Re: [RFC][PATCH 6/9] gen_initramfs_list.sh: include xattrs

From: Paul Moore
Date: Wed Jan 14 2015 - 15:14:20 EST

Next message: Brian Foster: "Re: [PATCH v8 11/11] xfstests: fsx: Add fallocate insert range operation"
Previous message: David Miller: "Re: [PATCH net-next] r8152: replace tasklet with NAPI"
In reply to: Mimi Zohar: "Re: [RFC][PATCH 6/9] gen_initramfs_list.sh: include xattrs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday, January 13, 2015 10:23:23 PM Mimi Zohar wrote:
> I would assume only 'security.evm' is not portable as it attempts to
> tightly bind the file metadata to the file data. Casey? Paul?

[NOTE: Added the SELinux mailing list to the CC line.]

The SELinux xattr should be portable assuming the security label's semantics
remain constant across the different security policies. If the label is
completely unknown SELinux should handle it correctly, it will be treated as
unlabeled until a module is loaded which defines the label.

Although, this is just for initramfs, yes? If so, I'm not sure this matters
that much from a practical point of view; Stephen or someone else from the
SELinux list may have some thoughts on this.

--
paul moore
security @ redhat

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Brian Foster: "Re: [PATCH v8 11/11] xfstests: fsx: Add fallocate insert range operation"
Previous message: David Miller: "Re: [PATCH net-next] r8152: replace tasklet with NAPI"
In reply to: Mimi Zohar: "Re: [RFC][PATCH 6/9] gen_initramfs_list.sh: include xattrs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]