From: David Chinner <dgc@sgi.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: David Chinner <dgc@sgi.com>,
xfs-masters@oss.sgi.com, chrisw@sous-sol.org,
linux-security-module@vger.kernel.org, jmorris@namei.org,
eparis@parisplace.org, linux-ext4@vger.kernel.org,
reiserfs-devel@vger.kernel.org,
jfs-discussion@lists.sourceforge.net, jffs-dev@axis.com
Subject: Re: [xfs-masters] [RFC: 2.6 patch] make the *FS_SECURITY options no longer user visible
Date: Thu, 2 Aug 2007 22:21:22 +1000 [thread overview]
Message-ID: <20070802122122.GR12413810@sgi.com> (raw)
In-Reply-To: <1185798467.15215.12.camel@moss-spartans.epoch.ncsc.mil>
On Mon, Jul 30, 2007 at 08:27:47AM -0400, Stephen Smalley wrote:
> On Mon, 2007-07-30 at 09:29 +1000, David Chinner wrote:
> > On Sun, Jul 29, 2007 at 05:02:09PM +0200, Adrian Bunk wrote:
> > > Please correct me if any of the following assumptions is wrong:
> > > - SELinux is currently the only user of filesystem security labels
> > > shipped with the Linux kernel
> > > - if a user has SELinux enabled he wants his filesystems to support
> > > security labels
> > >
> > > Based on these assumption, it doesn't make sense to have the
> > > *FS_SECURITY user visible since we can perfectly determine automatically
> > > when turning them on makes sense.
> >
> > Hmmm. The code in XFS is not dependent on selinux, but this change
> > would mean that testing the security xattr namespace would require a
> > selinux enabled kernel.
> >
> > I agree that the default for these should be "y" and selected if
> > selinux is enabled, but forcing us to use selinux enabled kernels
> > (on distro's that may not support selinux) just to test the
> > security xattr namespace is a bit of a pain.
>
> You can enable SECURITY_SELINUX in the kernel config but still have it
> boot disabled by default via SECURITY_SELINUX_BOOTPARAM_VALUE=0.
Ok, that shouldn't cause a problem then. Objection withdrawn. ;)
Cheers,
Dave.
--
Dave Chinner
Principal Engineer
SGI Australian Software Group
next prev parent reply other threads:[~2007-08-02 12:21 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-29 15:02 [RFC: 2.6 patch] make the *FS_SECURITY options no longer user visible Adrian Bunk
2007-07-29 23:29 ` [xfs-masters] " David Chinner
2007-07-30 12:27 ` Stephen Smalley
2007-08-02 12:21 ` David Chinner [this message]
2007-07-30 13:12 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070802122122.GR12413810@sgi.com \
--to=dgc@sgi.com \
--cc=chrisw@sous-sol.org \
--cc=eparis@parisplace.org \
--cc=jffs-dev@axis.com \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=jmorris@namei.org \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=reiserfs-devel@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=xfs-masters@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).