"jon bird":
> Apologies, meant to answer that question yesterday. Our system is an
> embedded, highly cut down build of Linux and whilst we have the core
> policy tools deployed, seinfo is part of the SETools suite which we don't
> have available. It's possible I may be able to look at deploying it if we
> think it would be useful. However from the manual pages it sounds very
> much like it would dump out the file system information similar to the
> following which is generated by the kernel during boot:
:::
> As you can see, most of them support labelling via some mechanism.
Taking a glance at some selinux packages, the policy has some
declarations/settings about filesystems which the policy is
applied to. They maybe
----------------------------------------
# filesystems to be used in labeling targets
filesystems = $(shell mount | grep -v "context=" | egrep -v
'\((|.*,)bind(,.*|)\)' | $(AWK) '/(ext[234]|btrfs| xfs| jfs).*rw/{print $$3}';)
fs_names := "btrfs ext2 ext3 ext4 xfs jfs"
----------------------------------------
or
----------------------------------------
# Use xattrs for the following filesystem types.
# Requires that a security xattr handler exist for the filesystem.
fs_use_xattr btrfs gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr encfs gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr ext3 gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr ext4 gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr ext4dev gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr f2fs gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr gfs gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr gfs2 gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr gpfs gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr jffs2 gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr jfs gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr lustre gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr overlay gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr squashfs gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr xfs gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr zfs gen_context(system_u:object_r:fs_t,s0);
----------------------------------------
Of cource, the version of what I read may differ from yours. So it may
be unrelated. But we can check those setting if you can run "seinfo
--fs_use".
My current guess is
- it is not aufs that doesn't support selinux.
- it is selinux that doesn't support aufs.
Do I make myself clear with my broken English?
J. R. Okajima
