Given that rootfs supports restorecon can we kill seclabel and just label
things in sbin and set up transitions? Can we perhaps support genfscon path
name labeling like in sysfs/procfs and thus avoid the need for a restorecon?
Any objections to this or preference in approach?
Thanks,
Bill
I'd prefer if we work on getting proper kernel support for handling SELinux
labels on the rootfs. http://marc.info/?l=initramfsm=142178147926029w=2
adds support for a rootfs with SELinux labels built in, but that patchset
seems to have stalled.
Once we have that, then we could do all the rootfs
