Re: [RFC PATCH 0/9][V3] Overlayfs SELinux Support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 08/11/2016 08:36 AM, Paul Moore wrote:
> On Wed, Aug 10, 2016 at 8:52 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
>> On 08/10/2016 08:32 AM, Paul Moore wrote:
>>> On Wed, Aug 10, 2016 at 5:11 AM, Miklos Szeredi <miklos@xxxxxxxxxx> wrote:
>>>> On Tue, Aug 9, 2016 at 3:19 AM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
>>>>> Okay, I just merged these patches into selinux#next.  With the
>>>>> exception of some changes to restore the mode argument to
>>>>> ovl_create_or_link() and to fix some whitespace damage the patches
>>>>> were merged cleanly.
>>>> Don't need to add the back the mode argument, just use stat->mode.
>>> Thanks for the pointer (I'm on vacation at the moment and trying to do
>>> this quickly).  Since it was a merge issue, and the branch hasn't been
>>> pulled by Linus, I didn't bother with a new patch, I simply updated
>>> the existing patch from Vivek and re-pushed to selinux#next.  If you
>>> see anything else, please let me know.
>>>
>>> For Fedora folks, I'm currently rebuilding the COPR
>>> pcmoore/kernel-secnext kernel packages with this update; assuming
>>> there are no problems with the COPR infrastructure the kernel should
>>> be ready in a couple of hours.
>>>
>>> * https://copr.fedorainfracloud.org/coprs/pcmoore/kernel-secnext
>>>
>> Cool once there is a kernel with ovlerlay fs/selinux support I will run
>> it on my laptop and attempt
>> the selinux test suite, if everything goes well I will start running
>> docker on overlay with selinux enforcing mode.
> Okay, the build finished and passes the base SELinux/audit regressions
> tests (I didn't test the SELinux/overlayfs integration yet);
> kernel-4.8.0-0.rc1.git1.1.1.secnext.fc26 or greater will have the
> SELinux/overlayfs patches included.  The link above has instructions
> on enabling the COPR repo on your system.
>
Awesome,  I will try this out in Rawhide now.
--
To unsubscribe from this list: send the line "unsubscribe linux-unionfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Filesystems Devel]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux