[PATCH] policycoreutils: preserve mode bits and ownership of /tmp in seunshare

[PATCH] policycoreutils: preserve mode bits and ownership of /tmp in seunshare

[dave w]

Hi,

This patch addresses a flaw in seunshare.c that allows unprivileged
users to arbitrarily modify the contents of /tmp.  This bug is further
described in CVE 2011-1011
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1011):

The seunshare_mount function in sandbox/seunshare.c in seunshare in certain
Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat
Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a
new directory on top of /tmp without assigning root ownership and the
sticky bit to this new directory, which allows local users to replace or
delete arbitrary /tmp files, and consequently cause a denial of service or
possibly gain privileges, by running a setuid application that relies on
/tmp, as demonstrated by the ksu application

This patch preserves the mode bits, and thus permissions, and
ownership of the destination directory of the bind mount performed by
seunshare.  The permission check in verify_mount() was relaxed for
directories who originally had the sticky bit set, as root ownership
is required for these to ensure that unprivileged users cannot unlink
arbitrary files in the newly bind mounted directory.

Thanks,
David



 policycoreutils/sandbox/seunshare.c |   23 ++++++++++++++++++++++-
 1 files changed, 22 insertions(+), 1 deletions(-)

diff --git a/policycoreutils/sandbox/seunshare.c
b/policycoreutils/sandbox/seunshare.c
index f9bf12c..82b3cb9 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@@ -149,7 +149,9 @@ static int verify_mount(const char *mntdir, struct
passwd *pwd) {
        fprintf(stderr, _("Invalid mount point %s: %s\n"), mntdir,
strerror(errno));
        return -1;
    }
-   if (sb.st_uid != pwd->pw_uid) {
+
+    /* Owners don't have to match if the sticky bit has been set. */
+   if (sb.st_uid != pwd->pw_uid && !(sb.st_mode && S_ISVTX)) {
        errno = EPERM;
        syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an
invalid directory, %s", pwd->pw_name, mntdir);
        perror(_("Invalid mount point, reporting to administrator"));
@@ -245,8 +247,17 @@ static int verify_shell(const char *shell_name)
 }

 static int seunshare_mount(const char *src, const char *dst, struct
passwd *pwd) {
+    struct stat buf;
+
    if (verbose)
        printf("Mount %s on %s\n", src, dst);
+
+    /* Preserve mode bits and ownership */
+    if (stat(dst, &buf) < 0) {
+        fprintf(stderr, _("Failed to stat %s: %s\n"), dst, strerror(errno));
+        return -1;
+    }
+
    if (mount(dst, dst,  NULL, MS_BIND | MS_REC, NULL) < 0) {
        fprintf(stderr, _("Failed to mount %s on %s: %s\n"), dst, dst,
strerror(errno));
        return -1;
@@ -262,6 +273,16 @@ static int seunshare_mount(const char *src, const
char *dst, struct passwd *pwd)
        return -1;
    }

+    /* Restore original mode bits and ownership */
+    if (chmod(dst, buf.st_mode) < 0) {
+        fprintf(stderr, _("Failed to set permissions on %s: %s\n"),
dst, strerror(errno));
+        return -1;
+    }
+    if (chown(dst, buf.st_uid, buf.st_gid) < 0) {
+        fprintf(stderr, _("Failed to set ownership on %s: %s\n"),
dst, strerror(errno));
+        return -1;
+    }
+
    if (verify_mount(dst, pwd) < 0)
        return -1;
 }

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] policycoreutils: preserve mode bits and ownership of /tmp in seunshare

[Guido Trentalancia]

Hello Dave.

On Thu, 2011-09-15 at 13:39 -0400, dave w wrote:
> Hi,
> 
> This patch addresses a flaw in seunshare.c that allows unprivileged
> users to arbitrarily modify the contents of /tmp.  This bug is further
> described in CVE 2011-1011
> (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1011):

seunshare should not be installed by default and, even if it still
needed to be installed by default, its setuid bit should be carefully
re-evaluated in my opinion.

In any case, good practice says nothing should ever be allowed to mount
under /tmp with suid/exec flags (use noexec,nosuid options in fstab).

That said, have you tested the patch already ? Is it effective ?

Thanks.

