problems with tmpfs and relabeling

Bill Nottingham notting at
Fri Apr 21 18:58:25 UTC 2006

Joshua Brindle (jbrindle at said: 
> > Yes, but that tends to imply some fairly severe gun -> foot 
> > interactions on the part of the admin.
> The admin need not know what is going on, how many things happen on
> average linux systems without an average admins knowledge?

Well, I'd hope that remounting the root FS read-write wouldn't
be one of those. Arguably, you could even set up the policy to disallow

> I retract the above statement. Even when making non-persistent boolean
> changes (which I can see happening on these systems) the lock is
> attempted. Its still unclear whether setsebool should fallback or if
> libsemanage should. I don't like the idea of lockless readers, even if
> the filesystem is RO when we start reading. 

Hm, I didn't consider booleans. How (at an implementation level)
is setting of booleans done? (I've haven't looked at the backend guts
of the SELinux code that much.)


More information about the fedora-selinux-list mailing list