Re: [PATCH] security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3/6/19 12:25 PM, J. Bruce Fields wrote:
On Wed, Mar 06, 2019 at 11:49:36AM -0500, Stephen Smalley wrote:
On 3/6/19 10:34 AM, J. Bruce Fields wrote:
On Wed, Mar 06, 2019 at 09:34:43AM -0500, Stephen Smalley wrote:
I've also have another script to test context= mount handling for
nfs since that should take precedence over native labels; it looks
  like that might be broken again:

Thanks for the report, I'll take a look.  That's before or after
applying this patch?  Assuming the former, do you have an idea how
recent a regression it is?

Now I'm having difficulty reproducing it entirely.  I thought on
stock Fedora 29 (4.20.x) I was seeing the actual underlying security
labels leaking through on files within the NFS mount despite using a
context= mount, while correctly seeing the context mount values with
your patch, but now I can't seem to repro.  It was this bug that
originally motivated Scott's commit that you are further fixing
IIUC,
https://github.com/SELinuxProject/selinux-kernel/issues/35

For what it's worth, I can't reproduce.  (If I mount with
-overs=4.2,context=system_u:object_r:etc_t:s0 then ls -Z, I only see
system_u:object_r:etc_t:s0.)

Yes, sorry for the noise.





[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux