* [SELinux-notebook PATCH] computing_security_contexts.md: clarify mount options with comma
@ 2021-06-21 16:58 Dominick Grift
2021-06-21 17:17 ` Dominick Grift
0 siblings, 1 reply; 2+ messages in thread
From: Dominick Grift @ 2021-06-21 16:58 UTC (permalink / raw)
To: selinux; +Cc: Dominick Grift
If you have a comma in your context then mount will reject it without
escaped quotes. This can be confusing and it is not well documented.
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
---
src/computing_security_contexts.md | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/computing_security_contexts.md b/src/computing_security_contexts.md
index bb946b5..11d54b8 100644
--- a/src/computing_security_contexts.md
+++ b/src/computing_security_contexts.md
@@ -175,7 +175,10 @@ Notes:
keyword present.
2. There are mount options for allocating various context types:
*context=*, *fscontext=*, *defcontext=* and *rootcontext=*. They are
- fully described in the ***mount**(8)* man page.
+ fully described in the ***mount**(8)* man page except for the fact that if
+ your context contains a comma separator then you should wrap the context
+ with escaped quotes. For example:
+ *context=\"system_u:object_r:container_file_t:s0:c1,c2\"*.
### Network File System (nfsv4.2)
--
2.32.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [SELinux-notebook PATCH] computing_security_contexts.md: clarify mount options with comma
2021-06-21 16:58 [SELinux-notebook PATCH] computing_security_contexts.md: clarify mount options with comma Dominick Grift
@ 2021-06-21 17:17 ` Dominick Grift
0 siblings, 0 replies; 2+ messages in thread
From: Dominick Grift @ 2021-06-21 17:17 UTC (permalink / raw)
To: selinux
Dominick Grift <dominick.grift@defensec.nl> writes:
> If you have a comma in your context then mount will reject it without
> escaped quotes. This can be confusing and it is not well documented.
Ignore this patch. It is actually thoroughly documented in mount(8).
>
> Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
> ---
> src/computing_security_contexts.md | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/src/computing_security_contexts.md b/src/computing_security_contexts.md
> index bb946b5..11d54b8 100644
> --- a/src/computing_security_contexts.md
> +++ b/src/computing_security_contexts.md
> @@ -175,7 +175,10 @@ Notes:
> keyword present.
> 2. There are mount options for allocating various context types:
> *context=*, *fscontext=*, *defcontext=* and *rootcontext=*. They are
> - fully described in the ***mount**(8)* man page.
> + fully described in the ***mount**(8)* man page except for the fact that if
> + your context contains a comma separator then you should wrap the context
> + with escaped quotes. For example:
> + *context=\"system_u:object_r:container_file_t:s0:c1,c2\"*.
>
> ### Network File System (nfsv4.2)
--
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-06-21 17:17 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-06-21 16:58 [SELinux-notebook PATCH] computing_security_contexts.md: clarify mount options with comma Dominick Grift
2021-06-21 17:17 ` Dominick Grift
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.