Re: Looking for users of userfaultfd(2) syscall in Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Apr 6, 2021 at 7:33 PM Zbigniew Jędrzejewski-Szmek
<zbyszek@xxxxxxxxx> wrote:
> On Tue, Apr 06, 2021 at 06:57:27PM +0200, Ondrej Mosnacek wrote:
> > Hi all,
> >
> > Kernel 5.12 added support to SELinux for controlling access to the
> > userfaultfd interface [1][2] and we'd like to implement this in
> > Fedora's selinux-policy. However, once we add the corresponding class
> > to the policy, all SELinux domains for which we don't add the
> > appropriate rules will have any usage of userfaultfd(2) denied.
>
> https://codesearch.debian.net/search?q=userfaultfd(&literal=1
> lists a few candidates…

Thanks, that's a nice tool!

Filtering out false-positives, the kernel itself, and user programs
that would normally run under unconfined_t, packages dead in Fedora,
..., the only relevant one seems to be 'criu' (already mentioned in
this thread). Strange that it didn't find QEMU... maybe needs a more
generic search...

--
Ondrej Mosnacek
Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux