* [PATCH] security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock @ 2019-03-05 21:17 J. Bruce Fields 2019-03-05 21:25 ` J. Bruce Fields ` (2 more replies) 0 siblings, 3 replies; 8+ messages in thread From: J. Bruce Fields @ 2019-03-05 21:17 UTC (permalink / raw) To: Paul Moore, Stephen Smalley, Eric Paris; +Cc: selinux, Scott Mayhew From: "J. Bruce Fields" <bfields@redhat.com> In the case when we're reusing a superblock, selinux_sb_clone_mnt_opts() fails to set set_kern_flags, with the result that nfs_clone_sb_security() incorrectly clears NFS_CAP_SECURITY_LABEL. The result is that if you mount the same NFS filesystem twice, NFS security labels are turned off, even if they would work fine if you mounted the filesystem only once. ("fixes" may be not exactly the right tag, it may be more like "fixed-other-cases-but-missed-this-one".) Cc: Scott Mayhew <smayhew@redhat.com> Cc: stable@vger.kernel.org Fixes: 0b4d3452b8b4 "security/selinux: allow security_sb_clone_mnt_opts..." Signed-off-by: J. Bruce Fields <bfields@redhat.com> --- security/selinux/hooks.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f0e36c3492ba..5e9304567233 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -959,8 +959,11 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); /* if fs is reusing a sb, make sure that the contexts match */ - if (newsbsec->flags & SE_SBINITIALIZED) + if (newsbsec->flags & SE_SBINITIALIZED) { + if ((kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) + *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS; return selinux_cmp_sb_context(oldsb, newsb); + } mutex_lock(&newsbsec->lock); -- 2.20.1 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock 2019-03-05 21:17 [PATCH] security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock J. Bruce Fields @ 2019-03-05 21:25 ` J. Bruce Fields 2019-03-06 14:34 ` Stephen Smalley 2019-03-11 20:12 ` Paul Moore 2 siblings, 0 replies; 8+ messages in thread From: J. Bruce Fields @ 2019-03-05 21:25 UTC (permalink / raw) To: Paul Moore, Stephen Smalley, Eric Paris; +Cc: selinux, Scott Mayhew, linux-nfs Whoops, probably should have cc'd linux-nfs as well.--b. On Tue, Mar 05, 2019 at 04:17:58PM -0500, bfields wrote: > From: "J. Bruce Fields" <bfields@redhat.com> > > In the case when we're reusing a superblock, selinux_sb_clone_mnt_opts() > fails to set set_kern_flags, with the result that > nfs_clone_sb_security() incorrectly clears NFS_CAP_SECURITY_LABEL. > > The result is that if you mount the same NFS filesystem twice, NFS > security labels are turned off, even if they would work fine if you > mounted the filesystem only once. > > ("fixes" may be not exactly the right tag, it may be more like > "fixed-other-cases-but-missed-this-one".) > > Cc: Scott Mayhew <smayhew@redhat.com> > Cc: stable@vger.kernel.org > Fixes: 0b4d3452b8b4 "security/selinux: allow security_sb_clone_mnt_opts..." > Signed-off-by: J. Bruce Fields <bfields@redhat.com> > --- > security/selinux/hooks.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index f0e36c3492ba..5e9304567233 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -959,8 +959,11 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, > BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); > > /* if fs is reusing a sb, make sure that the contexts match */ > - if (newsbsec->flags & SE_SBINITIALIZED) > + if (newsbsec->flags & SE_SBINITIALIZED) { > + if ((kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) > + *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS; > return selinux_cmp_sb_context(oldsb, newsb); > + } > > mutex_lock(&newsbsec->lock); > > -- > 2.20.1 > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock 2019-03-05 21:17 [PATCH] security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock J. Bruce Fields 2019-03-05 21:25 ` J. Bruce Fields @ 2019-03-06 14:34 ` Stephen Smalley 2019-03-06 15:34 ` J. Bruce Fields 2019-03-11 20:12 ` Paul Moore 2 siblings, 1 reply; 8+ messages in thread From: Stephen Smalley @ 2019-03-06 14:34 UTC (permalink / raw) To: J. Bruce Fields, Paul Moore, Eric Paris; +Cc: selinux, Scott Mayhew On 