From: bigon@debian.org (Laurent Bigonville)
Date: Wed, 5 Mar 2014 00:28:49 +0100
Subject: [refpolicy] resotorecon/setfiles generating avc: denied {
 getattr } on pseudo filesystems
In-Reply-To: <5315FFE0.7010009@tresys.com>
References: <20140304171237.41758378@soldur.bigon.be>
	<5315FFE0.7010009@tresys.com>
Message-ID: <20140305002849.78607352@fornost.bigon.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Le Tue, 4 Mar 2014 11:31:28 -0500,
"Christopher J. PeBenito" <cpebenito@tresys.com> a ?crit :

> On 03/04/2014 11:12 AM, Laurent Bigonville wrote:
[...]
> > Talking a bit with Dominick, he proposed to create a new
> > "xattrfs" attribute attach it to all the filesystems and then use it
> > instead of fs_t in the allow rules. This should probably also
> > simplify/fix situations where files are moved around these pseudo-fs
> > and real fs.
> 
> It sounds reasonable to me, now that fs_t is not the only xattr fs.

Do you know if we can assume that all the fs that currently don't have
the noxattrfs attribute are actually supporting the xattrs?