From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755975Ab1AaSf4 (ORCPT ); Mon, 31 Jan 2011 13:35:56 -0500 Received: from msux-gh1-uea01.nsa.gov ([63.239.65.39]:46072 "EHLO msux-gh1-uea01.nsa.gov" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752227Ab1AaSfz (ORCPT ); Mon, 31 Jan 2011 13:35:55 -0500 Subject: Re: [PATCH 2/2] RFC: selinux: sysctl: fix selinux labeling broken by last patch From: Stephen Smalley To: Lucian Adrian Grijincu Cc: James Morris , Eric Paris , Al Viro , Christoph Hellwig , Dave Chinner , Arnd Bergmann , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux , "Eric W. Biederman" In-Reply-To: References: <1296482354.26427.21.camel@moss-pluto> <1296493175.26427.37.camel@moss-pluto> Content-Type: text/plain; charset="UTF-8" Organization: National Security Agency Date: Mon, 31 Jan 2011 13:35:40 -0500 Message-ID: <1296498940.26427.42.camel@moss-pluto> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 (2.32.1-1.fc14) Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2011-01-31 at 19:03 +0200, Lucian Adrian Grijincu wrote: > On Mon, Jan 31, 2011 at 6:59 PM, Stephen Smalley wrote: > > /proc/sys inode labeling was disabled earlier (hence marked S_PRIVATE) > > when /proc/sys was reimplemented by Eric, so all access control > > on /proc/sys was switched to using the sysctl hook rather than the > > inode-based checking. That's why you don't get a result from ls -Z > > on /proc/sys on current kernels. Getting actual labeling working again > > for those inodes would be a win, so your patch is an improvement in that > > regard for selinux. > > > Oh, OK. Thanks for letting me know. > > Do you see anything else that is wrong with these patches (apart from > "//deleted")? No, although I think someone should take them for a spin on a modern Fedora in enforcing mode for a bit, and likely run the selinux testsuite too. -- Stephen Smalley National Security Agency