Re: [PATCH 4.9 0/1] selinux: allow dontauditx and auditallowx rules to take effect without allowx

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@linuxfoundation.org>
To: Alexander Grund <theflamefire89@gmail.com>
Cc: stable@vger.kernel.org
Subject: Re: [PATCH 4.9 0/1] selinux: allow dontauditx and auditallowx rules to take effect without allowx
Date: Mon, 8 Aug 2022 15:30:45 +0200	[thread overview]
Message-ID: <YvEQBYO11g9ynGGz@kroah.com> (raw)
In-Reply-To: <20220808102049.46386-1-theflamefire89@gmail.com>

On Mon, Aug 08, 2022 at 12:20:48PM +0200, Alexander Grund wrote:
> This patch fixes an inconsistency, if not a clear bug, with the extended permissions.
> To quote from the original discussion [1]:
> > The behavior of dontauditx and auditallowx appears to be broken making them useless.
> 
> [1] https://lore.kernel.org/selinux/6a791504-7728-3026-17ee-c22cbff8c3d1@gmail.com/T/
> 
> bauen1 (1):
>   selinux: allow dontauditx and auditallowx rules to take effect without allowx
> 
>  security/selinux/ss/services.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)

For obvious reasons, we can't take patches only for 4.9.y that are not
also in newer kernel branches.  You don't want to upgrade to 4.14.y and
have a regression, right?

So this would need to be backported to 4.14.y, 4.19.y, 5.4.y, and 5.10.y
before we could consider it.

BUT, as this is something that just never worked, why is it needed at
all?  Making it work is a "new feature", not really a bugfix for these
older kernels as it is not a regression.

I'll drop this from my queue, if you really think it needs to come back,
we need backports for all affected kernel branches.

thanks,

greg k-h

next prev parent reply	other threads:[~2022-08-08 13:31 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-08 10:20 [PATCH 4.9 0/1] selinux: allow dontauditx and auditallowx rules to take effect without allowx Alexander Grund
2022-08-08 10:20 ` [PATCH 4.9 1/1] " Alexander Grund
2022-08-08 13:30 ` Greg KH [this message]
2022-08-11  9:20   ` [PATCH 4.9 0/1] " Alexander Grund

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YvEQBYO11g9ynGGz@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=stable@vger.kernel.org \
    --cc=theflamefire89@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox