problems with tmpfs and relabeling
Bill Nottingham
notting at redhat.com
Fri Apr 21 18:30:08 UTC 2006
Joshua Brindle (jbrindle at tresys.com) said:
> > Likely, but we'd want to distinguish the ro mount case from a
> > rw mount where the read lock acquisition fails for some other
> > cause. Likely can just test for errno EROFS when
> > semanage_get_active_lock() fails, and proceed with rdonly
> > operations in that case? cc'd Tresys folks above.
>
> Not sure about this, if the mount becomes rw in the middle of a EROFS
> read the policy can changed underneath them.
Yes, but that tends to imply some fairly severe gun -> foot interactions
on the part of the admin.
> I guess I'm unsure where
> this sudden push for ro filesystem support is coming from and why its
> important. Any kind of read only / system is going to have a highly
> abstracted interface. I have serious doubts that there would be any
> users running a bash shell and trying to get a list of modules.
http://fedoraproject.org/wiki/StatelessLinux
Bill
More information about the fedora-selinux-list
mailing list