Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp837109ybv; Wed, 19 Feb 2020 10:14:09 -0800 (PST) X-Google-Smtp-Source: APXvYqyI3g/7g6u2gPAm/CgQH1bxJpDZ6mTR/Okq12ie981Ji1G9lQ6e4pzyGi0dWdDM/gdKZ+Ar X-Received: by 2002:aca:2207:: with SMTP id b7mr5569357oic.109.1582136049162; Wed, 19 Feb 2020 10:14:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582136049; cv=none; d=google.com; s=arc-20160816; b=X+64iWyhm0+FAKEwc8FaRJb5OJ5mJOH8fbYFPtQJkIcdUGDPHIeenuK23H425EQXxJ u4SuX++Pf7VN2FAUmvTY2/w3jsOdIDNdZ53gZ19UTNmSbIVvqEiD/+gdK+hiAATBB/zr rq4TQM/pdSc6kEcN5/uPooa4O+hggp0kV9LfgzlGFLPo1TNMOiJE6lBbw02qHzjj0ajX IDrtCc8D2hcilL5sCFqzDr28TVZasttsHn2cuW0+9/kekoExRFiQrM32ugFxwS52cY1g u8DQH50Qy7dkPkxER81YEWtdz+uz13OdLm9aP7sBQcT35rmH1hrcIRQYo4edtmqwMhzC xhHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=rLKBxi5WGjN+iPv8WFpVZxf/1qlcrf712f5AoK942qA=; b=t42gJfdH/CzLGZ6WTx7g4Y84fJSW1GJFZYdDxQU5QaNdmsd7QwexsNcxtJqpLZWywt CYuMU+2B014zNC2WrQLF4TZTIW6Hfi7uXZQmb/rWlUYTLZKooK0FBbeUD53E5Wbfk6Vh ZlJVsDaIMKTkTyPJmtoxVfmRlUpVhR3Lm7cVM5uB+zk1aYnbdQ+2i1DXhIOK3gBaaXKA ++1L7rxTl8Nj83r0UoBpmvubNCDKan5Kq9SYb1DvBOmCR437M/8ESpfPZrGiSfw/u4vW GEcg6+aZ68/CceFcHQ8yyaUl7V/vPuFgYCxAdzdCMcbCLbbi3s7wLjjJw3mURfFU8yVA YBXA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f3si9831319oia.264.2020.02.19.10.13.56; Wed, 19 Feb 2020 10:14:09 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726598AbgBSSNs (ORCPT + 99 others); Wed, 19 Feb 2020 13:13:48 -0500 Received: from fieldses.org ([173.255.197.46]:43664 "EHLO fieldses.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726582AbgBSSNs (ORCPT ); Wed, 19 Feb 2020 13:13:48 -0500 Received: by fieldses.org (Postfix, from userid 2815) id 01BE7BCE; Wed, 19 Feb 2020 13:13:47 -0500 (EST) Date: Wed, 19 Feb 2020 13:13:47 -0500 From: "J. Bruce Fields" To: Richard Haines Cc: smayhew@redhat.com, paul@paul-moore.com, sds@tycho.nsa.gov, selinux@vger.kernel.org, linux-nfs@vger.kernel.org Subject: Re: Test to trace NFS unlabeled bug Message-ID: <20200219181347.GB23275@fieldses.org> References: <20200219180720.GA23275@fieldses.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200219180720.GA23275@fieldses.org> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Wed, Feb 19, 2020 at 01:07:20PM -0500, J. Bruce Fields wrote: > On Wed, Feb 19, 2020 at 06:03:02PM +0000, Richard Haines wrote: > > I've been building selinux-testsuite tests for various filesystems and > > have come across an unlabeled issue when testing. Stephen thinks that > > this is a bug sometimes seen with labeled NFS, where the top-level > > mounted directory shows up with unlabeled_t initially, then later gets > > refreshed to a valid context. > > > > I've put together a test script, policy module and mount prog to > > facilitate debugging this issue. I've set out how I tested this on a > > Fedora 31 system below, if any problems let me know. > > Thanks! Adding the nfs group to the cc. > > I seem to recall a report of a similar bug in the Red Hat bugzilla, that > I spent a little time investigating and couldn't pin down. I'll see if > I can dig that up. This one: https://bugzilla.redhat.com/show_bug.cgi?id=1625955 It should be publicy visible. --b.