Fedora and udev

[Stephen Smalley]

On Sun, 2004-08-22 at 11:29, Joshua Brindle wrote:
> When we were experimenting with udev it only took ramfs xattr support, 
> add ramfs to fs_use as an xattr filesystem and set up udev with selinux 
> support. When it runs it creates the nodes and then labels them via the 
> libselinux api which reads file_contexts. Aside from the problems I've 
> already mentioned there should be no problems running udev.
> 
> If the tmpfs context support is something different from this then it 
> should not be used (I have not looked at tmpfs support at all but have 
> personal experience that ramfs xattr works as expected).

tmpfs is preferable to ramfs, as tmpfs uses swap and honors resource
limits.  But separate tmpfs instances can be used for diverse purposes
by userspace (/tmp, /dev, /dev/shm) and a tmpfs instance is always used
internally by the kernel for shared memory, so we want to be able to
assign different filesystem security contexts to different tmpfs
instances.  That requires extending fscontext= support to it, so that we
can specify the context on a per-mount basis.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency