comments from a late adopter
Russell Coker
russell at coker.com.au
Mon Apr 12 06:46:27 UTC 2004
On Mon, 12 Apr 2004 10:45, Alexandre Oliva <aoliva at redhat.com> wrote:
> On Apr 11, 2004, Gene Smith <gds at chartertn.net> wrote:
> > What does labeling a fs from another drive do when that fs is run with
> > a non-selinux OS, e.g., rh 7.2?
>
> Nothing, I suppose. It just adds xattrs to the filesystem. The older
> kernel won't keep them consistent, so if you remove a file that has a
> label a newer fsck will complain that the shared xattr has an
> incorrect use count, but that's about it AFAICT.
There were several bugs in the early Ext2/3 XATTR code. One particularly
nasty one was related to an XATTR on a symbolic link confusing the kernel
code and triggering a kernel panic. SE Linux labels ALL active Inodes
including sym-links, so the typical result of trying to boot an old kernel
with a file system that had been used for SE Linux would be a kernel panic
the first time a system boot script starting with #!/bin/sh was run...
If you try sharing /home between an SE Linux installation and an installation
with an old kernel then it can only be expected to work if you have no
sym-links in /home. If you refrain from using KDE and GNOME then it might be
possible to have no sym-links in /home.
Generally if you have a recent kernel on the non-SE installation then things
should be OK. I'm not sure how recent it has to be though, certainly a lot
more recent than RH 7.2...
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-test-list
mailing list