On Fr, 22.06.18 14:26, Chris Murphy (lists@xxxxxxxxxxxxxxxxx) wrote: > On Fri, Jun 22, 2018 at 1:30 PM, Kyle Marek <psppsn96@xxxxxxxxx> wrote: > > > Anaconda in F28 currently claims /boot cannot be vfat. However, this appears > > to be an artificial limitation, because `grub2-install` works and makes a > > bootable GRUB with a vfat-typed --boot-directory. > > I'm not sure why there would be an issue with /boot being vfat. I guess two > > good questions to ask that might offer some insight: > > > > What filesystem limitations make vfat unappealing? (do we need symlinks?) > > Unappealing from a non-shared distro-centric point of view: no xattr, > no POSIX permissions or owners, no links. > > Some of those things are unappealing and maybe disqualifying for a > shared boot, security labels being one. Please be less vague. We already established that currently the selinux databse only uses two different relevant labels on /boot. And it's not clear to me that it's really worth maintaining those separately. And if there's only one label for it, then fat is fine, as it's sufficient then to specify the label to use in the mount options. I mean, let's face it, the main stakeholder on $BOOT is not going to honour the labels anyway, so I think it's only fair to treat the whoile thing as a single security domain. Lennart -- Lennart Poettering, Red Hat _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/66JMLS4ZYQLB3FBABQPZUIXITZCZCMH2/
