Re: ext4_has_free_blocks always checks cap_sys_resource and makes SELinux unhappy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Eric Paris wrote:
> I'm running an ext4 root filesystem and regularly get SELinux denials
> like:
> 
> Oct 16 08:32:55 localhost kernel: type=1400 audit(1224160369.076:5):
> avc: denied  { sys_resource } for  pid=1624 comm="dbus-daemon"
> capability=24 scontext=system_u:system_r:system_dbusd_t:s0
> tcontext=system_u:system_r:system_dbusd_t:s0 tclass=capability
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=467216

For the record, I've put a couple patches into the ext4 patch queue that
should do Eric's first suggestion of deferring the capable() check until
it's really needed.  Details are in the bug  above.

Thanks,
-Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Reiser Filesystem Development]     [Ceph FS]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite National Park]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]     [Linux Media]

  Powered by Linux