On Wed, Mar 25, 2020 at 9:09 AM Richard Haines <richard_c_haines@xxxxxxxxxxxxxx> wrote: > > If tested on the selinux-next kernel (that has the XFS patch [1]) with > the "NFS: Ensure security label is set for root inode" patch [2], then all > tests should pass. Anything else will give varying amounts of fails. > > The filesystem types tested are: ext4, xfs, vfat and nfs4. > > [1] https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/patch/security/selinux?id=e4cfa05e9bfe286457082477b32ecd17737bdbce > [2] https://lore.kernel.org/selinux/20200303225837.1557210-1-smayhew@xxxxxxxxxx/ Thanks, with this version of the patches, make test and ./tools/nfs.sh pass for me on the selinux next branch. Still need to review all the changes and confirm that it is all functioning as expected (e.g. getting the expected permission denials). Ondrej, how does this fare on RHEL-8, both with respect to differences there in policy/userspace and with respect to default use of xfs instead of ext4?
