Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp4857797pxb; Tue, 5 Oct 2021 11:50:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyXkDk64sJAvb+IuQOAycZCUn210f4iwD0gmhhIuPnEbTxORXxOYZFcuTbtJspi7SnUSs4u X-Received: by 2002:a62:7e4e:0:b0:44c:51f5:5895 with SMTP id z75-20020a627e4e000000b0044c51f55895mr15840381pfc.73.1633459833710; Tue, 05 Oct 2021 11:50:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633459833; cv=none; d=google.com; s=arc-20160816; b=q+bUGgHgicc+cGpS42gU+byAgxqCXfNjrNtvMQHJqnl0Wp93Nz+EvJgR4IU6nwHwnN EsBAJfvwCNrPijoUSFU9iKld+U2UoL/H0XScke1wCIMo8m240Kn/TuuYoO+rXqeS720G AuZBoaCEqU3DsjOUIVsua4e8A/zsfw/qvc4AkjzpDQN6+hGgcOrBtdSUycugUDfD7SC+ eOt7BxVSraCPm5aBHFUgmwdFZLwnODF0mmj95V48q8Nda4NUMNPKHHriwP5W7GLrL1BS uXTQ2SkovJnCz/m5ByJcizKtix0uwpUuZuneLWBG3DNREa8LQJrPQq5jY+YNrC175rzm wBIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=NhJmJ2GhjrChFePNVIANkzFcmmBCmTxHwcluBZ+z/ho=; b=gzeEc8s08nO+lX7YbO+ZRO3BfvNzBa9p+c/Mbg/ybJlC50jZogH+2QkjO9NpWJuK88 95QeFBYOQoYPlpLgUitZzxh6JtPkNcnSulT+9TmWS2JrAlsKBac0/h9uQ/vJ17U83XSB 4ei0PHASdTE9XcDfObQ565c/caNDIzyGXY+nMNZBlmkzSEDnSO1Cj1wQKRPdbhvzgrpA 4FQRdLGp9ufEZnyHfnEtdpgBWjhlUNtxCaB11QmmaB1EwumTT2fB35ZPRIJsWdAiXD8i frX2qSSm5bDbXe+21Ld2HfPRVlWXPZBoS/97dETZXD0KlcZROCzjQDNCfrlactlW2ysy 4cJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=FUPHd3CI; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ieee.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l22si20202226pff.260.2021.10.05.11.50.26; Tue, 05 Oct 2021 11:50:33 -0700 (PDT) Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=FUPHd3CI; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ieee.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229679AbhJESwQ (ORCPT + 21 others); Tue, 5 Oct 2021 14:52:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50688 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229662AbhJESwQ (ORCPT ); Tue, 5 Oct 2021 14:52:16 -0400 Received: from mail-qv1-xf31.google.com (mail-qv1-xf31.google.com [IPv6:2607:f8b0:4864:20::f31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4DCCEC061749 for ; Tue, 5 Oct 2021 11:50:25 -0700 (PDT) Received: by mail-qv1-xf31.google.com with SMTP id a9so343465qvf.0 for ; Tue, 05 Oct 2021 11:50:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=NhJmJ2GhjrChFePNVIANkzFcmmBCmTxHwcluBZ+z/ho=; b=FUPHd3CI91XKB+MJOJLhYCmhjmLrPpxJRRuiiBneb/gtLytW7sD8KIffDhsij00tDi DEjAnVEbRqq4+r7r6rVRicbWKh4q52YMEjcsaUZ2RRkRAHoKLL+SD7G+af+pHIBRTrH1 vL7GvdgQUZVucQyW/JQrbwBo3JWyMe5kd6fbg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=NhJmJ2GhjrChFePNVIANkzFcmmBCmTxHwcluBZ+z/ho=; b=arBcWG44cyW9LP9JpAuu4JpUWsnvcP5O2oVgTv53JPGZmP7r9FzmYNW3fRaTZ48OuU L+QvT82xUfz79Cc/QNYZKqefbGxZBOV/L5PXJAzeiYXAG8/xbtg3IdmD2PhENO/GfpJT lgi2kpbqxZLgzuI8zA9+zkYArgOyDkxBVT2zs9JXLVtVv4YM5xaW2cUdRhHoUP9SQ/Fd Mr4JHs1shpscCAqNEQTG7G0Jtt/DiyK8Kqg3Avq0iiY4m/YFS2x2cxn3bI2sS8zLTXMp 3zaty5d+MrM6wAWzXfal7Wbt9srm0xbBvhEfahhdxkcGl7d6doAMzq7GWCJpVs9gkb2i Kl0A== X-Gm-Message-State: AOAM530nNr71BG4Y6KI0Us2i8cpKitmSoAAXIMTohPVCvOEXybfGv4Xa Xff/O9oxRk4jc2rVAIVtic2Wzg== X-Received: by 2002:a0c:f450:: with SMTP id h16mr29454818qvm.28.1633459824167; Tue, 05 Oct 2021 11:50:24 -0700 (PDT) Received: from fedora.pebenito.net ([72.85.44.115]) by smtp.gmail.com with ESMTPSA id p19sm9711660qkk.83.2021.10.05.11.50.23 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 05 Oct 2021 11:50:23 -0700 (PDT) Subject: Re: [PATCH] Add erofs as a SELinux capable file system To: Gao Xiang , selinux-refpolicy@vger.kernel.org Cc: linux-erofs@lists.ozlabs.org, David Michael References: <8735pjoxbk.fsf@gmail.com> <20211004035901.5428-1-xiang@kernel.org> From: Chris PeBenito Message-ID: <26267281-d183-6d5c-6490-57c7376625ab@ieee.org> Date: Tue, 5 Oct 2021 14:50:22 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <20211004035901.5428-1-xiang@kernel.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On 10/3/21 11:59 PM, Gao Xiang wrote: > EROFS supported the security xattr handler from Linux v4.19. > Add erofs to the filesystem policy now. > > Reported-by: David Michael > Signed-off-by: Gao Xiang > --- > policy/modules/kernel/filesystem.te | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te > index 7282acba8537..8109348f70de 100644 > --- a/policy/modules/kernel/filesystem.te > +++ b/policy/modules/kernel/filesystem.te > @@ -24,6 +24,7 @@ sid fs gen_context(system_u:object_r:fs_t,s0) > # Requires that a security xattr handler exist for the filesystem. > fs_use_xattr btrfs gen_context(system_u:object_r:fs_t,s0); > fs_use_xattr encfs gen_context(system_u:object_r:fs_t,s0); > +fs_use_xattr erofs gen_context(system_u:object_r:fs_t,s0); > fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0); > fs_use_xattr ext3 gen_context(system_u:object_r:fs_t,s0); > fs_use_xattr ext4 gen_context(system_u:object_r:fs_t,s0); Merged. Thanks! -- Chris PeBenito