On Fri, Jun 12, 2020 at 12:00 AM Chirantan Ekbote <chirantan@xxxxxxxxxxxx> wrote: > > On Fri, Jun 5, 2020 at 9:23 PM Stephen Smalley > <stephen.smalley.work@xxxxxxxxx> wrote: > > > > On Fri, Jun 5, 2020 at 2:21 AM Chirantan Ekbote <chirantan@xxxxxxxxxxxx> wrote: > > > > > > > > The background for this patch is that I have a fuse server that runs > > > in a user namespace. It runs as root in that namespace and keeps all > > > the file system caps so that it can set selinux xattrs. However, it > > > cannot set the sehash xattr as that needs CAP_SYS_ADMIN in the parent > > > namespace. Looking at the code I thought that might have just been an > > > oversight but if it's intentional then do you have any suggestions for > > > how to make this work? I'd rather not weaken the sandbox for this > > > process just so that it can set this one xattr. > > > > I'd be willing to move from requiring CAP_SYS_ADMIN to performing a > > SELinux permission check (either FILE__RELABELFROM or a new one), but > > I'd like the Android folks to chime in here. Maybe you can ping them > > through other channels since they haven't responded yet. > > I contacted them separately and they are not interested in relaxing > the requirements and also said that the kernel shouldn't have any > knowledge of the sehash xattr. So I guess we can just drop this. Ok. Setting of security.sehash is optional so you can always just leave it disabled. Only downside is it will then have to walk the entire directory tree each time to check the labels.