3/5/19 4:17 PM, J. Bruce Fields wrote: > From: "J. Bruce Fields" <bfields@redhat.com> > > In the case when we're reusing a superblock, selinux_sb_clone_mnt_opts() > fails to set set_kern_flags, with the result that > nfs_clone_sb_security() incorrectly clears NFS_CAP_SECURITY_LABEL. > > The result is that if you mount the same NFS filesystem twice, NFS > security labels are turned off, even if they would work fine if you > mounted the filesystem only once. > > ("fixes" may be not exactly the right tag, it may be more like > "fixed-other-cases-but-missed-this-one".) > > Cc: Scott Mayhew <smayhew@redhat.com> > Cc: stable@vger.kernel.org > Fixes: 0b4d3452b8b4 "security/selinux: allow security_sb_clone_mnt_opts..." > Signed-off-by: J. Bruce Fields <bfields@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Do you have some tests you are using for the selinux nfs support? I have an open issue on the selinux-testsuite with an example script for running the regular selinux tests on a NFS mount but it can't fully succeed as noted there, https://github.com/SELinuxProject/selinux-testsuite/issues/32 I've also have another script to test context= mount handling for nfs since that should take precedence over native labels; it looks like that might be broken again: #!/bin/sh cat > /etc/exports <<EOF /home localhost(rw,no_root_squash,security_label) EOF exportfs -a systemctl start nfs-server mkdir -p /mnt/home mount -t nfs -o vers=4.0,context=system_u:object_r:etc_t:s0 localhost:/home /mnt/home echo "Under NFSv4.0:" ls -Za /mnt/home touch /mnt/home/foo ls -Z /mnt/home/foo ls -Z /home/foo rm /mnt/home/foo umount /mnt/home mount -t nfs -o vers=4.2,context=system_u:object_r:etc_t:s0 localhost:/home /mnt/home echo "Under NFSv4.2:" ls -Za /mnt/home touch /mnt/home/foo ls -Z /mnt/home/foo ls -Z /home/foo rm /home/foo umount /mnt/home rmdir /mnt/home rm /etc/exports exportfs -ua systemctl stop nfs-server > --- > security/selinux/hooks.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index f0e36c3492ba..5e9304567233 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -959,8 +959,11 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, > BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); > > /* if fs is reusing a sb, make sure that the contexts match */ > - if (newsbsec->flags & SE_SBINITIALIZED) > + if (newsbsec->flags & SE_SBINITIALIZED) { > + if ((kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) > + *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS; > return selinux_cmp_sb_context(oldsb, newsb); > + } > > mutex_lock(&newsbsec->lock); > > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock 2019-03-06 14:34 ` Stephen Smalley @ 2019-03-06 15:34 ` J. Bruce Fields 2019-03-06 16:49 ` Stephen Smalley 0 siblings, 1 reply; 8+ messages in thread From: J. Bruce Fields @ 2019-03-06 15:34 UTC (permalink / raw) To: Stephen Smalley; +Cc: Paul Moore, Eric Paris, selinux, Scott Mayhew, linux-nfs On Wed, Mar 06, 2019 at 09:34:43AM -0500, Stephen Smalley wrote: > On 3/5/19 4:17 PM, J. Bruce Fields wrote: > >From: "J. Bruce Fields" <bfields@redhat.com> > > > >In the case when we're reusing a superblock, selinux_sb_clone_mnt_opts() > >fails to set set_kern_flags, with the result that > >nfs_clone_sb_security() incorrectly clears NFS_CAP_SECURITY_LABEL. > > > >The result is that if you mount the same NFS filesystem twice, NFS > >security labels are turned off, even if they would work fine if you > >mounted the filesystem only once. > > > >("fixes" may be not exactly the right tag, it may be more like > >"fixed-other-cases-but-missed-this-one".) > > > >Cc: Scott Mayhew <smayhew@redhat.com> > >Cc: stable@vger.kernel.org > >Fixes: 0b4d3452b8b4 "security/selinux: allow security_sb_clone_mnt_opts..." > >Signed-off-by: J. Bruce Fields <bfields@redhat.com> > > Acked-by: Stephen Smalley <sds@tycho.nsa.gov> > > Do you have some tests you are using for the selinux nfs support? No. I'll ask around. Trond or Anna, do either of you do any selinux testing? > I have an open issue on the selinux-testsuite with an example script > for running the regular selinux tests on a NFS mount but it can't > fully succeed as noted there, > https://github.com/SELinuxProject/selinux-testsuite/issues/32 So if I just clone https://github.com/SELinuxProject/selinux-testsuite.git and filter out those known failures, would that be a good starting point? > I've also have another script to test context= mount handling for > nfs since that should take precedence over native labels; it looks > like that might be broken again: Thanks for the report, I'll take a look. That's before or after applying this patch? Assuming the former, do you have an idea how recent a regression it is? --b. > #!