu, 2009-07-30 at 09:02 -0400, Stephen Smalley wrote:
> On Wed, 2009-07-29 at 10:16 -0700, Justin P. Mattock wrote:
> > I've just downloaded the fedora 11 livecd and am installing it on an
> > imac. during the partition scheme should I use ext4,
> > or stick with ext3 for SELinux to function properly?
> 

> As to whether or not they all truly work, I don't know.
> I have used ext4 though without any selinux problems, and btrfs has been
> reported to work as well.

If you have problems with ext3, ext4, gfs2, or btrfs please file a
bugzilla and it will be a high priority for us to fix.

-Eric


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: is it safe to use ext4 for SELinux

[Justin P. Mattock]

On Thu, 2009-07-30 at 09:06 -0400, Eric Paris wrote:
> On Thu, 2009-07-30 at 09:02 -0400, Stephen Smalley wrote:
> > On Wed, 2009-07-29 at 10:16 -0700, Justin P. Mattock wrote:
> > > I've just downloaded the fedora 11 livecd and am installing it on an
> > > imac. during the partition scheme should I use ext4,
> > > or stick with ext3 for SELinux to function properly?
> > 
> 
> > As to whether or not they all truly work, I don't know.
> > I have used ext4 though without any selinux problems, and btrfs has been
> > reported to work as well.
> 
> If you have problems with ext3, ext4, gfs2, or btrfs please file a
> bugzilla and it will be a high priority for us to fix.
> 
> -Eric
> 


Yeah I thought SELinux support was only for ext3,

Anyways At the moment I need to get the hang of this system, 
then later on experiment with the latest refpolicy.

As for any issues with any of the files system, no problem
I'll send a post to the appropriate vendor, about any issue,
if I run into such a thing.


Justin P. Mattock


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.