So, what, exactly, does SELinux do in the absence of file context information? It seems to me that the "correct" behavior would be to ignore missing context information. Perhaps logging the fact that the file lacks context, but proceeding as if SELinux weren't installed. Yes, it's less secure, but it's also "the principle of least surprise." Watching the mount messages at bootup, it also appears as though for EA-incapable filesystems SELinux will generate context information automatically, is it not possible to do this for files without the context info? And, more importantly, it lets me share data between my FC1 install and FC2 install as an ordinary user ;-P -- Shahms King <shahms@xxxxxxxxxx>
