* SELinux testsuite failure in overlayfs with v4.20-rc kernels
@ 2018-12-12 22:18 James Morris
2018-12-12 22:24 ` Paul Moore
0 siblings, 1 reply; 5+ messages in thread
From: James Morris @ 2018-12-12 22:18 UTC (permalink / raw)
To: selinux
Cc: Paul Moore, Stephen Smalley, linux-security-module, mszeredi,
J. Bruce Fields
The SELinux testsuite is failing in the overlayfs tests in current -rc
kernels. I bisected the issue to
commit 007ea44892e6fa963a0876a979e34890325c64eb
Author: Miklos Szeredi <mszeredi@redhat.com>
Date: Fri Oct 26 23:34:39 2018 +0200
ovl: relax permission checking on underlying layers
Make permission checking more consistent:
- special files don't need any access check on underling fs
- exec permission check doesn't need to be performed on underlying fs
Reported-by: "J. Bruce Fields" <bfields@fieldses.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Reverting this commit fixes the testsuite failure.
Is there any more information on the rationale for the change?
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: SELinux testsuite failure in overlayfs with v4.20-rc kernels
2018-12-12 22:18 SELinux testsuite failure in overlayfs with v4.20-rc kernels James Morris
@ 2018-12-12 22:24 ` Paul Moore
2018-12-12 23:35 ` James Morris
2018-12-12 23:37 ` James Morris
0 siblings, 2 replies; 5+ messages in thread
From: Paul Moore @ 2018-12-12 22:24 UTC (permalink / raw)
To: James Morris
Cc: selinux, Stephen Smalley, linux-security-module, mszeredi, bfields
On Wed, Dec 12, 2018 at 5:19 PM James Morris <jmorris@namei.org> wrote:
> The SELinux testsuite is failing in the overlayfs tests in current -rc
> kernels. I bisected the issue to
>
> commit 007ea44892e6fa963a0876a979e34890325c64eb
> Author: Miklos Szeredi <mszeredi@redhat.com>
> Date: Fri Oct 26 23:34:39 2018 +0200
>
> ovl: relax permission checking on underlying layers
>
> Make permission checking more consistent:
>
> - special files don't need any access check on underling fs
>
> - exec permission check doesn't need to be performed on underlying fs
>
> Reported-by: "J. Bruce Fields" <bfields@fieldses.org>
> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
>
> Reverting this commit fixes the testsuite failure.
>
> Is there any more information on the rationale for the change?
This is a known problem, see the archive link below, with Miklos
promising to send a revert to Linus for v4.20. I just pinged him
earlier this week to remind him, but I haven't heard back yet and I
don't see anything in Linus' tree.
I would much prefer if Miklos sent the revert, but if he doesn't send
the revert by the end of the week, I'm going to send one next week.
https://lore.kernel.org/selinux/CAJfpeguJoEOEjQs4ZpJQaJXF-xCnevUApzNobwmqNX27KQ4vHQ@mail.gmail.com
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: SELinux testsuite failure in overlayfs with v4.20-rc kernels
2018-12-12 22:24 ` Paul Moore
@ 2018-12-12 23:35 ` James Morris
2018-12-12 23:37 ` James Morris
1 sibling, 0 replies; 5+ messages in thread
From: James Morris @ 2018-12-12 23:35 UTC (permalink / raw)
To: Paul Moore
Cc: selinux, Stephen Smalley, linux-security-module, mszeredi, bfields
On Wed, 12 Dec 2018, Paul Moore wrote:
> This is a known problem, see the archive link below, with Miklos
> promising to send a revert to Linus for v4.20. I just pinged him
> earlier this week to remind him, but I haven't heard back yet and I
> don't see anything in Linus' tree.
Ahh, looks like the mailing list change meant my mail filters weren't
separating the SELinux postings out for me and I missed these.
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: SELinux testsuite failure in overlayfs with v4.20-rc kernels
2018-12-12 22:24 ` Paul Moore
2018-12-12 23:35 ` James Morris
@ 2018-12-12 23:37 ` James Morris
2018-12-13 14:33 ` Paul Moore
1 sibling, 1 reply; 5+ messages in thread
From: James Morris @ 2018-12-12 23:37 UTC (permalink / raw)
To: Paul Moore
Cc: selinux, Stephen Smalley, linux-security-module, mszeredi, bfields
On Wed, 12 Dec 2018, Paul Moore wrote:
> I would much prefer if Miklos sent the revert, but if he doesn't send
> the revert by the end of the week, I'm going to send one next week.
The revert was posted today.
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: SELinux testsuite failure in overlayfs with v4.20-rc kernels
2018-12-12 23:37 ` James Morris
@ 2018-12-13 14:33 ` Paul Moore
0 siblings, 0 replies; 5+ messages in thread
From: Paul Moore @ 2018-12-13 14:33 UTC (permalink / raw)
To: James Morris
Cc: selinux, Stephen Smalley, linux-security-module, mszeredi, bfields
On Wed, Dec 12, 2018 at 6:37 PM James Morris <jmorris@namei.org> wrote:
> On Wed, 12 Dec 2018, Paul Moore wrote:
>
> > I would much prefer if Miklos sent the revert, but if he doesn't send
> > the revert by the end of the week, I'm going to send one next week.
>
> The revert was posted today.
Good news, thanks for the heads-up. I don't watch all the mailing
lists, I've just been watching Linus' tree. I don't see it there this
morning, but if it was posted yesterday I imagine it will be merged in
for -rc7.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-12-13 14:33 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-12 22:18 SELinux testsuite failure in overlayfs with v4.20-rc kernels James Morris
2018-12-12 22:24 ` Paul Moore
2018-12-12 23:35 ` James Morris
2018-12-12 23:37 ` James Morris
2018-12-13 14:33 ` Paul Moore
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.