On Mon, Oct 5, 2020 at 7:31 AM Ashish Mishra <ashishm@xxxxxxxxxx> wrote: > Hi All , > > This is my first post here so please let me know if this is the correct group . > > I am starting to learn about SELINUX for one of our internal projects. > > The ROOT_FS of the planned project is supposed to be RAMFS. > I haven't much experience with SELINUX , hence : > > 1) Does the team can share any comment / risk / feedback w.r.t RAMFS ? Well, ramfs doesn't support extended attributes, so it wouldn't be possible to label individual files. They would all be labeled as "system_u:object_r:ramfs_t:s0". So I think such system likely wouldn't work with SELinux + stock Fedora policy. Any chance you could use tmpfs instead of ramfs? It has xattr support, so it could work fine (or at least should be easier to get to work :). > > 2) Is there any specific module / functionality that I should look at to have > default SELINUX supported with RAMFS ? > > 3) Or is default SELINUX can handle the storage of required tags / context > by default of the available filesystem ( RAMFS ) in our case ? > > I was planning to have "targeted" policy to be enabled by default > > > Thanks , > Ashish Kumar Mishra. > > > _______________________________________________ > selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx -- Ondrej Mosnacek Software Engineer, Platform Security - SELinux kernel Red Hat, Inc. _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
