On 12/06/2016 12:50 PM, Roberts, William C wrote: > > >> -----Original Message----- >> From: Stephen Smalley [mailto:sds@xxxxxxxxxxxxx] >> Sent: Tuesday, December 6, 2016 9:41 AM >> To: Roberts, William C <william.c.roberts@xxxxxxxxx>; nnk@xxxxxxxxxx; >> selinux@xxxxxxxxxxxxx >> Cc: Yongqin Liu <yongqin.liu@xxxxxxxxxx>; Paul Moore <paul@xxxxxxxxxxxxxx> >> Subject: Re: [PATCH] quick selinux support for tracefs >> >> On 12/06/2016 12:24 PM, william.c.roberts@xxxxxxxxx wrote: >>> From: Yongqin Liu <yongqin.liu@xxxxxxxxxx> >>> >>> Here is just the quick fix for tracefs with selinux. >>> just add tracefs to the list of whitelisted filesystem types in >>> selinux_is_sblabel_mnt(), but the right fix would be to generalize >>> this logic as described in the last item on the todo list, >>> https://bitbucket.org/seandroid/wiki/wiki/ToDo >>> >>> Change-Id: I2aa803ccffbcd2802a7287514da7648e6b364157 >> >> Please rewrite the subject line and patch description per the kernel's submission >> guidelines, drop the Change-Id and the link to the SEAndroid todo list, and don't >> say that this is a quick fix but > > Why would anyone do that for this patch when below you say it won’t be merged unless > we fix issue #2? I didn't say it couldn't be merged; I said it isn't a good idea to say "this is a quick fix but the right fix is X" in an upstream patch submission if you want it to be merged, unless it is for a serious security or stability bug that needs to be fixed right away. > > the right fix is something else if you want this to >> actually be merged. Because in that case, you ought to just implement the right >> fix. There is now an upstream kernel issue for the right fix: >> https://github.com/SELinuxProject/selinux-kernel/issues/2 > > The other question here is tracefs safe to label in this fashion, I would assume yes. > Looking through I didn't see any eviction code. Yes, the inodes are pinned. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
