On Mon, 2007-07-30 at 09:29 +1000, David Chinner wrote: > On Sun, Jul 29, 2007 at 05:02:09PM +0200, Adrian Bunk wrote: > > Please correct me if any of the following assumptions is wrong: > > - SELinux is currently the only user of filesystem security labels > > shipped with the Linux kernel > > - if a user has SELinux enabled he wants his filesystems to support > > security labels > > > > Based on these assumption, it doesn't make sense to have the > > *FS_SECURITY user visible since we can perfectly determine automatically > > when turning them on makes sense. > > Hmmm. The code in XFS is not dependent on selinux, but this change > would mean that testing the security xattr namespace would require a > selinux enabled kernel. > > I agree that the default for these should be "y" and selected if > selinux is enabled, but forcing us to use selinux enabled kernels > (on distro's that may not support selinux) just to test the > security xattr namespace is a bit of a pain. You can enable SECURITY_SELINUX in the kernel config but still have it boot disabled by default via SECURITY_SELINUX_BOOTPARAM_VALUE=0. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe reiserfs-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
