In the NSA example policy package, the genfs_contexts explains that except /proc, all other filesystems without xattr support are limited to a single entry /. Can I specify the subdirs of a filesystem with different lables with genfscon just like /proc?
More specifically, I am using NFS and cramfs, where I specify
genfscon nfs / root_t
genfscon nfs /bin bin_t
However, after boot and load the result policy, still every dir in rootfs is labelled with root_t. It seems the same result for cramfs. According this thread: http://marc.info/?l=selinux&m=102587231814793&w=2, it seems that this should be doable.
Please give hand, thanks very much!
--Run
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
