On Wed, Nov 4, 2020 at 2:02 AM Sven Schnelle <svens@xxxxxxxxxxxxx> wrote: > Paul Moore <paul@xxxxxxxxxxxxxx> writes: > > On Tue, Nov 3, 2020 at 2:02 PM Sven Schnelle <svens@xxxxxxxxxxxxx> wrote: > >> Thanks for the patch. Unfortunately it doesn't seem to change anything > >> for me. I can take a look into this tomorrow, but i don't know much > >> about the internals of selinux, so i'm not sure whether i'm of much help. > > > > I'm sorry that patch didn't work out. I just spent some more time > > looking at the code+patch and the only other thing that I can see is > > that if we mark the isec invalid, we don't bother setting the > > isec->sid value to whatever default we may have already found. In a > > perfect world this shouldn't matter, but if for whatever reason the > > kernel can't revalidate the inode's label when it tries later it will > > fallback to that default isec->sid. > > > > I'm sorry to ask this again, but would you be able to test the attached patch? > > This patch fixes the issue. So it looks like your assumption is right. Great, I'm glad that fixed the problem you were seeing; thanks for your help with testing! I'll post a proper version of the patch to the list later today. -- paul moore www.paul-moore.com
