Re: [PATCH v2] selinux: only filter copy-up xattrs following initialization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Feb  2, 2024 David Disseldorp <ddiss@xxxxxxx> wrote:
> Extended attribute copy-up functionality added via 19472b69d639d
> ("selinux: Implementation for inode_copy_up_xattr() hook") sees
> "security.selinux" contexts dropped, instead relying on contexts
> applied via the inode_copy_up() hook.
> When copy-up takes place during early boot, prior to selinux
> initialization / policy load, the context stripping can be unwanted
> and unexpected.
> With this change, filtering of "security.selinux" xattrs will only occur
> after selinux initialization.
> Signed-off-by: David Disseldorp <ddiss@xxxxxxx>
> ---
> Changes since v1:
> - drop RFC
> - slightly rework commit message and preceeding comment
>  security/selinux/hooks.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)

Merged into selinux/dev, thanks for following up on this.


[Index of Archives]     [Linux Filesystems Devel]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux