From: Petr Lautrbach <lautrbach@redhat.com>
To: Cathy Hu <cahu@suse.de>, selinux@vger.kernel.org
Cc: fvogt@suse.com, selinux@suse.de
Subject: Re: Question regarding restorecon and btrfs read-only snapshots
Date: Mon, 17 Mar 2025 18:29:45 +0100 [thread overview]
Message-ID: <87plif7egm.fsf@redhat.com> (raw)
In-Reply-To: <8ca3a1ed-0f53-4da9-a86b-75699f306f8c@suse.de>
Cathy Hu <cahu@suse.de> writes:
> On 17.03.25 15:29, Petr Lautrbach wrote:
>>
>> You could use `-e <directory>` to exclude read only subdirectories.
>>
>
> Yes that is possible, but also requires a manual change by the user to set
> this up together with the snapshot (same as telling them to add <<none>>),
> which we would like to avoid.
Your -relabel.service's are generated and so can be restorecon options
there.
Fedora uses fixfiles -
https://github.com/SELinuxProject/selinux/blob/main/policycoreutils/scripts/fixfiles
- which detects ro filesystems and skip them.
> Is there a reason why these r-o subvolumes are not skipped by default?
> Could they be skipped without a problem and it is just missing the implementation?
>
> Thanks :)
>
> Kind regards,
> Cathy
>
> --
> Cathy Hu <cahu@suse.de>
> SELinux Security Engineer
> GPG: 5873 CFD1 8C0E A6D4 9CBB F6C4 062A 1016 1505 A08A
>
> SUSE Software Solutions Germany GmbH
> Frankenstrasse 146
> 90461 Nürnberg
>
> Geschäftsführer: Ivo Totev, Andrew McDonald, Werner Knoblich
> (HRB 36809, AG Nürnberg)
next prev parent reply other threads:[~2025-03-17 17:29 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-17 13:49 Question regarding restorecon and btrfs read-only snapshots Cathy Hu
2025-03-17 14:29 ` Petr Lautrbach
2025-03-17 14:55 ` Cathy Hu
2025-03-17 17:29 ` Petr Lautrbach [this message]
2025-03-18 8:17 ` Cathy Hu
2025-03-18 12:24 ` Stephen Smalley
2025-03-18 13:10 ` Petr Lautrbach
2025-03-19 13:16 ` Stephen Smalley
2025-03-19 13:25 ` Stephen Smalley
2025-03-19 14:35 ` William Roberts
2025-03-19 15:20 ` Fabian Vogt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87plif7egm.fsf@redhat.com \
--to=lautrbach@redhat.com \
--cc=cahu@suse.de \
--cc=fvogt@suse.com \
--cc=selinux@suse.de \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.