On Sunday 12 June 2005 23:23, Valdis.Kletnieks(a)vt.edu wrote:
The data will be readable off any box that supports ext3 and
extended
attributes (I can't remember what happens if the kernel doesn't do the
extended attributes - whether it won't mount, or it mounts-and-ignores).
At worst, you'd need to drop to 'permissive' mode and/or restorecon.
Code to support XATTRs in Ext2/3 has been there for quite a while. Code that
works properly (and base Ext2/3 code that has no bugs related to this) is a
bit newer.
If you have a file system with XATTRs on sym-links (SE Linux puts XATTRs on
all file system objects) and then try to mount it on an older 2.4.x kernel
then there will be problems, I can't remember if the problems merely made the
file system unusable of whether a full kernel panic occurred. In any case
the result was not good.
If you need to share a disk with an old 2.4.x machine then a good solution is
to mount it with -o context=... Then the context is stored in kernel memory
and never written to disk (unless you use a program such as mv or cp that
does it - but it will not be done automatically by the kernel).
For an external device the context= mount option is good for security too.
Devices that are mounted nosuid also inhibit domain_auto_trans() rules, but
having arbitrary data types on files is not desirable.
But generally the answer is that there is no serious issue no matter what you
want to do. You just have to do it in the right way.
Also note that some new file system features in recent 2.6.x kernels are not
supported on 2.4.x. So you may have some issues with using an old kernel
even if not using SE Linux.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page