problems with tmpfs and relabeling

[Bill Nottingham]

Joshua Brindle (jbrindle at tresys.com) said: 
> > Likely, but we'd want to distinguish the ro mount case from a 
> > rw mount where the read lock acquisition fails for some other 
> > cause.  Likely can just test for errno EROFS when 
> > semanage_get_active_lock() fails, and proceed with rdonly 
> > operations in that case?  cc'd Tresys folks above.
> 
> Not sure about this, if the mount becomes rw in the middle of a EROFS
> read the policy can changed underneath them.

Yes, but that tends to imply some fairly severe gun -> foot interactions
on the part of the admin.

> I guess I'm unsure where
> this sudden push for ro filesystem support is coming from and why its
> important. Any kind of read only / system is going to have a highly
> abstracted interface. I have serious doubts that there would be any
> users running a bash shell and trying to get a list of modules.

http://fedoraproject.org/wiki/StatelessLinux

Bill