Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753814AbdFVTAW (ORCPT ); Thu, 22 Jun 2017 15:00:22 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:37619 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753770AbdFVTAH (ORCPT ); Thu, 22 Jun 2017 15:00:07 -0400 From: Stefan Berger To: ebiederm@xmission.com, containers@lists.linux-foundation.org Cc: lkp@01.org, xiaolong.ye@intel.com, linux-kernel@vger.kernel.org, zohar@linux.vnet.ibm.com, serge@hallyn.com, tycho@docker.com, James.Bottomley@HansenPartnership.com, christian.brauner@mailbox.org, stefanb@linux.vnet.ibm.com, vgoyal@redhat.com, amir73il@gmail.com, linux-security-module@vger.kernel.org Subject: [PATCH 3/3] Enable security.selinux in user namespaces Date: Thu, 22 Jun 2017 14:59:49 -0400 X-Mailer: git-send-email 2.5.5 In-Reply-To: <1498157989-11814-1-git-send-email-stefanb@linux.vnet.ibm.com> References: <1498157989-11814-1-git-send-email-stefanb@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 17062219-2213-0000-0000-000001E5A6F4 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00007273; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000214; SDB=6.00878407; UDB=6.00437683; IPR=6.00658543; BA=6.00005437; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00015926; XFM=3.00000015; UTC=2017-06-22 19:00:03 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17062219-2214-0000-0000-0000569B9B24 Message-Id: <1498157989-11814-4-git-send-email-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-06-22_08:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1706220324 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 678 Lines: 24 Before the current modifications, SELinux extended attributes were visible inside the user namespace but changes in patch 1 hid them. This patch enables security.selinux in user namespaces and allows them to be written to in the same way as security.capability. Signed-off-by: Stefan Berger --- fs/xattr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/xattr.c b/fs/xattr.c index 045be85..37686ee 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -138,6 +138,7 @@ xattr_permission(struct inode *inode, const char *name, int mask) */ static const char *const userns_xattrs[] = { XATTR_NAME_CAPS, + XATTR_NAME_SELINUX, NULL }; -- 2.7.4