On 06/01/2016 05:46 PM, Andreas Gruenbacher wrote: > On Wed, Jun 1, 2016 at 3:44 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: >> On 05/31/2016 11:22 AM, Andreas Gruenbacher wrote: >>> With that fixed, could you possibly put this change to test? >> >> Falls over during boot in generic_getxattr(), which still needs a >> non-NULL dentry in the work.selinux branch. > > dentry->d_sb needs to be changed to inode->i_sb there. > >> Is there a reason that this being done separately from work.xattr? > > I don't know how much work.xattr will shift still (and what I can > still add there), and this change is unrelated, at least so far. > >> Also, if we aren't going to call d_find_alias() there, we can likely >> also drop the dget() and dput(). > > Ah, yes. I'll remove those, thanks. Looks like you lost the assignment for dentry entirely when you removed the dget/dput. Still need to set it to opt_dentry or just use opt_dentry directly. BTW, SELinux will presently never call getxattr for 9p or cifs; those filesystem types are not configured for xattrs in policy because they do not truly support labeling (and if they did, we would probably use SECURITY_LSM_NATIVE_LABELS => SECURITY_FS_USE_NATIVE as with nfsv4 rather than FS_USE_XATTR). Just because they support xattrs does not mean that they support security labeling. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
