[systemd-devel] [PATCH 3/4] condition: add ConditionSELinux
mschmidt at redhat.com
Mon Apr 4 14:39:54 PDT 2011
On Mon, 4 Apr 2011 22:51:55 +0200 Kay Sievers wrote:
> We really need something here that is not tied to the / inode, because
> we want to support r/o / or / on tmpfs with only the subdirs mounted
> from disk. xattrs of / just have the same issues as /.-files, it's
> just a different storage format regarding that problem.
The key is it would a _per-filesystem_ flag meaning "this fs is tainted
for use with SELinux and needs relabeling".
The xattr containing the value of the flag would be attached to the
relative / of every mounted filesystem.
filesystems mounted ro don't matter, because they cannot get their
file contexts changed and therefore do not need to be marked tainted.
mount itself should write the xattr when it mounts the filesystem
read-write and SELinux is disabled.
Bill Nottingham noted on IRC that relabeling would then be done by
systemd in the same pass that handles fsck.
More information about the systemd-devel