On Mon, 2005-04-04 at 11:02 -0400, Deron Meranda wrote: > I'm trying to mount some ISO files using the loop device. However > I can't seem to get the context= option on the mount to work. As > such the mounted files have no SELinux context set. In particular > I'm trying the following, > > mount -t iso9660 \ > -o context=system_u:object_r:httpd_sys_content_t,loop,ro,noexec,nodev,nosuid > \ > /path/to/file.iso /mountpoint > > I'm running in enforcing mode with selinux-policy-targeted-1.17.30-2.93 > > How can one mount an ISO image file and force all files to appear > to have a particular SELinux context? What makes you think it isn't working? ls -Z isn't going to work regardless, as iso9660 doesn't provide extended attribute handlers. But the context= option should set the security context that is applied internally by SELinux to the incore inodes, so that they will be access controlled accordingly. BTW, fscontext= may be more suitable here than context=. -- Stephen Smalley <sds@xxxxxxxxxxxxx> National Security Agency
