problems with tmpfs and relabeling
Joshua Brindle
jbrindle at tresys.com
Fri Apr 21 19:26:15 UTC 2006
> From: Bill Nottingham [mailto:notting at redhat.com]
>
> Joshua Brindle (jbrindle at tresys.com) said:
> > > Yes, but that tends to imply some fairly severe gun -> foot
> > > interactions on the part of the admin.
> >
> > The admin need not know what is going on, how many things happen on
> > average linux systems without an average admins knowledge?
>
> Well, I'd hope that remounting the root FS read-write
> wouldn't be one of those. Arguably, you could even set up the
> policy to disallow this.
>
> > I retract the above statement. Even when making
> non-persistent boolean
> > changes (which I can see happening on these systems) the lock is
> > attempted. Its still unclear whether setsebool should
> fallback or if
> > libsemanage should. I don't like the idea of lockless
> readers, even if
> > the filesystem is RO when we start reading.
>
> Hm, I didn't consider booleans. How (at an implementation
> level) is setting of booleans done? (I've haven't looked at
> the backend guts of the SELinux code that much.)
>
In the non-persistent case it checks whether the store is managed and
then does the libselinux calls to set the boolean so that actually won't
be a problem.
Also, Karl claims that lockf works on a RO filesystem so the actual
problem is that we always open the lock file with O_RDRW | O_CREAT but
we can change it to try a read only open first and if it isn't there try
to create it and then bail after that. If the store has been properly
initialized the lock files will be present, the O_RDONLY open will
succeed and the lockf call will succeed and the query should work fine.
This is a pretty trivial change, do you think it will work Steve?
More information about the fedora-selinux-list
mailing list