Joshua Brindle (jbrindle@xxxxxxxxxx) said: > > Likely, but we'd want to distinguish the ro mount case from a > > rw mount where the read lock acquisition fails for some other > > cause. Likely can just test for errno EROFS when > > semanage_get_active_lock() fails, and proceed with rdonly > > operations in that case? cc'd Tresys folks above. > > Not sure about this, if the mount becomes rw in the middle of a EROFS > read the policy can changed underneath them. Yes, but that tends to imply some fairly severe gun -> foot interactions on the part of the admin. > I guess I'm unsure where > this sudden push for ro filesystem support is coming from and why its > important. Any kind of read only / system is going to have a highly > abstracted interface. I have serious doubts that there would be any > users running a bash shell and trying to get a list of modules. http://fedoraproject.org/wiki/StatelessLinux Bill -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
