On 11/29/2012 17:49, David Quigley wrote:
I have an idea of what it is then. I'm cloning the tree so I can take
a look really quick but I have a feeling that I didn't convey
something properly and it got messed up in the implementation. If
that's the case I'll make sure to be clearer next time to avoid
confusion.
--
This message was distributed to subscribers of the selinux mailing
list.
If you no longer wish to subscribe, send mail to
majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
So the problem isn't clear to me. If we look in fs/nfs/nfs4proc.c we'll
see the xattr handlers for the security namespace. This will strip off
the security and should pass the second part to the security_ismaclabel
call on the key.
The code in question is below.
static int nfs4_xattr_get_nfs4_label(struct dentry *dentry, const char
*key,
void *buf, size_t buflen, int type)
{
if (security_ismaclabel(key))
return nfs4_get_security_label(dentry->d_inode, buf,
buflen);
return -EOPNOTSUPP;
}
This means whatever is making the getxattr call from userspace is
requesting security.selinux instead of security.smack. Is there a
different command to ls that will give you security.smack (or whatever
it is)? what happens if you install getfattr and do getfattr -n
security.whatever -m security.* /mnt/file
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
