[systemd-devel] [PATCH 3/4] condition: add ConditionSELinux

[Michal Schmidt]

On Mon, 04 Apr 2011 20:59:58 +0200 Alexander Boström wrote:
> > If on the other hand / stays read-only for the whole duration of
> > working with SELinux disabled, then no contexts will be harmed and
> > relabeling will not be necessary.
> 
> If / is ro but /var is rw then a relabel is still useful, right?
> 
> And /var is more likely to be mounted rw than / is, so it would make
> sense to store this flag somewhere in /var.
> 
> Or even better, in each filesystem. (An xattr on the root inode?)

hehe, I was rethinking this today and came to the same conclusion :-)
i.e. that it really ought to be per-filesystem. I didn't think of
using xattrs for this though. It's an interesting idea. I was
thinking about adding a field to the fs superblock, but that would
require kernel changes in several filesystems. xattr is easier.

Michal