/bin/sh > cat > /etc/exports <<EOF > /home localhost(rw,no_root_squash,security_label) > EOF > exportfs -a > systemctl start nfs-server > mkdir -p /mnt/home > mount -t nfs -o vers=4.0,context=system_u:object_r:etc_t:s0 > localhost:/home /mnt/home > echo "Under NFSv4.0:" > ls -Za /mnt/home > touch /mnt/home/foo > ls -Z /mnt/home/foo > ls -Z /home/foo > rm /mnt/home/foo > umount /mnt/home > mount -t nfs -o vers=4.2,context=system_u:object_r:etc_t:s0 > localhost:/home /mnt/home > echo "Under NFSv4.2:" > ls -Za /mnt/home > touch /mnt/home/foo > ls -Z /mnt/home/foo > ls -Z /home/foo > rm /home/foo > umount /mnt/home > rmdir /mnt/home > rm /etc/exports > exportfs -ua > systemctl stop nfs-server > > >--- > > security/selinux/hooks.c | 5 ++++- > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > >diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > >index f0e36c3492ba..5e9304567233 100644 > >--- a/security/selinux/hooks.c > >+++ b/security/selinux/hooks.c > >@@ -959,8 +959,11 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, > > BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); > > /* if fs is reusing a sb, make sure that the contexts match */ > >- if (newsbsec->flags & SE_SBINITIALIZED) > >+ if (newsbsec->flags & SE_SBINITIALIZED) { > >+ if ((kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) > >+ *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS; > > return selinux_cmp_sb_context(oldsb, newsb); > >+ } > > mutex_lock(&newsbsec->lock); > > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock 2019-03-06 15:34 ` J. Bruce Fields @ 2019-03-06 16:49 ` Stephen Smalley 2019-03-06 17:25 ` J. Bruce Fields 0 siblings, 1 reply; 8+ messages in thread From: Stephen Smalley @ 2019-03-06 16:49 UTC (permalink / raw) To: J. Bruce Fields; +Cc: Paul Moore, Eric Paris, selinux, Scott Mayhew, linux-nfs On 3/6/19 10:34 AM, J. Bruce Fields wrote: > On Wed, Mar 06, 2019 at 09:34:43AM -0500, Stephen Smalley wrote: >> On 3/5/19 4:17 PM, J. Bruce Fields wrote: >>> From: "J. Bruce Fields" <bfields@redhat.com> >>> >>> In the case when we're reusing a superblock, selinux_sb_clone_mnt_opts() >>> fails to set set_kern_flags, with the result that >>> nfs_clone_sb_security() incorrectly clears NFS_CAP_SECURITY_LABEL. >>> >>> The result is that if you mount the same NFS filesystem twice, NFS >>> security labels are turned off, even if they would work fine if you >>> mounted the filesystem only once. >>> >>> ("fixes" may be not exactly the right tag, it may be more like >>> "fixed-other-cases-but-missed-this-one".) >>> >>> Cc: Scott Mayhew <smayhew@redhat.com> >>> Cc: stable@vger.kernel.org >>> Fixes: 0b4d3452b8b4 "security/selinux: allow security_sb_clone_mnt_opts..." >>> Signed-off-by: J. Bruce Fields <bfields@redhat.com> >> >> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> >> >> Do you have some tests you are using for the selinux nfs support? > > No. I'll ask around. Trond or Anna, do either of you do any selinux > testing? > >> I have an open issue on the selinux-testsuite with an example script >> for running the regular selinux tests on a NFS mount but it can't >> fully succeed as noted there, >> https://github.com/SELinuxProject/selinux-testsuite/issues/32 > > So if I just clone > https://github.com/SELinuxProject/selinux-testsuite.git and filter out > those known failures, would that be a good starting point? Yes, although you might want to remove the inet_socket and sctp tests from tests/Makefile before running it over NFS; it