On Mon, Oct 5, 2020 at 7:31 AM Ashish Mishra <ashishm(a)mvista.com> wrote:
Hi All ,
This is my first post here so please let me know if this is the correct group .
I am starting to learn about SELINUX for one of our internal projects.
The ROOT_FS of the planned project is supposed to be RAMFS.
I haven't much experience with SELINUX , hence :
1) Does the team can share any comment / risk / feedback w.r.t RAMFS ?
Well, ramfs doesn't support extended attributes, so it wouldn't be
possible to label individual files. They would all be labeled as
"system_u:object_r:ramfs_t:s0". So I think such system likely wouldn't
work with SELinux + stock Fedora policy.
Any chance you could use tmpfs instead of ramfs? It has xattr support,
so it could work fine (or at least should be easier to get to work :).
2) Is there any specific module / functionality that I should look at to have
default SELINUX supported with RAMFS ?
3) Or is default SELINUX can handle the storage of required tags / context
by default of the available filesystem ( RAMFS ) in our case ?
I was planning to have "targeted" policy to be enabled by default
Thanks ,
Ashish Kumar Mishra.
_______________________________________________
selinux mailing list -- selinux(a)lists.fedoraproject.org
To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject...
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.