[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: problems with tmpfs and relabeling
- From: Bill Nottingham <notting redhat com>
- To: Joshua Brindle <jbrindle tresys com>
- Cc: James Morris <jmorris redhat com>, Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
- Subject: Re: problems with tmpfs and relabeling
- Date: Fri, 21 Apr 2006 14:58:25 -0400
Joshua Brindle (jbrindle tresys com) said:
> > Yes, but that tends to imply some fairly severe gun -> foot
> > interactions on the part of the admin.
>
> The admin need not know what is going on, how many things happen on
> average linux systems without an average admins knowledge?
Well, I'd hope that remounting the root FS read-write wouldn't
be one of those. Arguably, you could even set up the policy to disallow
this.
> I retract the above statement. Even when making non-persistent boolean
> changes (which I can see happening on these systems) the lock is
> attempted. Its still unclear whether setsebool should fallback or if
> libsemanage should. I don't like the idea of lockless readers, even if
> the filesystem is RO when we start reading.
Hm, I didn't consider booleans. How (at an implementation level)
is setting of booleans done? (I've haven't looked at the backend guts
of the SELinux code that much.)
Bill
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]