On Sun, 2004-08-22 at 11:29, Joshua Brindle wrote: > When we were experimenting with udev it only took ramfs xattr support, > add ramfs to fs_use as an xattr filesystem and set up udev with selinux > support. When it runs it creates the nodes and then labels them via the > libselinux api which reads file_contexts. Aside from the problems I've > already mentioned there should be no problems running udev. > > If the tmpfs context support is something different from this then it > should not be used (I have not looked at tmpfs support at all but have > personal experience that ramfs xattr works as expected). tmpfs is preferable to ramfs, as tmpfs uses swap and honors resource limits. But separate tmpfs instances can be used for diverse purposes by userspace (/tmp, /dev, /dev/shm) and a tmpfs instance is always used internally by the kernel for shared memory, so we want to be able to assign different filesystem security contexts to different tmpfs instances. That requires extending fscontext= support to it, so that we can specify the context on a per-mount basis. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
