Bug 428517
Summary: | RFE: add option to mount to "restorecon" the filesystem to be mounted | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Till Maas <opensource> |
Component: | util-linux-ng | Assignee: | Karel Zak <kzak> |
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-02-23 15:39:10 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Till Maas
2008-01-12 18:47:19 UTC
/tmp is a bad example since there is not default context for the file in /tmp. (In reply to comment #0) > It would be useful to have an option for mount to make > sure that the file contexts are right before the mounted partition is > available to the system, e.g. This is unreal wish, mount(8) does not have a way how work with unmounted FS. The filesystem is available to system or not. (We don't have anything like 2-phase mount.) > mount -o restorecon /dev/sda8 /tmp > > This should make sure the selinux context for the filesystem is changed as if > it was mounted to /tmp and then mount it to /tmp. In case selinux is not > activated, nothing should happen. But there should be another option to > enforce restorecon in case selinux is not activated, e.g. > > mount -o restorecon=<policyname> /dev/sda8 /tmp > > where <policyname> is the name of the policy, wher the contexts should be > taken from, e.g. targeted or strict. This all is very very complex requirement. I'm not sure that mount(8) the right place to resolve all problems with selinux contexts and block devices. > This would be useful in case filesystems are created during startup, e.g. an > encrypted /tmp partition. Then with the right option in /etc/fstab it would be > made sure, that the context of /tmp is correct. For reference see: bug #250881 My plan (and it's still plan only...) is write a modular libmount (like PAM) where you can extend (by module) the mount process be arbitrary pre/post-mount(2) action. |