Guido

> The seunshare_mount function in sandbox/seunshare.c in seunshare in certain
> Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat
> Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a
> new directory on top of /tmp without assigning root ownership and the
> sticky bit to this new directory, which allows local users to replace or
> delete arbitrary /tmp files, and consequently cause a denial of service or
> possibly gain privileges, by running a setuid application that relies on
> /tmp, as demonstrated by the ksu application
> 
> This patch preserves the mode bits, and thus permissions, and
> ownership of the destination directory of the bind mount performed by
> seunshare.  The permission check in verify_mount() was relaxed for
> directories who originally had the sticky bit set, as root ownership
> is required for these to ensure that unprivileged users cannot unlink
> arbitrary files in the newly bind mounted directory.
> 
> Thanks,
> David
> 
> 
> 
>  policycoreutils/sandbox/seunshare.c |   23 ++++++++++++++++++++++-
>  1 files changed, 22 insertions(+), 1 deletions(-)
> 
> diff --git a/policycoreutils/sandbox/seunshare.c
> b/policycoreutils/sandbox/seunshare.c
> index f9bf12c..82b3cb9 100644
> --- a/policycoreutils/sandbox/seunshare.c
> +++ b/policycoreutils/sandbox/seunshare.c
> @@ -149,7 +149,9 @@ static int verify_mount(const char *mntdir, struct
> passwd *pwd) {
>         fprintf(stderr, _("Invalid mount point %s: %s\n"), mntdir,
> strerror(errno));
>         return -1;
>     }
> -   if (sb.st_uid != pwd->pw_uid) {
> +
> +    /* Owners don't have to match if the sticky bit has been set. */
> +   if (sb.st_uid != pwd->pw_uid && !(sb.st_mode && S_ISVTX)) {
>         errno = EPERM;
>         syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an
> invalid directory, %s", pwd->pw_name, mntdir);
>         perror(_("Invalid mount point, reporting to administrator"));
> @@ -245,8 +247,17 @@ static int verify_shell(const char *shell_name)
>  }
> 
>  static int seunshare_mount(const char *src, const char *dst, struct
> passwd *pwd) {
> +    struct stat buf;
> +
>     if (verbose)
>         printf("Mount %s on %s\n", src, dst);
> +
> +    /* Preserve mode bits and ownership */
> +    if (stat(dst, &buf) < 0) {
> +        fprintf(stderr, _("Failed to stat %s: %s\n"), dst, strerror(errno));
> +        return -1;
> +    }
> +
>     if (mount(dst, dst,  NULL, MS_BIND | MS_REC, NULL) < 0) {
>         fprintf(stderr, _("Failed to mount %s on %s: %s\n"), dst, dst,
> strerror(errno));
>         return -1;
> @@ -262,6 +273,16 @@ static int seunshare_mount(const char *src, const
> char *dst, struct passwd *pwd)
>         return -1;
>     }
> 
> +    /* Restore original mode bits and ownership */
> +    if (chmod(dst, buf.st_mode) < 0) {
> +        fprintf(stderr, _("Failed to set permissions on %s: %s\n"),
> dst, strerror(errno));
> +        return -1;
> +    }
> +    if (chown(dst, buf.st_uid, buf.st_gid) < 0) {
> +        fprintf(stderr, _("Failed to set ownership on %s: %s\n"),
> dst, strerror(errno));
> +        return -1;
> +    }
> +
>     if (verify_mount(dst, pwd) < 0)
>         return -1;
>  }



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] policycoreutils: preserve mode bits and ownership of /tmp in seunshare

[dave w]

On Thu, Sep 15, 2011 at 4:07 PM, Guido Trentalancia
<guido@trentalancia.com> wrote:
> Hello Dave.
>
> On Thu, 2011-09-15 at 13:39 -0400, dave w wrote:
>> Hi,
>>
>> This patch addresses a flaw in seunshare.c that allows unprivileged
>> users to arbitrarily modify the contents of /tmp.  This bug is further
>> described in CVE 2011-1011
>> (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1011):
>
> seunshare should not be installed by default and, even if it still
> needed to be installed by default, its setuid bit should be carefully
> re-evaluated in my opinion.
>

Perhaps, but distros that install seunshare at present will be made
safer with the addition of a patch which eliminates an attack vector
to a privilege escalation.

> In any case, good practice says nothing should ever be allowed to mount
> under /tmp with suid/exec flags (use noexec,nosuid options in fstab).
>
> That said, have you tested the patch already ? Is it effective ?
>

Yes, the patch has been effective and with it applied, unprivileged
users cannot delete files other than their own from /tmp, which is the
expected behavior in a directory with the sticky bit set owned by the
superuser.

