On Mon, 2009-12-14 at 11:11 +0100, Roberto Sassu wrote: > Hi all > > i'm using Fedora12 and i have configured an ecryptfs filesystem. > I see that the default behaviour for this filesystem is to use an unique mount- > wide context (ecryptfs_t) to label each file. > There's a way to override this behaviour (for example by inserting a mount > parameter), in order to use the extended attributes on the lower filesystem or > patching the distributed selinux policy is the only option possible? > > Thanks in advance for replies. You'd have to modify, rebuild, and replace the base policy module to specify fs_use_xattr for ecryptfs rather than genfscon. There was an attempt to automate probing for xattr support and use it if present, but it ran into problems, see: http://marc.info/?t=121379726100001&r=1&w=2 -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
