Re: SE Linux savvy union FS?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephen Smalley <sds@tycho.nsa.gov>
To: "Minear, Spencer" <Spencer_Minear@mcafee.com>,
	"SELinux (selinux@tycho.nsa.gov)" <selinux@tycho.nsa.gov>
Subject: Re: SE Linux savvy union FS?
Date: Mon, 16 Mar 2015 11:03:59 -0400	[thread overview]
Message-ID: <5506F0DF.10805@tycho.nsa.gov> (raw)
In-Reply-To: <81524047c6794563a02a332aef65fd96@MIVEXUSR1N02.corpzone.internalzone.com>

On 03/16/2015 10:13 AM, Minear, Spencer wrote:
> I am looking for a union file system that can provide copy on write when
> overlaid on a SE Linux labeled read only  squash file system, that will
> provide the ability to manage the SE Linux file contexts using the same
> rules used when building the original SE Linux labeled squash file system.
> 
>  
> 
> I've found a number of pages on the topic of union file systems related
> to Linux.  However many appear to be out of data and none lead to a
> solution to my question.   I found at least one page that suggests that
> what I'm looking for has been or can be done, but I never found any
> specifics that suggested how to actually do it, and again it may have
> been out of date relative to the facilities that I am using.
> 
>  
> 
> So my questions are:
> 
>  
> 
> 1.       Does this capability exists?
> 
> 2.       Are there some how-to examples that show how to do it?
> 
>  
> 
> FYI, I am using a Debian distribution so information on that
> distribution of Linux would be most useful.
> 
>  
> 
> Thanks for any and all pointers that you may be able to provide.

You might try using overlayfs, as it is in mainline Linux (as of Linux
3.18) and it has logic for copying-up xattrs from the lower filesystem.
 That said, I have not tested it and do not know whether it truly works
well with SELinux.

     prev parent reply	other threads:[~2015-03-16 15:03 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-03-16 14:13 SE Linux savvy union FS? Minear, Spencer
2015-03-16 15:03 ` Stephen Smalley [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5506F0DF.10805@tycho.nsa.gov \
    --to=sds@tycho.nsa.gov \
    --cc=Spencer_Minear@mcafee.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.