Hi Paul, Paul Moore <paul@xxxxxxxxxxxxxx> writes: > On Tue, Nov 3, 2020 at 2:02 PM Sven Schnelle <svens@xxxxxxxxxxxxx> wrote: >> Thanks for the patch. Unfortunately it doesn't seem to change anything >> for me. I can take a look into this tomorrow, but i don't know much >> about the internals of selinux, so i'm not sure whether i'm of much help. > > I'm sorry that patch didn't work out. I just spent some more time > looking at the code+patch and the only other thing that I can see is > that if we mark the isec invalid, we don't bother setting the > isec->sid value to whatever default we may have already found. In a > perfect world this shouldn't matter, but if for whatever reason the > kernel can't revalidate the inode's label when it tries later it will > fallback to that default isec->sid. > > I'm sorry to ask this again, but would you be able to test the attached patch? This patch fixes the issue. So it looks like your assumption is right. Thanks Sven
