On Wed, 2020-03-25 at 16:38 +0100, Ondrej Mosnacek wrote: > On Wed, Mar 25, 2020 at 3:55 PM Stephen Smalley > <stephen.smalley.work@xxxxxxxxx> wrote: > > On Wed, Mar 25, 2020 at 9:09 AM Richard Haines > > <richard_c_haines@xxxxxxxxxxxxxx> wrote: > > > If tested on the selinux-next kernel (that has the XFS patch [1]) > > > with > > > the "NFS: Ensure security label is set for root inode" patch [2], > > > then all > > > tests should pass. Anything else will give varying amounts of > > > fails. > > > > > > The filesystem types tested are: ext4, xfs, vfat and nfs4. > > > > > > [1] > > > https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/patch/security/selinux?id=e4cfa05e9bfe286457082477b32ecd17737bdbce > > > [2] > > > https://lore.kernel.org/selinux/20200303225837.1557210-1-smayhew@xxxxxxxxxx/ > > > > Thanks, with this version of the patches, make test and > > ./tools/nfs.sh > > pass for me on the selinux next branch. > > Still need to review all the changes and confirm that it is all > > functioning as expected (e.g. getting the expected permission > > denials). > > Ondrej, how does this fare on RHEL-8, both with respect to > > differences > > there in policy/userspace and with respect to default use of > > xfs instead of ext4? > > Just checked - two of the filesystem tests fail there: > > filesystem/test ............. 25/65 > # Failed test at filesystem/test line 524. > > # Failed test at filesystem/test line 572. > filesystem/test ............. 46/65 # Looks like you failed 2 tests > of 65. > filesystem/test ............. Dubious, test returned 2 (wstat 512, > 0x200) > Failed 2/65 subtests > [...] > Test Summary Report > ------------------- > filesystem/test (Wstat: 512 Tests: 65 Failed: 2) > Failed tests: 26, 29 > Non-zero exit status: 2 > > In both cases the xfs_quotas_test program exits with 0, not with an > error as expected. I guess you don't have the XFS quota patch [1] installed. Best to use the selinux-next kernel as that also has the NFS patch as well. [1] https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/patch/security/selinux?id=e4cfa05e9bfe286457082477b32ecd17737bdbce >
