On Mon, 2005-04-04 at 11:02 -0400, Deron Meranda wrote:
I'm trying to mount some ISO files using the loop device.
However
I can't seem to get the context= option on the mount to work. As
such the mounted files have no SELinux context set. In particular
I'm trying the following,
mount -t iso9660 \
-o context=system_u:object_r:httpd_sys_content_t,loop,ro,noexec,nodev,nosuid
\
/path/to/file.iso /mountpoint
I'm running in enforcing mode with selinux-policy-targeted-1.17.30-2.93
How can one mount an ISO image file and force all files to appear
to have a particular SELinux context?
What makes you think it isn't working? ls -Z isn't going to work
regardless, as iso9660 doesn't provide extended attribute handlers. But
the context= option should set the security context that is applied
internally by SELinux to the incore inodes, so that they will be access
controlled accordingly. BTW, fscontext= may be more suitable here than
context=.
--
Stephen Smalley <sds(a)tycho.nsa.gov>
National Security Agency