[gentoo-dev] SELinux + ReiserFS problem

[gentoo-dev] SELinux + ReiserFS problem

[Chris PeBenito]

[-- Attachment #1: Type: text/plain, Size: 1507 bytes --]

There is an upcoming problem for SELinux users that use reiserfs. The
new SELinux API that was accepted into 2.6 uses extended attributes with
security labels for labeling files. This SELinux API has been backported
to 2.4 (present in masked selinux-sources-2.4.21-r2). Ext3 already has
these required extended attribute features, but reiserfs does not,
meaning you cannot use reiserfs with the new API SELinux. No one is
interested in making reiserfs work; even Hans Reiser says to wait till
Reiser4.

I want to get everyone converted to the new API because it will
significantly more difficult supporting both APIs, especially since
there are different sets of userland patches.  The NSA doesn't maintain
the old API either.  But this reiserfs problem is a blocker.  SuSE has
some reiserfs patches for extended attributes, but they lack security
labels.  I've been trying to add on the security labels to the SuSE
patches, but have not been successful.

So this is a notice to reiserfs users. It might be a good idea to
convert your systems to ext3, if possible.  We do want to support
reiserfs, but it may not be doable till 2.6/Reiser4.

If any kernel people are interested in helping to get this to work, let
me know, it would be a huge help.

-- 
Chris PeBenito
<pebenito@gentoo.org>
Developer, SELinux
Hardened Gentoo Linux
 
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A  CB00 BC8E E42D E6AF 9243

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]