summaryrefslogtreecommitdiff
path: root/init
diff options
context:
space:
mode:
authorJonathan Lebon <jlebon@redhat.com>2020-05-28 10:39:40 -0400
committerPaul Moore <paul@paul-moore.com>2020-06-23 20:42:38 -0400
commitc8e222616c7e98305bdc861db3ccac520bc29921 (patch)
treecbbab81df5052aa571c35e91b493936204e991fe /init
parentb3a9e3b9622ae10064826dccb4f7a52bd88c7407 (diff)
selinux: allow reading labels before policy is loaded
This patch does for `getxattr` what commit 3e3e24b42043 ("selinux: allow labeling before policy is loaded") did for `setxattr`; it allows querying the current SELinux label on disk before the policy is loaded. One of the motivations described in that commit message also drives this patch: for Fedora CoreOS (and eventually RHEL CoreOS), we want to be able to move the root filesystem for example, from xfs to ext4 on RAID, on first boot, at initrd time.[1] Because such an operation works at the filesystem level, we need to be able to read the SELinux labels first from the original root, and apply them to the files of the new root. The previous commit enabled the second part of this process; this commit enables the first part. [1] https://github.com/coreos/fedora-coreos-tracker/issues/94 Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Jonathan Lebon <jlebon@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'init')
0 files changed, 0 insertions, 0 deletions