> Thanks.
>
> Guido
>
>> The seunshare_mount function in sandbox/seunshare.c in seunshare in certain
>> Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat
>> Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a
>> new directory on top of /tmp without assigning root ownership and the
>> sticky bit to this new directory, which allows local users to replace or
>> delete arbitrary /tmp files, and consequently cause a denial of service or
>> possibly gain privileges, by running a setuid application that relies on
>> /tmp, as demonstrated by the ksu application
>>
>> This patch preserves the mode bits, and thus permissions, and
>> ownership of the destination directory of the bind mount performed by
>> seunshare.  The permission check in verify_mount() was relaxed for
>> directories who originally had the sticky bit set, as root ownership
>> is required for these to ensure that unprivileged users cannot unlink
>> arbitrary files in the newly bind mounted directory.
>>
>> Thanks,
>> David
>>
>>
>>
>>  policycoreutils/sandbox/seunshare.c |   23 ++++++++++++++++++++++-
>>  1 files changed, 22 insertions(+), 1 deletions(-)
>>
>> diff --git a/policycoreutils/sandbox/seunshare.c
>> b/policycoreutils/sandbox/seunshare.c
>> index f9bf12c..82b3cb9 100644
>> --- a/policycoreutils/sandbox/seunshare.c
>> +++ b/policycoreutils/sandbox/seunshare.c
>> @@ -149,7 +149,9 @@ static int verify_mount(const char *mntdir, struct
>> passwd *pwd) {
>>         fprintf(stderr, _("Invalid mount point %s: %s\n"), mntdir,
>> strerror(errno));
>>         return -1;
>>     }
>> -   if (sb.st_uid != pwd->pw_uid) {
>> +
>> +    /* Owners don't have to match if the sticky bit has been set. */
>> +   if (sb.st_uid != pwd->pw_uid && !(sb.st_mode && S_ISVTX)) {
>>         errno = EPERM;
>>         syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an
>> invalid directory, %s", pwd->pw_name, mntdir);
>>         perror(_("Invalid mount point, reporting to administrator"));
>> @@ -245,8 +247,17 @@ static int verify_shell(const char *shell_name)
>>  }
>>
>>  static int seunshare_mount(const char *src, const char *dst, struct
>> passwd *pwd) {
>> +    struct stat buf;
>> +
>>     if (verbose)
>>         printf("Mount %s on %s\n", src, dst);
>> +
>> +    /* Preserve mode bits and ownership */
>> +    if (stat(dst, &buf) < 0) {
>> +        fprintf(stderr, _("Failed to stat %s: %s\n"), dst, strerror(errno));
>> +        return -1;
>> +    }
>> +
>>     if (mount(dst, dst,  NULL, MS_BIND | MS_REC, NULL) < 0) {
>>         fprintf(stderr, _("Failed to mount %s on %s: %s\n"), dst, dst,
>> strerror(errno));
>>         return -1;
>> @@ -262,6 +273,16 @@ static int seunshare_mount(const char *src, const
>> char *dst, struct passwd *pwd)
>>         return -1;
>>     }
>>
>> +    /* Restore original mode bits and ownership */
>> +    if (chmod(dst, buf.st_mode) < 0) {
>> +        fprintf(stderr, _("Failed to set permissions on %s: %s\n"),
>> dst, strerror(errno));
>> +        return -1;
>> +    }
>> +    if (chown(dst, buf.st_uid, buf.st_gid) < 0) {
>> +        fprintf(stderr, _("Failed to set ownership on %s: %s\n"),
>> dst, strerror(errno));
>> +        return -1;
>> +    }
>> +
>>     if (verify_mount(dst, pwd) < 0)
>>         return -1;
>>  }
>
>
>


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] policycoreutils: preserve mode bits and ownership of /tmp in seunshare

[Guido Trentalancia]

Hello Dave, thanks for the explanation

On Thu, 2011-09-15 at 17:07 -0400, dave w wrote:
> On Thu, Sep 15, 2011 at 4:07 PM, Guido Trentalancia
> <guido@trentalancia.com> wrote:
> > Hello Dave.
> >
> > On Thu, 2011-09-15 at 13:39 -0400, dave w wrote:
> >> Hi,
> >>
> >> This patch addresses a flaw in seunshare.c that allows unprivileged
> >> users to arbitrarily modify the contents of /tmp.  This bug is further
> >> described in CVE 2011-1011
> >> (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1011):
> >
> > seunshare should not be installed by default and, even if it still
> > needed to be installed by default, its setuid bit should be carefully
> > re-evaluated in my opinion.
> >
> 
> Perhaps, but distros that install seunshare at present will be made
> safer with the addition of a patch which eliminates an attack vector
> to a privilege escalation.

So the question now is: CVE-2011-1011 is dated 20110214, how comes this
is trying to get sorted out only now for upstream ?

