Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp1438578ybi; Fri, 14 Jun 2019 15:02:18 -0700 (PDT) X-Google-Smtp-Source: APXvYqxR8f9enKdcmEi9rcftY1PYu7yhkb/RwtU9lYjqCn+Cq3JyQNZpW+75HTi0MKmQ1Nc5p1f1 X-Received: by 2002:a17:90a:4803:: with SMTP id a3mr13582124pjh.58.1560549738378; Fri, 14 Jun 2019 15:02:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560549738; cv=none; d=google.com; s=arc-20160816; b=GXmtSV7/Xqn+7Bl1HtztjAmisP+wzndM+/XU5k3bfQvY9oy0e4kPG9ZuusVes2WGJ7 MxYWsJHj1eDmZr8fqexCotzfWKThQm2/Qo5W2kut4zgY2zB/wuoWtNcEgfbK0f53I7/3 Dha+kaet0zlLdDdukkrg8XVBBOjYkHw2LjjPp1+T9E5Y7JWtvdTgB7nuxcfLzwv7s7g8 LhjxTWk/DvTheaMuy2tICdU+Sd62BTd6hv07S3sLNy3xhN9Rx3Rm3s6SZFXfW4hHfNy5 GihskDL+mBoK+fMrpCEj9PwQ/OEK9XuAzMe9g0V1oX3SmMSr+nGEOO64Jwc8UjgvvKpX 7eeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :content-id:content-language:accept-language:message-id:date :thread-index:thread-topic:subject:to:from:dkim-signature; bh=CQQ0P7/lVdYuKW48nrYDku7/TV1A2/A7ijaFD+yXTJg=; b=rWvPH/mSpwGwxEE7cRC8qfFFWqhKxUKhM+3OWlZYmHKDNOecfF2Gz3/b1BHg0gqQgg kyuvcNyGge7M+Bwa1FEN+D6GQUWDY4SjlKH1UXyWASS0WfnUb+J+kkJAUXiivWSH/u0h 7ugNm5GVO+kKLTCDLLJjycM5z2jHy8k4Si0XQFp29zqy5TJ4Y0YGYtbLodIUSdW3POrm LCShgHq0H1dVr7wvoaSqKNfUPFdzRVDLkYej2WTpk4YaQ55DEGdu5guonb9JBYGWdYmA eitn9W12Ux4HmQz53Dr13Hi4hN7PuFJhONTTV8k1YU40sofNufl/9v5qhJBqwmKsAHCc 26vw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@starlab.io header.s=selector1 header.b="ae/AJf2Z"; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g10si3173766pjp.74.2019.06.14.15.01.56; Fri, 14 Jun 2019 15:02:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@starlab.io header.s=selector1 header.b="ae/AJf2Z"; spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726207AbfFNWBz (ORCPT + 11 others); Fri, 14 Jun 2019 18:01:55 -0400 Received: from mail-eopbgr840130.outbound.protection.outlook.com ([40.107.84.130]:39374 "EHLO GCC01-DM2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725996AbfFNWBz (ORCPT ); Fri, 14 Jun 2019 18:01:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=starlab.io; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CQQ0P7/lVdYuKW48nrYDku7/TV1A2/A7ijaFD+yXTJg=; b=ae/AJf2Zu51FKiOAJ07FhouVbl0yMHm8ESPsBKqWcPbx2yC4pCwayWQs8881/lGnuaFyDsqopm8ukoysJI5GhmnHtSLXX1Ri2GdhRrg2aY31mfk5HoqEO4hPyga2EGlaab2muTuNkW0BtDTS07w2Rmx0eN4pRLWWDT6qkBZVWIs= Received: from CH2PR09MB3878.namprd09.prod.outlook.com (10.255.156.83) by CH2PR09MB4171.namprd09.prod.outlook.com (10.186.136.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.7; Fri, 14 Jun 2019 22:01:52 +0000 Received: from CH2PR09MB3878.namprd09.prod.outlook.com ([fe80::e9e6:35b1:ff0f:8019]) by CH2PR09MB3878.namprd09.prod.outlook.com ([fe80::e9e6:35b1:ff0f:8019%7]) with mapi id 15.20.1987.013; Fri, 14 Jun 2019 22:01:52 +0000 From: Dan Noland To: "selinux-refpolicy@vger.kernel.org" Subject: fs_use_xattr question Thread-Topic: fs_use_xattr question Thread-Index: AQHVIvzFKIzbdp2sxUe72LFFtiYoEg== Date: Fri, 14 Jun 2019 22:01:52 +0000 Message-ID: <20190614220149.GE18841@starlab.io> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: