On 3/6/19 12:25 PM, J. Bruce Fields wrote:
On Wed, Mar 06, 2019 at 11:49:36AM -0500, Stephen Smalley wrote:
On 3/6/19 10:34 AM, J. Bruce Fields wrote:
On Wed, Mar 06, 2019 at 09:34:43AM -0500, Stephen Smalley wrote:
I've also have another script to test context= mount handling for
nfs since that should take precedence over native labels; it looks
like that might be broken again:
Thanks for the report, I'll take a look. That's before or after
applying this patch? Assuming the former, do you have an idea how
recent a regression it is?
Now I'm having difficulty reproducing it entirely. I thought on
stock Fedora 29 (4.20.x) I was seeing the actual underlying security
labels leaking through on files within the NFS mount despite using a
context= mount, while correctly seeing the context mount values with
your patch, but now I can't seem to repro. It was this bug that
originally motivated Scott's commit that you are further fixing
IIUC,
https://github.com/SELinuxProject/selinux-kernel/issues/35
For what it's worth, I can't reproduce. (If I mount with
-overs=4.2,context=system_u:object_r:etc_t:s0 then ls -Z, I only see
system_u:object_r:etc_t:s0.)
Yes, sorry for the noise.
