On Fri, Jul 10, 2015 at 9:23 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
On 07/10/2015 11:53 AM, Roberts, William C wrote:
> Also, I see the manpage for mount has rootcontext, does this provide the
> rootnode context so the xattr won’t be queried, or does it provide some
> transient
> label that is replaced at mount with the xattr query?
rootcontext= is typically used to assign a specific context to the root
directory of e.g. tmpfs mounts, rather than having to first mount it and
then change the context to some value.
Using it wouldn't suppress the getxattr call by SELinux for a
fs_use_xattr filesystem, as SELinux always does that regardless just to
probe whether the filesystem supports security xattrs (if not, then it
will fail the mount). It would however override any underlying xattr
value for the root directory.
I found this before, but cannot seem to find it now, where in the mount call
path is the routine to query the xattr for the rootnode?
Respectfully,
William C Roberts
William C Roberts
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
