On Wed, Mar 25, 2020 at 3:55 PM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > On Wed, Mar 25, 2020 at 9:09 AM Richard Haines > <richard_c_haines@xxxxxxxxxxxxxx> wrote: > > > > If tested on the selinux-next kernel (that has the XFS patch [1]) with > > the "NFS: Ensure security label is set for root inode" patch [2], then all > > tests should pass. Anything else will give varying amounts of fails. > > > > The filesystem types tested are: ext4, xfs, vfat and nfs4. > > > > [1] https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/patch/security/selinux?id=e4cfa05e9bfe286457082477b32ecd17737bdbce > > [2] https://lore.kernel.org/selinux/20200303225837.1557210-1-smayhew@xxxxxxxxxx/ > > Thanks, with this version of the patches, make test and ./tools/nfs.sh > pass for me on the selinux next branch. > Still need to review all the changes and confirm that it is all > functioning as expected (e.g. getting the expected permission > denials). > Ondrej, how does this fare on RHEL-8, both with respect to differences > there in policy/userspace and with respect to default use of > xfs instead of ext4? Just checked - two of the filesystem tests fail there: filesystem/test ............. 25/65 # Failed test at filesystem/test line 524. # Failed test at filesystem/test line 572. filesystem/test ............. 46/65 # Looks like you failed 2 tests of 65. filesystem/test ............. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/65 subtests [...] Test Summary Report ------------------- filesystem/test (Wstat: 512 Tests: 65 Failed: 2) Failed tests: 26, 29 Non-zero exit status: 2 In both cases the xfs_quotas_test program exits with 0, not with an error as expected. -- Ondrej Mosnacek <omosnace at redhat dot com> Software Engineer, Security Technologies Red Hat, Inc.
