On Fri, 29.04.11 11:21, Daniel J Walsh (dwalsh@redhat.com) wrote:
I guess I missed some discussion of this. You'd need to update libselinux at least, definition of SELINUXMNT in libselinux/src/policy.h, used by selinux_init_load_policy() to mount selinuxfs for initial policy load. And it may break rc scripts and other scripts/programs that have become accustomed to /selinux.
Here is the patch I am thinking about.
I think mock might need to be updated, maybe livecd tools.
- /* We check to see if the original mount point for selinux file
* system has a selinuxfs. */
- do {
rc = statfs("/selinux", &sfbuf);
- } while (rc < 0 && errno == EINTR);
- if (rc == 0) {
if ((uint32_t)sfbuf.f_type == (uint32_t)SELINUX_MAGIC) {
selinux_mnt = strdup("/selinux");
return;
}
I like the patch.
One little feature request where we already are on this:
Given that there is a statfs() in here anyway, could we also maybe extend this a tiny bit, and add a statvfs() call as well, and if ST_RDONLY is set in .f_flag consider selinux to be off? That would be very handy in containers/chroots and stuff like that, where you might want to make the container assume selinux is off even though the host has it enabled. If the container/chroot manager simply bind mounts /selinux into the namespace read-only this would then be an effective way to make selinux appear off to the container code.
I think using whether /selinux is read-only as a flag for selinux off is a pretty natural nice way.
mock currently tries do work-around this by placing a fake /proc/filesystems file in the namespace, and I think that's quite ugly. Using read-only /selinux as flag appears much nicer to me, since it in itself already disables a number of selinux operations.
Lennart