Bug 428517

Summary: RFE: add option to mount to "restorecon" the filesystem to be mounted
Product: [Fedora] Fedora Reporter: Till Maas <opensource>
Component: util-linux-ngAssignee: Karel Zak <kzak>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-23 15:39:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Till Maas 2008-01-12 18:47:19 UTC
Description of problem:
When one wants to mount a filesytem, e.g. to /tmp, the files on it may have the
right selinux context. It would be useful to have an option for mount to make
sure that the file contexts are right before the mounted partition is available
to the system, e.g.

mount -o restorecon /dev/sda8 /tmp

This should make sure the selinux context for the filesystem is changed as if it
was mounted to /tmp and then mount it to /tmp. In case selinux is not activated,
nothing should happen. But there should be another option to enforce restorecon
in case selinux is not activated, e.g.

mount -o restorecon=<policyname> /dev/sda8 /tmp

where <policyname> is the name of the policy, wher the contexts should be taken
from, e.g. targeted or strict.

This would be useful in case filesystems are created during startup, e.g. an
encrypted /tmp partition. Then with the right option in /etc/fstab it would be
made sure, that the context of /tmp is correct. For reference see: bug #250881

Comment 1 Daniel Walsh 2008-05-07 20:10:26 UTC
/tmp is a bad example since there is not default context for the file in /tmp.



Comment 2 Karel Zak 2008-08-10 19:45:08 UTC
(In reply to comment #0)
> It would be useful to have an option for mount to make
> sure that the file contexts are right before the mounted partition is 
> available to the system, e.g.

 This is unreal wish, mount(8) does not have a way how work with unmounted FS. The filesystem is available to system or not. (We don't have anything like 2-phase mount.)

> mount -o restorecon /dev/sda8 /tmp
> 
> This should make sure the selinux context for the filesystem is changed as if > it was mounted to /tmp and then mount it to /tmp. In case selinux is not 
> activated, nothing should happen. But there should be another option to 
> enforce restorecon in case selinux is not activated, e.g.
> 
> mount -o restorecon=<policyname> /dev/sda8 /tmp
> 
> where <policyname> is the name of the policy, wher the contexts should be 
> taken from, e.g. targeted or strict.

This all is very very complex requirement. I'm not sure that mount(8) the right place to resolve all problems with selinux contexts and block devices.

> This would be useful in case filesystems are created during startup, e.g. an
> encrypted /tmp partition. Then with the right option in /etc/fstab it would be
> made sure, that the context of /tmp is correct. For reference see: bug #250881

My plan (and it's still plan only...) is write a modular libmount (like PAM) where you can extend (by module) the mount process be arbitrary pre/post-mount(2) action.