On Mon, 4 Apr 2011 22:51:55 +0200 Kay Sievers wrote: > We really need something here that is not tied to the / inode, because > we want to support r/o / or / on tmpfs with only the subdirs mounted > from disk. xattrs of / just have the same issues as /.-files, it's > just a different storage format regarding that problem.
The key is it would a _per-filesystem_ flag meaning "this fs is tainted for use with SELinux and needs relabeling". The xattr containing the value of the flag would be attached to the relative / of every mounted filesystem. filesystems mounted ro don't matter, because they cannot get their file contexts changed and therefore do not need to be marked tainted. mount itself should write the xattr when it mounts the filesystem read-write and SELinux is disabled. Bill Nottingham noted on IRC that relabeling would then be done by systemd in the same pass that handles fsck. Michal _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel