--- Jeremy Katz katzj@redhat.com wrote:
The problem is that the various compressed filesystems don't actually support xattrs which is required for setting up the SELinux file contexts.
If I were intent on using SELinux, I would ask this question-
once you get kadischi to have a specifiable read-only filesystem type (i.e. zisofs or squashfs or ...), would there be any problem with doing a (possibly clooped) ext2(/3) fs as an option.
Definately it'd be less efficient spacewise than squashfs, but it shouldn't really be too hard to add that as an option, which sounds like it might enable SELinux.
Though how about tmpfs? Does it support xattrs? Currently kad uses bind-mounting and read-only root for a mix of tmpfs+zisofs. So if you switch zisofs to cloop-ext2, you still have the tmpfs part.
I wonder how selinux would cope with tmpfs+cloop_ext2+relayfs (or relayfs in general).
time and experiment will tell I suppose.
-jdog
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com