looks like there are some interactions between NFS and labeled networking (netlabel and ipsec/xfrm) that require further test policy changes to permit. > >> I've also have another script to test context= mount handling for >> nfs since that should take precedence over native labels; it looks >> like that might be broken again: > > Thanks for the report, I'll take a look. That's before or after > applying this patch? Assuming the former, do you have an idea how > recent a regression it is? Now I'm having difficulty reproducing it entirely. I thought on stock Fedora 29 (4.20.x) I was seeing the actual underlying security labels leaking through on files within the NFS mount despite using a context= mount, while correctly seeing the context mount values with your patch, but now I can't seem to repro. It was this bug that originally motivated Scott's commit that you are further fixing IIUC, https://github.com/SELinuxProject/selinux-kernel/issues/35 > > --b. > >> #!/bin/sh >> cat > /etc/exports <<EOF >> /home localhost(rw,no_root_squash,security_label) >> EOF >> exportfs -a >> systemctl start nfs-server >> mkdir -p /mnt/home >> mount -t nfs -o vers=4.0,context=system_u:object_r:etc_t:s0 >> localhost:/home /mnt/home >> echo "Under NFSv4.0:" >> ls -Za /mnt/home >> touch /mnt/home/foo >> ls -Z /mnt/home/foo >> ls -Z /home/foo >> rm /mnt/home/foo >> umount /mnt/home >> mount -t nfs -o vers=4.2,context=system_u:object_r:etc_t:s0 >> localhost:/home /mnt/home >> echo "Under NFSv4.2:" >> ls -Za /mnt/home >> touch /mnt/home/foo >> ls -Z /mnt/home/foo >> ls -Z /home/foo >> rm /home/foo >> umount /mnt/home >> rmdir /mnt/home >> rm /etc/exports >> exportfs -ua >> systemctl stop nfs-server >> >>> --- >>> security/selinux/hooks.c | 5 ++++- >>> 1 file changed, 4 insertions(+), 1 deletion(-) >>> >>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c >>> index f0e36c3492ba..5e9304567233 100644 >>> --- a/security/selinux/hooks.c >>> +++ b/security/selinux/hooks.c >>> @@ -959,8 +959,11 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, >>> BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); >>> /* if fs is reusing a sb, make sure that the contexts match */ >>> - if (newsbsec->flags & SE_SBINITIALIZED) >>> + if (newsbsec->flags & SE_SBINITIALIZED) { >>> + if ((kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) >>> + *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS; >>> return selinux_cmp_sb_context(oldsb, newsb); >>> + } >>> mutex_lock(&newsbsec->lock); >>> ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock 2019-03-06 16:49 ` Stephen Smalley @ 2019-03-06 17:25 ` J. Bruce Fields 2019-03-06 17:28 ` Stephen Smalley 0 siblings, 1 reply; 8+ messages in thread From: J. Bruce Fields @ 2019-03-06 17:25 UTC (permalink / raw) To: Stephen Smalley; +Cc: Paul Moore, Eric Paris, selinux, Scott Mayhew, linux-nfs On Wed, Mar 06, 2019 at 11:49:36AM -0500, Stephen Smalley wrote: > On 3/6/19 10:34 AM, J. Bruce Fields wrote: > >On Wed, Mar 06, 2019 at 09:34:43AM -0500, Stephen Smalley wrote: > >>I've also have another script to test context= mount handling for > >>nfs since that should take precedence over native labels; it looks > >> like that might be broken again: > > > >Thanks for the report, I'll take a look. That's before or after > >applying this patch? Assuming the former, do you have an idea how > >recent a regression it is? > > Now I'm having difficulty reproducing it entirely. I thought on > stock Fedora 29 (4.20.x) I was seeing the actual underlying security > labels leaking through on files within the NFS mount despite using a > context= mount, while correctly seeing the context mount values with > your patch, but now I can't seem to repro. It was this bug that > originally motivated Scott's commit that you are further fixing > IIUC, > https://github.com/SELinuxProject/selinux-kernel/issues/35 For what it's worth, I can't reproduce. (If I mount with -overs=4.2,context=system_u:object_r:etc_t:s0 then ls -Z, I only see system_u:object_r:etc_t:s0.) --b. