Hi,
I thought I would try the latest development updates to see how the selinux implementation is progressing, but was unable to relabel my reiserfs drive.
I changed the fs_use file to include reiserfs (fs_use_xattr reiserfs system_u:object_r:fs_t) and also changed the makefile so awk would identify reiserfs drives.
However I still get the "Operation not supported" error from setfiles so I assume the reiserfs selinux kernel patches (using kernel 2.6.0-1.41) are not implemented? Does anyone know if that is the case?
Thanks Dave Hawkes
Hi,
On Thu, 2004-01-15 at 14:39, Dave Hawkes wrote:
However I still get the "Operation not supported" error from setfiles so I assume the reiserfs selinux kernel patches (using kernel 2.6.0-1.41) are not implemented? Does anyone know if that is the case?
Yes. There are actually two separate bits needed in the filesystem to support SELinux: extended attributes, and a handler for the specific "security.*" namespace that SELinux uses. Reiserfs has neither, unfortunately. XFS has xattrs, but doesn't have a security.* handler yet (the XFS folks will need to decide an on-disk encoding for that first.) ext2 and ext3 are the fully-implemented filesystems for SELinux for now.
Cheers, Stephen
On Thu, 2004-01-15 at 09:39, Dave Hawkes wrote:
I thought I would try the latest development updates to see how the selinux implementation is progressing, but was unable to relabel my reiserfs drive.
I changed the fs_use file to include reiserfs (fs_use_xattr reiserfs system_u:object_r:fs_t) and also changed the makefile so awk would identify reiserfs drives.
However I still get the "Operation not supported" error from setfiles so I assume the reiserfs selinux kernel patches (using kernel 2.6.0-1.41) are not implemented? Does anyone know if that is the case?
reiserfs doesn't support extended attributes unless you patch in support, e.g. using Jeff Mahoney's patches from ftp://ftp.suse.com/pub/people/jeffm/reiserfs/aclea/. These patches do include a handler for the security namespace now, and a SELinux user has reported successfully assigning the SELinux labels using this code, but we have never tested it ourselves.
Thanks for the info, the patches seem to be kernel release specific and not so well tested. Maybe I'll just have to wait for reiser4 support...
Stephen Smalley wrote:
On Thu, 2004-01-15 at 09:39, Dave Hawkes wrote:
I thought I would try the latest development updates to see how the selinux implementation is progressing, but was unable to relabel my reiserfs drive.
I changed the fs_use file to include reiserfs (fs_use_xattr reiserfs system_u:object_r:fs_t) and also changed the makefile so awk would identify reiserfs drives.
However I still get the "Operation not supported" error from setfiles so I assume the reiserfs selinux kernel patches (using kernel 2.6.0-1.41) are not implemented? Does anyone know if that is the case?
reiserfs doesn't support extended attributes unless you patch in support, e.g. using Jeff Mahoney's patches from ftp://ftp.suse.com/pub/people/jeffm/reiserfs/aclea/. These patches do include a handler for the security namespace now, and a SELinux user has reported successfully assigning the SELinux labels using this code, but we have never tested it ourselves.