The base policy Gentoo uses does not have the proper attributes for the F2FS filesystem. Even with F2FS_FS_XATTR and F2FS_FS_POSIX_ACL, a chcon reports 'Operation not supported'. The solution is to add the line fs_use_xattr f2fs gen_context(system_u:object_r:fs_t,s0); to policy/modules/kernel/filesystem.te. Solution courtesy of freenode's #selinux.
Okay, it's part of our repository (so if you use the live selinux-* ebuilds you'll fetch it in with the next build of selinux-base-9999) and it will be part of the 3rd revision of our policy packages. I'm assuming the file system in /etc/mtab is shown as "f2fs"? I'll update the rlpkg package as well to enable relabeling it through "rlpkg -a -r".
Yes, the filesystem shows up as f2fs in mtab and /proc/mounts.
Also I noticed that /usr/sbin/mkfs.f2fs has type system_u:object_r:bin_t while the other mkfs.* have type system_u:object_r:fsadm_exec_t. This should also probably be fixed.
Yup; added to the fstools.fs file context. I made the addition for both /sbin/mkfs.f2fs and /usr/sbin/mkfs.f2fs. The /sbin one perhaps isn't exactly needed (as there already is a /sbin/mkfs.*) but wont hurt either (more explicit).
With the suggested changes, does everything now work as expected? There are some concerns that F2FS does not support the security.* namespace for extended attributes, so enabling SELinux support for it would be null anyway.
Kernels older than 3.11 do not support security labels, so enabling it would do nothing, but for kernels 3.11 and after it supports security labels. I just got done testing another install and it appears to be working.
r3 is now in the tree, ~arch'ed
r4 is now stable in the tree