Richard P. Welty wrote:
> i'm working with an FC5 test server which i'm trying to get set up
> so we can benchmark xfs vs. jfs vs. ext3(writeback).
>
> does anyone have any suggestions on setting up a tablespace on
> a jfs partition with selinux in enforcing mode?
following myself up here, as i made significant progress after posting
that. i certainly have been learning a lot on this one.
the relevant issue is that jfs doesn't support the attributes used by
selinux in tagging files as part of its security model; xfs and ext3 do.
some claim (including some selinux faqs) that this means you can't
use jfs with selinux. this isn't actually true, but what is true is that
you can't get most of the selinux security benefits with jfs.
so for the celery postgresql test server, what i have is an ext3 boot
partition (fedora won't permit xfs or jfs there), xfs for the system
partitions, and jfs, xfs, and ext3/wb partitions on LVM stripe sets
over pairs of disks.
xfs and ext3 seem to work just fine with postgresql tablespaces out
of the box with selinux in enforcing mode.
jfs does not.
in working through the selinux audit2allow steps, i came up with
an selinux policy file that permits postgresql to set up a table space
on a jfs partition, but it's extremely permissive and probably no more
secure than just excluding postgresql from selinux security altogether.
now, on to the benchmarks.
richard
--
Richard Welty rwelty@mycelery.com
1-866-MY-CELERY 518-269-8232 (cell)