Re: [PATCH v2] selinux: only filter copy-up xattrs following initialization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Feb  2, 2024 David Disseldorp <ddiss@xxxxxxx> wrote:
> 
> Extended attribute copy-up functionality added via 19472b69d639d
> ("selinux: Implementation for inode_copy_up_xattr() hook") sees
> "security.selinux" contexts dropped, instead relying on contexts
> applied via the inode_copy_up() hook.
> 
> When copy-up takes place during early boot, prior to selinux
> initialization / policy load, the context stripping can be unwanted
> and unexpected.
> 
> With this change, filtering of "security.selinux" xattrs will only occur
> after selinux initialization.
> 
> Signed-off-by: David Disseldorp <ddiss@xxxxxxx>
> ---
> Changes since v1:
> - drop RFC
> - slightly rework commit message and preceeding comment
> 
>  security/selinux/hooks.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)

Merged into selinux/dev, thanks for following up on this.

--
paul-moore.com
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux