Mailing List Archive

Hi Chris

If I recall correctly reiserfs isn't support since it doesn't support
extended attributes or the namespace extensions that selinux requires.
It has been a few months since I dealt with SELinux though so there may
be patches available now.

HTH

Ben

On Sun, 2005-10-23 at 18:03 +1000, Chris Smart wrote:
> Greetings,
>
> I'm setting up a new server and considering SELinux. In the Gentoo
> manual it states that "only ext2/3 and xfs are supported as other
> filesystems lack full attribute support", but that "this should change
> in the future".
>
> Does anyone know is reiserfs has full attribute support, and therefore
> is SELinux compatible?
>
> Cheers!
> Chris

Ben Maynard wrote:

>Hi Chris
>
>If I recall correctly reiserfs isn't support since it doesn't support
>extended attributes or the namespace extensions that selinux requires.
>It has been a few months since I dealt with SELinux though so there may
>be patches available now.
>
>HTH
>
>Ben
>
Thanks Ben,
The kernel shows reiserfs as having some extended attribute support, but
I wasn't sure if it was everything that SELinux needed.

<*> Reiserfs support
[*] ReiserFS extended attributes
[*] ReiserFS POSIX Access Control Lists
[*] ReiserFS Security Labels

CONFIG_REISERFS_FS_SECURITY:
Security labels support alternative access control models
implemented by security modules like SELinux. This option
enables an extended attribute handler for file security
labels in the ReiserFS filesystem.

I guess I'll stick have to research more or go ext3.

Cheers,
Chris
--
gentoo-security@gentoo.org mailing list

I got this from: http://www.livejournal.com/users/james_morris/3580.html
(scroll down to the reiiserfs part)

I don't recall removing anything from genfs_contexts
but add the line
fs_use_xattr reiserfs system_u:object_r:fs_t
to an appropriate place in fs_use let me relabel the file system

Chris Smart wrote:

> Ben Maynard wrote:
>
>> Hi Chris
>>
>> If I recall correctly reiserfs isn't support since it doesn't support
>> extended attributes or the namespace extensions that selinux requires.
>> It has been a few months since I dealt with SELinux though so there may
>> be patches available now.
>>
>> HTH
>>
>> Ben
>>
> Thanks Ben,
> The kernel shows reiserfs as having some extended attribute support,
> but I wasn't sure if it was everything that SELinux needed.
>
> <*> Reiserfs support
> [*] ReiserFS extended attributes
> [*] ReiserFS POSIX Access Control Lists
> [*] ReiserFS Security Labels
>
> CONFIG_REISERFS_FS_SECURITY:
> Security labels support alternative access control models
> implemented by security modules like SELinux. This option
> enables an extended attribute handler for file security
> labels in the ReiserFS filesystem.
>
> I guess I'll stick have to research more or go ext3.
>
> Cheers,
> Chris


--
gentoo-security@gentoo.org mailing list

Steven Sennebogen wrote:

>I got this from: http://www.livejournal.com/users/james_morris/3580.html
>(scroll down to the reiiserfs part)
>
>I don't recall removing anything from genfs_contexts
>but add the line
>fs_use_xattr reiserfs system_u:object_r:fs_t
>to an appropriate place in fs_use let me relabel the file system
>
Great! Thanks Steven.
Looks like I'll have to have a play and serious test if I head down the
route.
--
gentoo-security@gentoo.org mailing list