MN2PR02CA0021.namprd02.prod.outlook.com (2603:10b6:208:fc::34) To CH2PR09MB3878.namprd09.prod.outlook.com (2603:10b6:610:3::19) authentication-results: spf=none (sender IP is ) smtp.mailfrom=dan@starlab.io; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [73.212.228.68] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: dea73b13-303b-4dcf-f8dc-08d6f113e82f x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020);SRVR:CH2PR09MB4171; x-ms-traffictypediagnostic: CH2PR09MB4171: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-forefront-prvs: 0068C7E410 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(376002)(396003)(39830400003)(136003)(346002)(366004)(51744003)(189003)(199004)(508600001)(14444005)(6486002)(99286004)(6436002)(256004)(14454004)(74482002)(6916009)(53936002)(5640700003)(26005)(6512007)(66066001)(186003)(7736002)(68736007)(305945005)(5660300002)(71190400001)(71200400001)(102836004)(6506007)(386003)(52116002)(3846002)(8676002)(25786009)(33656002)(36756003)(1076003)(4744005)(6116002)(2501003)(2906002)(73956011)(66446008)(86362001)(64756008)(66476007)(66556008)(476003)(2351001)(2616005)(66946007)(8936002)(7116003)(316002)(81166006)(81156014)(486006);DIR:OUT;SFP:1102;SCL:1;SRVR:CH2PR09MB4171;H:CH2PR09MB3878.namprd09.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: starlab.io does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: AxNOFm3MGoQ8E1JXskv72rNdh4jYM4pSriSTLdExShDYw0jfsUU4crHbQqSZDPIQmZuypNx9yjz73PUnLmYXVsV5f4qE03v8D/B1kfOssY7sdpY9dDcx1AyT5hGIpeCecSlF/btQcsAc+MI4cZ/hvrvRKI1xUHrqfiEMURT+/ZSpSi5LhZtGOKAjcwPkFq7buh3pHqJafagfCXBbIoEygDGNoDd19xNMQLe12nyIV18Gu+fVzZRueGI4e54NIsPB6eTr8XgUjSA4isDMI5mSLgkRNAcqFoTCMlPFeN86fGkbMntz39VxhUWAarxaYA6bhzPrre+TfH9DOSnJN1Im6sS7QEyyfTTcB93mkBctULW72Pzdi5sVIhnEOBF7qRG7C87p1yKmPp5ff4afz+dg4ku4RYMB294yorWtuUJH5t4= Content-Type: text/plain; charset="us-ascii" Content-ID: <27EFD95420A3CF43ABBA5A0BCCF9D72F@namprd09.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: starlab.io X-MS-Exchange-CrossTenant-Network-Message-Id: dea73b13-303b-4dcf-f8dc-08d6f113e82f X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jun 2019 22:01:52.3233 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5e611933-986f-4838-a403-4acb432ce224 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: dan@starlab.io X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR09MB4171 Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org - Hello - I have a custom stacked filesystem and I was having difficulty with security xattrs. I traced it back to missing: =20 fs_use_xattr myfs gen_context(system_u:object_r:fs_t,s0); Which works nicely when I rebuild/reinstall the base policy. However some experimentation and checking of old mailing posts seems to indicate that it is not possible to achieve this in a policy module.=20 Because my FS is stacked I would be perfectly happy just to inherit whatever the fs_use_xattr state of my lower filesystem is. Is there a best practice for achieving this or do I need to always rebuild the base policy? Thank you for your time. --=20 TY, Dan Noland