I'd prefer if we work on getting proper kernel support for handling SELinux
labels on the rootfs. http://marc.info/?l=initramfsm=142178147926029w=2
adds support for a rootfs with SELinux labels built in, but that patchset
seems to have stalled.
Once we have that, then we could do all the rootfs labeling at build time,
and not have to tweak labels at runtime.
-- Nick
On Tue, Jun 2, 2015 at 11:18 AM, Roberts, William C
william.c.robe...@intel.com wrote:
Given that rootfs supports restorecon can we kill seclabel and just
label things in sbin and set up transitions? Can we perhaps support
genfscon path name labeling like in sysfs/procfs and thus avoid the need
for a restorecon?
Any objections to this or preference in approach?
Thanks,
Bill
___
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing help to
seandroid-list-requ...@tycho.nsa.gov.
--
Nick Kralevich | Android Security | n...@google.com | 650.214.4037
___
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing help to
seandroid-list-requ...@tycho.nsa.gov.