> > In any case, good practice says nothing should ever be allowed to mount
> > under /tmp with suid/exec flags (use noexec,nosuid options in fstab).
> >
> > That said, have you tested the patch already ? Is it effective ?
> >
> 
> Yes, the patch has been effective and with it applied, unprivileged
> users cannot delete files other than their own from /tmp, which is the
> expected behavior in a directory with the sticky bit set owned by the
> superuser.
> 
> > Thanks.
> >
> > Guido
> >
> >> The seunshare_mount function in sandbox/seunshare.c in seunshare in certain
> >> Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat
> >> Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a
> >> new directory on top of /tmp without assigning root ownership and the
> >> sticky bit to this new directory, which allows local users to replace or
> >> delete arbitrary /tmp files, and consequently cause a denial of service or
> >> possibly gain privileges, by running a setuid application that relies on
> >> /tmp, as demonstrated by the ksu application

What happened exactly for upstream since the CVE was initially
released ?

> >> This patch preserves the mode bits, and thus permissions, and
> >> ownership of the destination directory of the bind mount performed by
> >> seunshare.  The permission check in verify_mount() was relaxed for
> >> directories who originally had the sticky bit set, as root ownership
> >> is required for these to ensure that unprivileged users cannot unlink
> >> arbitrary files in the newly bind mounted directory.

Is it the first time ever that you post a patch to try sorting out the
same issue ?

> >> Thanks,
> >> David

Thanks, Guido.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] policycoreutils: preserve mode bits and ownership of /tmp in seunshare

[dave w]

On Fri, Sep 16, 2011 at 1:42 AM, Guido Trentalancia
<guido@trentalancia.com> wrote:

<snip>

> So the question now is: CVE-2011-1011 is dated 20110214, how comes this
> is trying to get sorted out only now for upstream ?
>

Unsure.  I performed a search of activity related to this CVE since
its original posting on 20110214 and found nothing.  I'm fixing this
bug on behalf of a distro (Ubuntu) and thought it prudent to upstream
the changes since nobody else has addressed this CVE.

That said, I also found it surprising that the CVE hadn't been
addressed upstream at all since then.  I thought it could be a result
of the low priority most distros assigned this issue.

>> > In any case, good practice says nothing should ever be allowed to mount
>> > under /tmp with suid/exec flags (use noexec,nosuid options in fstab).
>> >
>> > That said, have you tested the patch already ? Is it effective ?
>> >
>>
>> Yes, the patch has been effective and with it applied, unprivileged
>> users cannot delete files other than their own from /tmp, which is the
>> expected behavior in a directory with the sticky bit set owned by the
>> superuser.
>>
>> > Thanks.
>> >
>> > Guido
>> >
>> >> The seunshare_mount function in sandbox/seunshare.c in seunshare in certain
>> >> Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat
>> >> Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a
>> >> new directory on top of /tmp without assigning root ownership and the
>> >> sticky bit to this new directory, which allows local users to replace or
>> >> delete arbitrary /tmp files, and consequently cause a denial of service or
>> >> possibly gain privileges, by running a setuid application that relies on
>> >> /tmp, as demonstrated by the ksu application
>
> What happened exactly for upstream since the CVE was initially
> released ?
>
>> >> This patch preserves the mode bits, and thus permissions, and
>> >> ownership of the destination directory of the bind mount performed by
>> >> seunshare.  The permission check in verify_mount() was relaxed for
>> >> directories who originally had the sticky bit set, as root ownership
>> >> is required for these to ensure that unprivileged users cannot unlink
>> >> arbitrary files in the newly bind mounted directory.
>
> Is it the first time ever that you post a patch to try sorting out the
> same issue ?
>
>> >> Thanks,
>> >> David
>
> Thanks, Guido.
>
>


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] policycoreutils: preserve mode bits and ownership of /tmp in seunshare

