-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFE: update genfscon documentation #22
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The situation is somewhat more complex than described here. See SELinuxProject/selinux-kernel#2 for discussion of safety and use of genfscon. The kernel mechanism itself does not limit use of genfscon to only these cases; one can for example use it to label an initramfs-based rootfs, or a squashfs or even technically ext4 (but the latter wouldn't be safe).
@cgzones Any chance you can publish an update to this based on Stephen's comment above, or would you prefer us to pick it up? |
Updated the wording a bit, feel free to suggest improvements. |
Reviewed-by: Stephen Smalley [email protected] |
Partial paths can be used generally for virtual kernel filesystems, e.g. cgroup2, securityfs, selinuxfs, and not just for the proc filesystem. The genfscon statement supports an optional filetype specifier. Signed-off-by: Christian Göttsche <[email protected]>
reviewed-by: Joshua Brindle [email protected] |
Partial paths can be used generally for virtual kernel filesystems, e.g. cgroup2, securityfs, selinuxfs, and not just for the proc filesystem.
The genfscon statement supports an optional filetype specifier.