On Tue, 05.04.11 08:42, Daniel J Walsh ([email protected]) wrote: > systemd should check if the mount flag includes seclabel field. > before labeling. > If a file system does not support labeling or does is mounted with a > context mount option, the file system will not show the label seclabel. > > grep seclabel /proc/self/mountinfo
What happens if we try to relabel those file systems nonetheless? Just errors? Hmm, we currently only relabel /run and /dev recursively, plus the top-level inode of all API file systems we mount. I presume devtmpfs and tmpfs do support "seclabel", right? Do we really have to code a check for this flag? Given that the list of API mount points we mount at early boot is pretty much fixed (http://cgit.freedesktop.org/systemd/tree/src/mount-setup.c#n51) we could just hardcod the invocation of the relabelling per-filesystem. Do you have any particular file system in mind where we currently relabel where we shouldn't? I'd like to understand what the precise implications of the seclabel option are, is there some doc available somewhere? The mount man page doesn't mention it... :-( Lennart -- Lennart Poettering - Red Hat, Inc. _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
