On Sunday 12 June 2005 23:23, Valdis.Kletnieks@xxxxxx wrote: > The data will be readable off any box that supports ext3 and extended > attributes (I can't remember what happens if the kernel doesn't do the > extended attributes - whether it won't mount, or it mounts-and-ignores). > At worst, you'd need to drop to 'permissive' mode and/or restorecon. Code to support XATTRs in Ext2/3 has been there for quite a while. Code that works properly (and base Ext2/3 code that has no bugs related to this) is a bit newer. If you have a file system with XATTRs on sym-links (SE Linux puts XATTRs on all file system objects) and then try to mount it on an older 2.4.x kernel then there will be problems, I can't remember if the problems merely made the file system unusable of whether a full kernel panic occurred. In any case the result was not good. If you need to share a disk with an old 2.4.x machine then a good solution is to mount it with -o context=... Then the context is stored in kernel memory and never written to disk (unless you use a program such as mv or cp that does it - but it will not be done automatically by the kernel). For an external device the context= mount option is good for security too. Devices that are mounted nosuid also inhibit domain_auto_trans() rules, but having arbitrary data types on files is not desirable. But generally the answer is that there is no serious issue no matter what you want to do. You just have to do it in the right way. Also note that some new file system features in recent 2.6.x kernels are not supported on 2.4.x. So you may have some issues with using an old kernel even if not using SE Linux. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
