Two things are still required for full SELinux integration.
First, we need convince the major distributions which enable SELinux by default to add ZFS as a known filesystem type which supports xattrs. Without this all users will either need to rebuild their SELinux policy, or use mountpoint labeling instead of the preferred xattr labeling.
Second, the 'security.selinux' xattr should become a virtual xattr (like system.richacl) which instead of storing the context in a traditional xattr, stores the value in a System Attribute (SA) attached to the dnode. This will eliminate the extra xattr overhead and will make it quick to access the selinux context.
Consider the first thing to be in progress in Gentoo Linux:
Wonderful! Thanks for getting the ball rolling on SELinux. I saw the comments in the bug about build issues with Gentoo Hardened. If you still have patches you need to apply to build with the kernel I'd love to take a look at them. We can probably add the needed autoconf checks to the upstream source to get it building.
As for the second item that could actually be considered done. A few months back I added support for generic xattrs to be stored with the dnode to greatly improve performance. Simply run 'zfs set xattr=sa dataset' to enable this xattr performance improvement. It's off by default since it means that other non-Linux ZFS implementation won't be able to access the xattr until they add this feature. With it enabled xattr performance is comparable to ext4. See 82a3718
Originally posted May 4:
Good news for Fedora:
The selinux policy change appears to have be included recently.
(Comment moved from issue #671.)
Closing issue. xattrs may now be stored as SA's by setting xattr=sa and distributions have started adding ZFS to their default SELinux policy.