On Tue, Jun 26, 2018 at 05:33:10PM -0500, Daniel Jurgens wrote: > > Overall, I don't understand why ipoib is even *doing* selinux checks > > at all. Surely that is the bug, isn't it? > > > > ipoib is *kernel* code, other that 'create child' it is not triggered > > by the user, and certianly should not inherit the security context of > > the module loader during startup. > The process has the security context, not the code. I think it is wrong to enforce pkey checks during things like module_init(), makes no sense. If the user has permission to load a module then there should not be additional permission needed beyond that for the module to initialize properly. Jason -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
