Here is my current code for lsm c/r support. I'll be out a good part of next week, but intend to spend the next few weeks doing proper selinux implementation, working on the comments for these earlier patches, and writing some automated tests. These patches seem solid on my setup, and shouldn't hurt anything to have in the tree for testing. I'm punting on the SELinux code this week bc testing it requires a lot more userspace tweaking to properly test. That means that if you have an SELinux-enabled kernel, you will be able to use mktree without -k as usual to get default labeling, but mktree -k < out will return -ENOSYS. I'm not sending to linux-kernel-module or selinux lists because that will require writing patch intros describing c/r again etc... -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
