Jeremy Katz wrote:
On Tue, 2007-08-07 at 16:42 -0500, Douglas McClendon wrote:
> This might be the wrong list to be asking this, but out of curiosity-
>
> Why can't relabeling be done if the host is running with selinux
> disabled? (selinux=0)
> It's just writing some metadata to the fs right? Seems like it should
> be possible.
Because the kernel developers have deemed it unsafe to write out any
security xattrs which aren't understood by the kernel. The fact that
they then get mapped to unlabeled_t doesn't seem to make much
difference. Frankly, I think they're wrong, but lengthy attempts to
convince them in the past have been unsuccessful. Maybe it's worth
tilting at that windmill again. Dunno.
Thats the sort of info I was looking for. I'm probably part of a very
small group of people who would notice, and even I don't care that much.
I'll post a little script one of these days that gets around it :)
-dmc