From: Al Viro <viro@ZenIV.linux.org.uk>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Eric Paris <eparis@redhat.com>,
Gene Heskett <gene.heskett@gmail.com>,
James Morris <jmorris@namei.org>,
linux-kernel@vger.kernel.org
Subject: Re: 2.6.27-rc1 + selinux new options = no httpd
Date: Fri, 1 Aug 2008 15:47:48 +0100 [thread overview]
Message-ID: <20080801144748.GO28946@ZenIV.linux.org.uk> (raw)
In-Reply-To: <1217595068.20373.307.camel@moss-spartans.epoch.ncsc.mil>
On Fri, Aug 01, 2008 at 08:51:08AM -0400, Stephen Smalley wrote:
>
> On Thu, 2008-07-31 at 10:44 -0400, Eric Paris wrote:
> > On Thu, 2008-07-31 at 09:09 -0400, Gene Heskett wrote:
> > > On Thursday 31 July 2008, James Morris wrote:
> >
> > > >What AVC messages are you seeing?
> > >
> > > I posted the whole screen from setroubleshoot earlier.
> >
> > I'm sorry but I can't seem to find it in your original message...
> >
> > http://marc.info/?l=linux-kernel&m=121747333012971&w=2
> >
> > Do you have another pointer? I can't think of anything that went into
> > 2.6.27 related to SELinux that should have in any way changed file
> > access checks but I'll poke through the changelog and see if something
> > stands out...
>
> It could be the append bug introduced by the vfs changes.
> See:
> http://marc.info/?l=linux-kernel&m=121726661110266&w=2
>
> That would break any case where only append permission is granted (not
> full write access), as would be typical for httpd log files.
commit d54bb7a971b41b8a4baba6e3d9adf14ce035947f
Author: Stephen Smalley <sds@tycho.nsa.gov>
Date: Mon Jul 28 13:32:38 2008 -0400
Re: BUG at security/selinux/avc.c:883 (was: Re: linux-next: Tree
for July 17: early crash on x86-64)
in vfs-2.6.git/for-next (and for-linus as well)
next prev parent reply other threads:[~2008-08-01 14:48 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-31 2:54 2.6.27-rc1 + selinux new options = no httpd Gene Heskett
2008-07-31 3:36 ` Valdis.Kletnieks
2008-07-31 4:43 ` James Morris
2008-07-31 13:09 ` Gene Heskett
2008-07-31 14:44 ` Eric Paris
2008-07-31 17:47 ` Stephen Smalley
2008-08-01 18:52 ` Gene Heskett
2008-08-01 12:51 ` Stephen Smalley
2008-08-01 14:47 ` Al Viro [this message]
2008-07-31 20:02 ` James Morris
2008-07-31 22:17 ` 2.6.27-rc1: strange fstab issue (Re: 2.6.27-rc1 + selinux new options = no httpd) Rafael J. Wysocki
2008-08-01 13:39 ` Gene Heskett
2008-08-01 13:47 ` Eric Paris
2008-08-01 14:02 ` Al Viro
2008-08-01 14:13 ` Gene Heskett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080801144748.GO28946@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=eparis@redhat.com \
--cc=gene.heskett@gmail.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox