On Mon, 2009-12-14 at 11:11 +0100, Roberto Sassu wrote:
i'm using Fedora12 and i have configured an ecryptfs filesystem.
I see that the default behaviour for this filesystem is to use an unique mount-
wide context (ecryptfs_t) to label each file.
There's a way to override this behaviour (for example by inserting a mount
parameter), in order to use the extended attributes on the lower filesystem or
patching the distributed selinux policy is the only option possible?
Thanks in advance for replies.
You'd have to modify, rebuild, and replace the base policy module to
specify fs_use_xattr for ecryptfs rather than genfscon. There was an
attempt to automate probing for xattr support and use it if present, but
it ran into problems, see:
National Security Agency