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/16/2011 01:42 AM, Guido Trentalancia wrote:
> Hello Dave, thanks for the explanation
> 
> On Thu, 2011-09-15 at 17:07 -0400, dave w wrote:
>> On Thu, Sep 15, 2011 at 4:07 PM, Guido Trentalancia 
>> <guido@trentalancia.com> wrote:
>>> Hello Dave.
>>> 
>>> On Thu, 2011-09-15 at 13:39 -0400, dave w wrote:
>>>> Hi,
>>>> 
>>>> This patch addresses a flaw in seunshare.c that allows
>>>> unprivileged users to arbitrarily modify the contents of
>>>> /tmp.  This bug is further described in CVE 2011-1011 
>>>> (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1011):
>>>
>>>
>>>> 
seunshare should not be installed by default and, even if it still
>>> needed to be installed by default, its setuid bit should be
>>> carefully re-evaluated in my opinion.
>>> 
>> 
>> Perhaps, but distros that install seunshare at present will be
>> made safer with the addition of a patch which eliminates an
>> attack vector to a privilege escalation.
> 
> So the question now is: CVE-2011-1011 is dated 20110214, how comes
> this is trying to get sorted out only now for upstream ?
> 
>>> In any case, good practice says nothing should ever be allowed
>>> to mount under /tmp with suid/exec flags (use noexec,nosuid
>>> options in fstab).
>>> 
>>> That said, have you tested the patch already ? Is it effective
>>> ?
>>> 
>> 
>> Yes, the patch has been effective and with it applied,
>> unprivileged users cannot delete files other than their own from
>> /tmp, which is the expected behavior in a directory with the
>> sticky bit set owned by the superuser.
>> 
>>> Thanks.
>>> 
>>> Guido
>>> 
>>>> The seunshare_mount function in sandbox/seunshare.c in
>>>> seunshare in certain Red Hat packages of policycoreutils
>>>> 2.0.83 and earlier in Red Hat Enterprise Linux (RHEL) 6 and
>>>> earlier, and Fedora 14 and earlier, mounts a new directory on
>>>> top of /tmp without assigning root ownership and the sticky
>>>> bit to this new directory, which allows local users to
>>>> replace or delete arbitrary /tmp files, and consequently
>>>> cause a denial of service or possibly gain privileges, by
>>>> running a setuid application that relies on /tmp, as
>>>> demonstrated by the ksu application
> 
> What happened exactly for upstream since the CVE was initially 
> released ?
> 
>>>> This patch preserves the mode bits, and thus permissions,
>>>> and ownership of the destination directory of the bind mount
>>>> performed by seunshare.  The permission check in
>>>> verify_mount() was relaxed for directories who originally had
>>>> the sticky bit set, as root ownership is required for these
>>>> to ensure that unprivileged users cannot unlink arbitrary
>>>> files in the newly bind mounted directory.
> 
> Is it the first time ever that you post a patch to try sorting out
> the same issue ?
> 
>>>> Thanks, David
> 
> Thanks, Guido.
> 
> 
> -- This message was distributed to subscribers of the selinux
> mailing list. If you no longer wish to subscribe, send mail to
> majordomo@tycho.nsa.gov with the words "unsubscribe selinux"
> without quotes as the message.
> 
> 

We fixed it in Fedora and RHEL and either we dropped the ball or
upstream did on getting the fix into the upstream policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5zZO0ACgkQrlYvE4MpobPnNgCbBygZIFPkggN4ybPIdBxMNvNN
WsgAnjfLv+1VekZqP4HBv19lHXIUz1Z+
=w6H4
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] policycoreutils: preserve mode bits and ownership of /tmp in seunshare

[Eric Paris]

On Thu, Sep 15, 2011 at 1:39 PM, dave w <nullcore@gmail.com> wrote:
> Hi,
>
> This patch addresses a flaw in seunshare.c that allows unprivileged
> users to arbitrarily modify the contents of /tmp.  This bug is further
> described in CVE 2011-1011
> (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1011):
>
> The seunshare_mount function in sandbox/seunshare.c in seunshare in certain
> Red Hat packages of policycoreutils 2.0.83 and earlier in Red Hat
> Enterprise Linux (RHEL) 6 and earlier, and Fedora 14 and earlier, mounts a
> new directory on top of /tmp without assigning root ownership and the
> sticky bit to this new directory, which allows local users to replace or
> delete arbitrary /tmp files, and consequently cause a denial of service or
> possibly gain privileges, by running a setuid application that relies on
> /tmp, as demonstrated by the ksu application
>
> This patch preserves the mode bits, and thus permissions, and
> ownership of the destination directory of the bind mount performed by
> seunshare.  The permission check in verify_mount() was relaxed for
> directories who originally had the sticky bit set, as root ownership
> is required for these to ensure that unprivileged users cannot unlink
> arbitrary files in the newly bind mounted directory.

As Dan pointed out one of us dropped the ball on this.  I have
committed huge amounts of seunshare changes from the Fedora tree to
the upstream git tree.  It should include fixes for this problem as
well.  Your patch is definitely a smaller fix for the problem at hand
as the Fedora tree has largely rewritten how filesystem mounting is
done as might be appropriate for backports to old code if a distro is
not ready to take the plunge into the wild world of new upstream
tools!

-Eric


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.