SELinux survey (was RE: Stupid F7 boot loop)

[Les Mikesell]

Rahul Sundaram wrote:
>> This article doesn't explain whether it follows standards or will 
>> always be a single-supplier non-standard extension.
> 
> That's not the focus of the article. There are other documentation 
> available for what you want to know.
> 
> What standard are you talking about? There is no single supplier nor is 
> this a non-standard extension. SELinux is merged upstream and uses 
> extended attributions (xattr) which is not SELinux specific.

Is there a published standard for network representation of xattr for 
networked filesystems?

>   If you are using SELinux,
>> can you still transparently replace your local disks with network 
>> mounts  where the systems hosting the disks are appliances or running 
>> some other OS? 
> 
> You can. Most of the software don't require any SELinux specify 
> modifications and a central policy will be applied on them. Filesystems 
> that don't read the extended attributes will ignore it (an example of 
> this is NFS. I believe all others .You can assign a specific context via 
> the mount command over a entire mount if the filesystem does not support 
> extended attributes. More details on the mount man page.
> 
>  If you can't do that today, is the standard published to
>> permit it eventually?
> 
> You can find examples on how to add extended attribute support by 
> looking at the existing software if that is what you are asking for.

For the things that do require the extended attributes in the inodes, 
has a cross-platform standard been published or agreed upon for 
networked filesystems?

-- 
   Les Mikesell