From: "J. Bruce Fields" <bfields@fieldses.org>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Paul Moore <paul@paul-moore.com>,
Eric Paris <eparis@parisplace.org>,
selinux@vger.kernel.org, Scott Mayhew <smayhew@redhat.com>,
linux-nfs@vger.kernel.org
Subject: Re: [PATCH] security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock
Date: Wed, 6 Mar 2019 12:25:59 -0500 [thread overview]
Message-ID: <20190306172559.GC3066@fieldses.org> (raw)
In-Reply-To: <0d7ff441-fcfe-b68f-cdf9-44a923165a2c@tycho.nsa.gov>
On Wed, Mar 06, 2019 at 11:49:36AM -0500, Stephen Smalley wrote:
> On 3/6/19 10:34 AM, J. Bruce Fields wrote:
> >On Wed, Mar 06, 2019 at 09:34:43AM -0500, Stephen Smalley wrote:
> >>I've also have another script to test context= mount handling for
> >>nfs since that should take precedence over native labels; it looks
> >> like that might be broken again:
> >
> >Thanks for the report, I'll take a look. That's before or after
> >applying this patch? Assuming the former, do you have an idea how
> >recent a regression it is?
>
> Now I'm having difficulty reproducing it entirely. I thought on
> stock Fedora 29 (4.20.x) I was seeing the actual underlying security
> labels leaking through on files within the NFS mount despite using a
> context= mount, while correctly seeing the context mount values with
> your patch, but now I can't seem to repro. It was this bug that
> originally motivated Scott's commit that you are further fixing
> IIUC,
> https://github.com/SELinuxProject/selinux-kernel/issues/35
For what it's worth, I can't reproduce. (If I mount with
-overs=4.2,context=system_u:object_r:etc_t:s0 then ls -Z, I only see
system_u:object_r:etc_t:s0.)
--b.
next prev parent reply other threads:[~2019-03-06 17:26 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-05 21:17 [PATCH] security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock J. Bruce Fields
2019-03-05 21:25 ` J. Bruce Fields
2019-03-06 14:34 ` Stephen Smalley
2019-03-06 15:34 ` J. Bruce Fields
2019-03-06 16:49 ` Stephen Smalley
2019-03-06 17:25 ` J. Bruce Fields [this message]
2019-03-06 17:28 ` Stephen Smalley
2019-03-11 20:12 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190306172559.GC3066@fieldses.org \
--to=bfields@fieldses.org \
--cc=eparis@parisplace.org \
--cc=linux-nfs@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
--cc=smayhew@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.