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock 2019-03-06 17:25 ` J. Bruce Fields @ 2019-03-06 17:28 ` Stephen Smalley 0 siblings, 0 replies; 8+ messages in thread From: Stephen Smalley @ 2019-03-06 17:28 UTC (permalink / raw) To: J. Bruce Fields; +Cc: Paul Moore, Eric Paris, selinux, Scott Mayhew, linux-nfs On 3/6/19 12:25 PM, J. Bruce Fields wrote: > On Wed, Mar 06, 2019 at 11:49:36AM -0500, Stephen Smalley wrote: >> On 3/6/19 10:34 AM, J. Bruce Fields wrote: >>> On Wed, Mar 06, 2019 at 09:34:43AM -0500, Stephen Smalley wrote: >>>> I've also have another script to test context= mount handling for >>>> nfs since that should take precedence over native labels; it looks >>>> like that might be broken again: >>> >>> Thanks for the report, I'll take a look. That's before or after >>> applying this patch? Assuming the former, do you have an idea how >>> recent a regression it is? >> >> Now I'm having difficulty reproducing it entirely. I thought on >> stock Fedora 29 (4.20.x) I was seeing the actual underlying security >> labels leaking through on files within the NFS mount despite using a >> context= mount, while correctly seeing the context mount values with >> your patch, but now I can't seem to repro. It was this bug that >> originally motivated Scott's commit that you are further fixing >> IIUC, >> https://github.com/SELinuxProject/selinux-kernel/issues/35 > > For what it's worth, I can't reproduce. (If I mount with > -overs=4.2,context=system_u:object_r:etc_t:s0 then ls -Z, I only see > system_u:object_r:etc_t:s0.) Yes, sorry for the noise. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock 2019-03-05 21:17 [PATCH] security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock J. Bruce Fields 2019-03-05 21:25 ` J. Bruce Fields 2019-03-06 14:34 ` Stephen Smalley @ 2019-03-11 20:12 ` Paul Moore 2 siblings, 0 replies; 8+ messages in thread From: Paul Moore @ 2019-03-11 20:12 UTC (permalink / raw) To: J. Bruce Fields; +Cc: Stephen Smalley, Eric Paris, selinux, Scott Mayhew On Tue, Mar 5, 2019 at 4:18 PM J. Bruce Fields <bfields@fieldses.org> wrote: > From: "J. Bruce Fields" <bfields@redhat.com> > > In the case when we're reusing a superblock, selinux_sb_clone_mnt_opts() > fails to set set_kern_flags, with the result that > nfs_clone_sb_security() incorrectly clears NFS_CAP_SECURITY_LABEL. > > The result is that if you mount the same NFS filesystem twice, NFS > security labels are turned off, even if they would work fine if you > mounted the filesystem only once. > > ("fixes" may be not exactly the right tag, it may be more like > "fixed-other-cases-but-missed-this-one".) > > Cc: Scott Mayhew <smayhew@redhat.com> > Cc: stable@vger.kernel.org > Fixes: 0b4d3452b8b4 "security/selinux: allow security_sb_clone_mnt_opts..." > Signed-off-by: J. Bruce Fields <bfields@redhat.com> > --- > security/selinux/hooks.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) Thanks for the fix. I just merged this into selinux/stable-5.1 and I'll send this up to Linus tomorrow. > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index f0e36c3492ba..5e9304567233 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -959,8 +959,11 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, > BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); > > /* if fs is reusing a sb, make sure that the contexts match */ > - if (newsbsec->flags & SE_SBINITIALIZED) > + if (newsbsec->flags & SE_SBINITIALIZED) { > + if ((kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) > + *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS; > return selinux_cmp_sb_context(oldsb, newsb); > + } > > mutex_lock(&newsbsec->lock); > > -- > 2.20.1 -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2019-03-11 20:13 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-03-05 21:17 [PATCH] security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock J. Bruce Fields 2019-03-05 21:25 ` J. Bruce Fields 2019-03-06 14:34 ` Stephen Smalley 2019-03-06 15:34 ` J. Bruce Fields 2019-03-06 16:49 ` Stephen Smalley 2019-03-06 17:25 ` J. Bruce Fields 2019-03-06 17:28 ` Stephen Smalley 2019-03-11 20:12 ` Paul Moore
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).