On 10/20/20 12:17 PM, Mark Salyzyn wrote:
Because of the overlayfs getxattr recursion, the incoming inode fails
to update the selinux sid resulting in avc denials being reported
against a target context of u:object_r:unlabeled:s0.
Solution is to respond to the XATTR_NOSECURITY flag in get xattr
Hi Mark,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on miklos-vfs/overlayfs-next]
[also build test ERROR on linus/master next-20201016]
[cannot apply to ext4/dev security/next-testing v5.9]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And
Because of the overlayfs getxattr recursion, the incoming inode fails
to update the selinux sid resulting in avc denials being reported
against a target context of u:object_r:unlabeled:s0.
Solution is to respond to the XATTR_NOSECURITY flag in get xattr
method that calls the __vfs_getxattr handler
3 matches
Mail list logo
