On Thu, 2004-10-28 at 08:24, Douglas Furlong wrote: > On Wed, 2004-10-27 at 16:18 +0200, Borkowski Dariusz wrote: > > What is fine-grained file labeling in ext3? > I think it is related to SELinux, but I can't be sure. Yes. The ability to assign individual security labels to individual files on the filesystem. Requires extended attribute (xattr) support in the filesystem and a xattr handler for the security namespace for that filesystem. reiserfs has an emulation of xattrs implemented as regular files, but the current implementation produces deadlock when used with SELinux upon setting an attribute (unless SELinux is explicitly told to not even try using those handlers, as has been done for FC3/final). There are also permission checking issues; reiserfs attempt to look up an xattr file calls into the VFS and ends up triggering a directory search permission check, and SELinux presently has no way to know that this is purely an internal access to private state by the filesystem itself. Preliminary patches proposed already to the reiserfs maintainers, but they haven't acted on them yet. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency