Hi all
i'm using Fedora12 and i have configured an ecryptfs filesystem. I see that the default behaviour for this filesystem is to use an unique mount- wide context (ecryptfs_t) to label each file. There's a way to override this behaviour (for example by inserting a mount parameter), in order to use the extended attributes on the lower filesystem or patching the distributed selinux policy is the only option possible?
Thanks in advance for replies.
On Mon, 2009-12-14 at 11:11 +0100, Roberto Sassu wrote:
Hi all
i'm using Fedora12 and i have configured an ecryptfs filesystem. I see that the default behaviour for this filesystem is to use an unique mount- wide context (ecryptfs_t) to label each file. There's a way to override this behaviour (for example by inserting a mount parameter), in order to use the extended attributes on the lower filesystem or patching the distributed selinux policy is the only option possible?
Thanks in advance for replies.
You'd have to modify, rebuild, and replace the base policy module to specify fs_use_xattr for ecryptfs rather than genfscon. There was an attempt to automate probing for xattr support and use it if present, but it ran into problems, see: http://marc.info/?t=121379726100001&r=1&w=2
selinux@lists.fedoraproject.org
-
Roberto Sassu -
Stephen Smalley