On 8/27/2019 12:24 PM, Paul Moore wrote:
> On Thu, Feb 28, 2019 at 4:58 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
>> On Wed, Feb 13, 2019 at 4:35 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
>>> Hello all,
>>>
>>> On a fully up-to-date Rawhide system you need the following line added
>>> to the policy/test_ibpkey.te file to get a clean run of the
>>> selinux-testsuite:
>>>
>>> allow test_ibpkey_access_t self:capability { ipc_lock };
>>>
>>> The breakage doesn't appear to be due to a kernel change (previously
>>> working kernels now fail), or a Fedora Rawhide policy change (nothing
>>> relevant changed since the last clean run), but I did notice that my
>>> libibverbs package was updated just prior to the breakage. I haven't
>>> had the time to dig into the library code, but I expect that to be the
>>> source of the problem.
>> Just to be clear, I don't believe this breakage is limited to the test
>> suite, I expect any users of the SELinux IB hooks will run into this
>> problem. I believe we need to update the upstream and distro
>> policies.
> A ping to bring this issue back to the top of the mailing list.
Hi Paul, I looked in the libraries and don't see explicit use of mlock. Maybe there was a change to use that access control for get_user_pages? That doesn't really jive with previously working kernels no longer working though.
> --
> paul moore
> www.paul-moore.com
