What is fine-grained file labeling in ext3?
Stephen Smalley
sds at epoch.ncsc.mil
Thu Oct 28 12:47:13 UTC 2004
On Thu, 2004-10-28 at 08:24, Douglas Furlong wrote:
> On Wed, 2004-10-27 at 16:18 +0200, Borkowski Dariusz wrote:
> > What is fine-grained file labeling in ext3?
> I think it is related to SELinux, but I can't be sure.
Yes. The ability to assign individual security labels to individual
files on the filesystem. Requires extended attribute (xattr) support in
the filesystem and a xattr handler for the security namespace for that
filesystem. reiserfs has an emulation of xattrs implemented as regular
files, but the current implementation produces deadlock when used with
SELinux upon setting an attribute (unless SELinux is explicitly told to
not even try using those handlers, as has been done for FC3/final).
There are also permission checking issues; reiserfs attempt to look up
an xattr file calls into the VFS and ends up triggering a directory
search permission check, and SELinux presently has no way to know that
this is purely an internal access to private state by the filesystem
itself. Preliminary patches proposed already to the reiserfs
maintainers, but they haven't acted on them yet.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the test
mailing list