On Mon, Jul 30, 2007 at 08:27:47AM -0400, Stephen Smalley wrote:
> On Mon, 2007-07-30 at 09:29 +1000, David Chinner wrote:
> > On Sun, Jul 29, 2007 at 05:02:09PM +0200, Adrian Bunk wrote:
> > > Please correct me if any of the following assumptions is wrong:
> > > - SELinux is currently the only user of filesystem security labels
> > > shipped with the Linux kernel
> > > - if a user has SELinux enabled he wants his filesystems to support
> > > security labels
> > >
> > > Based on these assumption, it doesn't make sense to have the
> > > *FS_SECURITY user visible since we can perfectly determine automatically
> > > when turning them on makes sense.
> > Hmmm. The code in XFS is not dependent on selinux, but this change
> > would mean that testing the security xattr namespace would require a
> > selinux enabled kernel.
> > I agree that the default for these should be "y" and selected if
> > selinux is enabled, but forcing us to use selinux enabled kernels
> > (on distro's that may not support selinux) just to test the
> > security xattr namespace is a bit of a pain.
> You can enable SECURITY_SELINUX in the kernel config but still have it
> boot disabled by default via SECURITY_SELINUX_BOOTPARAM_VALUE=0.
Ok, that shouldn't cause a problem then. Objection withdrawn. ;)
SGI Australian Software Group