On Mon, Apr 4, 2011 at 23:39, Michal Schmidt <[email protected]> wrote: > On Mon, 4 Apr 2011 22:51:55 +0200 Kay Sievers wrote: >> We really need something here that is not tied to the / inode, because >> we want to support r/o / or / on tmpfs with only the subdirs mounted >> from disk. xattrs of / just have the same issues as /.-files, it's >> just a different storage format regarding that problem. > > The key is it would a _per-filesystem_ flag meaning "this fs is tainted > for use with SELinux and needs relabeling". > The xattr containing the value of the flag would be attached to the > relative / of every mounted filesystem. > > filesystems mounted ro don't matter, because they cannot get their > file contexts changed and therefore do not need to be marked tainted. > > mount itself should write the xattr when it mounts the filesystem > read-write and SELinux is disabled. > > Bill Nottingham noted on IRC that relabeling would then be done by > systemd in the same pass that handles fsck.
Yeah, sounds good if that works. The setup we might want to support in the future is that the couple of needed / directories are populated by btrfs subvolumes. Something like such a flag on the root of the individual subvolume that gets mounted might work just fine. Kay _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
