Ah thanks for the clarification! On 17.03.25 18:29, Petr Lautrbach wrote:
Cathy Hu <cahu@xxxxxxx> writes:On 17.03.25 15:29, Petr Lautrbach wrote:You could use `-e <directory>` to exclude read only subdirectories.Yes that is possible, but also requires a manual change by the user to set this up together with the snapshot (same as telling them to add <<none>>), which we would like to avoid.Your -relabel.service's are generated and so can be restorecon options there. Fedora uses fixfiles - https://github.com/SELinuxProject/selinux/blob/main/policycoreutils/scripts/fixfiles - which detects ro filesystems and skip them.Is there a reason why these r-o subvolumes are not skipped by default? Could they be skipped without a problem and it is just missing the implementation? Thanks :) Kind regards, Cathy -- Cathy Hu <cahu@xxxxxxx> SELinux Security Engineer GPG: 5873 CFD1 8C0E A6D4 9CBB F6C4 062A 1016 1505 A08A SUSE Software Solutions Germany GmbH Frankenstrasse 146 90461 Nürnberg Geschäftsführer: Ivo Totev, Andrew McDonald, Werner Knoblich (HRB 36809, AG Nürnberg)
-- Cathy Hu <cahu@xxxxxxx> SELinux Security Engineer GPG: 5873 CFD1 8C0E A6D4 9CBB F6C4 062A 1016 1505 A08A SUSE Software Solutions Germany GmbH Frankenstrasse 146 90461 Nürnberg Geschäftsführer: Ivo Totev, Andrew McDonald, Werner Knoblich (HRB 36809, AG Nürnberg)
Attachment:
OpenPGP_0x062A10161505A08A.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
