public inbox for initramfs@vger.kernel.org
 help / color / mirror / Atom feed
From: Paul Moore <pmoore@redhat.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Rob Landley <rob@landley.net>,
	Josh Boyer <jwboyer@fedoraproject.org>,
	initramfs <initramfs@vger.kernel.org>,
	Al Viro <viro@zeniv.linux.org.uk>,
	linux-ima-devel@lists.sourceforge.net,
	linux-security-module <linux-security-module@vger.kernel.org>,
	linux-kernel <linux-kernel@vger.kernel.org>,
	Fionnuala Gunter <fin@linux.vnet.ibm.com>,
	"casey.schaufler" <casey.schaufler@intel.com>,
	selinux@tycho.nsa.gov
Subject: Re: [RFC][PATCH 6/9] gen_initramfs_list.sh: include xattrs
Date: Wed, 14 Jan 2015 14:36:46 -0500	[thread overview]
Message-ID: <1584934.WkKQGAFadF@sifl> (raw)
In-Reply-To: <1421205803.2119.110.camel@dhcp-9-2-203-236.watson.ibm.com>

On Tuesday, January 13, 2015 10:23:23 PM Mimi Zohar wrote:
> I would assume only 'security.evm' is not portable as it attempts to
> tightly bind the file metadata to the file data.  Casey?  Paul?

[NOTE: Added the SELinux mailing list to the CC line.]

The SELinux xattr should be portable assuming the security label's semantics 
remain constant across the different security policies.  If the label is 
completely unknown SELinux should handle it correctly, it will be treated as 
unlabeled until a module is loaded which defines the label.

Although, this is just for initramfs, yes?  If so, I'm not sure this matters 
that much from a practical point of view; Stephen or someone else from the 
SELinux list may have some thoughts on this.

-- 
paul moore
security @ redhat


  parent reply	other threads:[~2015-01-14 19:36 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-07 20:52 [RFC][PATCH 0/9] extend initramfs archive format to support xattrs Mimi Zohar
2015-01-07 20:52 ` [RFC][PATCH 2/9] initramfs: add extended attribute support Mimi Zohar
2015-01-07 20:52 ` [RFC][PATCH 3/9] gen_init_cpio: replace inline format string with common variable Mimi Zohar
2015-01-07 20:52 ` [RFC][PATCH 4/9] gen_init_cpio: define new CPIO format to support xattrs Mimi Zohar
     [not found] ` <1420663980-20842-1-git-send-email-zohar-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2015-01-07 20:52   ` [RFC][PATCH 1/9] initramfs: separate reading cpio method from header Mimi Zohar
2015-01-07 20:52   ` [RFC][PATCH 5/9] gen_init_cpio: include the file extended attributes Mimi Zohar
2015-01-07 20:52 ` [RFC][PATCH 6/9] gen_initramfs_list.sh: include xattrs Mimi Zohar
2015-01-08 14:01   ` Josh Boyer
2015-01-08 15:13     ` Mimi Zohar
2015-01-08 18:19       ` Rob Landley
2015-01-08 22:08         ` Mimi Zohar
     [not found]           ` <1420754931.6338.95.camel-ofEJDTH4t7tcpOBKWxGlqK+Pbu69ru6nqyM6JfAXOaQ@public.gmane.org>
2015-01-13 18:48             ` Rob Landley
2015-01-13 20:20               ` Mimi Zohar
     [not found]                 ` <1421180416.2119.73.camel-ofEJDTH4t7tcpOBKWxGlqK+Pbu69ru6nqyM6JfAXOaQ@public.gmane.org>
2015-01-13 21:42                   ` Rob Landley
2015-01-14  3:23                     ` Mimi Zohar
     [not found]                       ` <1421205803.2119.110.camel-ofEJDTH4t7tcpOBKWxGlqK+Pbu69ru6nqyM6JfAXOaQ@public.gmane.org>
2015-01-14  4:34                         ` Rob Landley
2015-01-14 13:23                           ` Mimi Zohar
2015-01-14 19:36                       ` Paul Moore [this message]
2015-01-07 20:52 ` [RFC][PATCH 7/9] evm: make rootfs a special case Mimi Zohar
2015-01-07 20:52 ` [RFC][PATCH 8/9] ima: include tmpfs in ima_appraise_tcb policy Mimi Zohar
2015-01-08 13:53   ` Josh Boyer
     [not found]     ` <CA+5PVA7QiaLpiH+7oWQ5Uu8Z30mPczou89_9ga1CnW6c+_cQWQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-01-08 15:13       ` Mimi Zohar
2015-01-07 20:53 ` [RFC][PATCH 9/9] init: remove "root=" command line option test for tmpfs decision Mimi Zohar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1584934.WkKQGAFadF@sifl \
    --to=pmoore@redhat.com \
    --cc=casey.schaufler@intel.com \
    --cc=fin@linux.vnet.ibm.com \
    --cc=initramfs@vger.kernel.org \
    --cc=jwboyer@fedoraproject.org \
    --cc=linux-ima-devel@lists.sourceforge.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=rob@landley.net \
    --cc=selinux@tycho.nsa.gov \
    --cc=viro@zeniv.linux.org.uk \
    --cc=zohar@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox