| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <881BF477-8E3C-4CAD-975A-6656D99BAC03@dilger.ca>
Date: Sat, 20 Sep 2025 16:39:53 -0600
From: Andreas Dilger <adilger@...ger.ca>
To: Ralph Siemsen <ralph.siemsen@...aro.org>
Cc: linux-ext4@...r.kernel.org
Subject: Re: [PATCH v2 3/4] mke2fs: add root_selinux option for root inode
label
On Sep 10, 2025, at 7:51 AM, Ralph Siemsen <ralph.siemsen@...aro.org> wrote:
>
> This option allows setting the SELinux security context (label) for the
> root directory. A common value would be system_u:object_r:root_t
> possibly with a level/range such as :s0 suffix (for MCS/MLS policy).
>
> Signed-off-by: Ralph Siemsen <ralph.siemsen@...aro.org>
Looks fine. It took a bit to figure out what the ".nh" macro was doing
(I kept finding ".NH" = Numbered Header), but I found "no-hyphenate"
tha acually makes sense.
Reviewed-by: Andreas Dilger <adilger@...ger.ca>
> diff --git a/misc/mke2fs.8.in b/misc/mke2fs.8.in
> index 99ecc64b..ffe02eb0 100644
> --- a/misc/mke2fs.8.in
> +++ b/misc/mke2fs.8.in
> @@ -428,6 +428,16 @@ Specify the root directory permissions in octal format. If no permissions
> are specified then the root directory permissions would be set in accordance with
> the default filesystem umask.
> .TP
> +.BI root_selinux= label
> +Specify the root directory SELinux security context as
> +.IR label ,
> +typically
> +.nh
> +.B system_u:object_r:root_t
> +with an optional level/range suffix such as
> +.B :s0
> +for MCS/MLS policy types.
> +.TP
Cheers, Andreas
Download attachment "signature.asc" of type "application/pgp-signature" (874 bytes)
Powered by blists - more mailing lists