selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] selinux.8: document how mount flag nosuid affects SELinux
@ 2021-06-12  9:07 Topi Miettinen
  2021-06-18 14:51 ` Petr Lautrbach
  0 siblings, 1 reply; 2+ messages in thread
From: Topi Miettinen @ 2021-06-12  9:07 UTC (permalink / raw)
  To: selinux; +Cc: Topi Miettinen

Using mount flag `nosuid` also affects SELinux domain transitions but
this has not been documented well.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
---
 libselinux/man/man8/selinux.8 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8
index 0ef01460..5842150b 100644
--- a/libselinux/man/man8/selinux.8
+++ b/libselinux/man/man8/selinux.8
@@ -94,6 +94,13 @@ and reboot.
 also has this capability.  The
 .BR restorecon / fixfiles
 commands are also available for relabeling files.
+
+Please note that using mount flag
+.I nosuid
+also disables SELinux domain transitions, unless permission
+.I nosuid_transition
+is used in the policy to allow this, which in turn needs also policy capability
+.IR nnp_nosuid_transition .
 .
 .SH AUTHOR
 This manual page was written by Dan Walsh <dwalsh@redhat.com>.
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] selinux.8: document how mount flag nosuid affects SELinux
  2021-06-12  9:07 [PATCH] selinux.8: document how mount flag nosuid affects SELinux Topi Miettinen
@ 2021-06-18 14:51 ` Petr Lautrbach
  0 siblings, 0 replies; 2+ messages in thread
From: Petr Lautrbach @ 2021-06-18 14:51 UTC (permalink / raw)
  To: Topi Miettinen, selinux; +Cc: Topi Miettinen

Topi Miettinen <toiwoton@gmail.com> writes:

> Using mount flag `nosuid` also affects SELinux domain transitions but
> this has not been documented well.
>
> Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
>

Acked-by: Petr Lautrbach <plautrba@redhat.com>

Merged. Thanks!


> ---
>  libselinux/man/man8/selinux.8 | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8
> index 0ef01460..5842150b 100644
> --- a/libselinux/man/man8/selinux.8
> +++ b/libselinux/man/man8/selinux.8
> @@ -94,6 +94,13 @@ and reboot.
>  also has this capability.  The
>  .BR restorecon / fixfiles
>  commands are also available for relabeling files.
> +
> +Please note that using mount flag
> +.I nosuid
> +also disables SELinux domain transitions, unless permission
> +.I nosuid_transition
> +is used in the policy to allow this, which in turn needs also policy capability
> +.IR nnp_nosuid_transition .
>  .
>  .SH AUTHOR
>  This manual page was written by Dan Walsh <dwalsh@redhat.com>.
> -- 
> 2.30.2


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-06-18 14:51 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-12  9:07 [PATCH] selinux.8: document how mount flag nosuid affects SELinux Topi Miettinen
2021-06-18 14:51 ` Petr Lautrbach

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).