On Wed, Mar 06, 2019 at 11:49:36AM -0500, Stephen Smalley wrote: > On 3/6/19 10:34 AM, J. Bruce Fields wrote: > >On Wed, Mar 06, 2019 at 09:34:43AM -0500, Stephen Smalley wrote: > >>I've also have another script to test context= mount handling for > >>nfs since that should take precedence over native labels; it looks > >> like that might be broken again: > > > >Thanks for the report, I'll take a look. That's before or after > >applying this patch? Assuming the former, do you have an idea how > >recent a regression it is? > > Now I'm having difficulty reproducing it entirely. I thought on > stock Fedora 29 (4.20.x) I was seeing the actual underlying security > labels leaking through on files within the NFS mount despite using a > context= mount, while correctly seeing the context mount values with > your patch, but now I can't seem to repro. It was this bug that > originally motivated Scott's commit that you are further fixing > IIUC, > https://github.com/SELinuxProject/selinux-kernel/issues/35 For what it's worth, I can't reproduce. (If I mount with -overs=4.2,context=system_u:object_r:etc_t:s0 then ls -Z, I only see system_u:object_r:etc_t:s0.) --b.
