On Thu, Feb 9, 2017 at 5:32 PM, Antonio Murdaca <amurdaca@xxxxxxxxxx> wrote: > > > On Feb 9, 2017 20:23, "Paul Moore" <paul@xxxxxxxxxxxxxx> wrote: > > On Thu, Feb 9, 2017 at 12:39 PM, Antonio Murdaca <amurdaca@xxxxxxxxxx> > wrote: >> On Feb 9, 2017 17:14, "Paul Moore" <paul@xxxxxxxxxxxxxx> wrote: >> On Thu, Feb 9, 2017 at 11:02 AM, Antonio Murdaca <amurdaca@xxxxxxxxxx> >> wrote: >>> From: Antonio Murdaca <runcom@xxxxxxxxxx> >>> >>> This patch allows genfscon per-file labeling for cgroupfs. For instance, >>> this allows to label the "release_agent" file within each >>> cgroup mount and limit writes to it. >>> >>> Signed-off-by: Antonio Murdaca <amurdaca@xxxxxxxxxx> >>> --- >>> security/selinux/hooks.c | 2 ++ >>> 1 file changed, 2 insertions(+) >> >> This was already merged ... ? >> >> >> This is adding cgroup and cgroup2 to the other whitelist (afaict). > > Yes, my apologies, I read this patch too quickly and confused it with > the previous cgroups patch. > > Just to set expectations, this patch is too late for the upcoming > merge window, we can consider it in a few weeks once the merge window > has closed. This should give you some time to do some further testing > (hint, hint). > > > Sure, I'm going to test this and add tests in selinux-testsuite as well Great, thank you. -- paul moore www.paul-moore.com -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
