On Fri, 2010-07-23 at 12:14 -0500, Xavier Toth wrote: > I'm looking at building a fuse filesystem for polyinstantiated > directories which could be used as a alternative to pam_namespace. > I've noticed that my filesystem is never queried for the xattr > security.selinux and that the file contexts are defaulting to a fuse > file type. I've seen some list posting from 2004 related to this > subject but not much else. Is this a bug or a feature? > > Ted > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. Since I'm unclear about the internals of fuse this might be a completely wrong idea but another thing that could be tried is having mount take the filesystem name from the fuse mount command (looks like its at the beginning of the device portion of the fstab entry) and have SELinux query the policy for that fs name and do labeling based on that. One issue I can see with this is if fuse shares a single superblock for all of the fuse mounts inside the kernel and relies on the userspace component to actually do the separation of the requests this could be a problem. Dave -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
