[PATCH] selinux: always allow mounting submounts
Eric W. Biederman
ebiederm at xmission.com
Wed Nov 28 17:38:39 UTC 2018
Ondrej Mosnacek <omosnace at redhat.com> writes:
> On Wed, Nov 28, 2018 at 4:42 PM Eric W. Biederman <ebiederm at xmission.com> wrote:
>>
>> A few late comments on this.
>>
>> The change mentioned in fixes did not remove a SB_KERNMOUNT so I don't
>> see how it is a fix for that. That change just added SB_SUBMOUNT so you
>> can test for and detect this situation. Are you seeing something that I
>> am not in that change?
>
> No, you're right that this patch doesn't "fix" that commit in the
> usual sense (the bug has pretty much always been there). However, that
> commit is the one that introduces the SB_KERNMOUNT flag and thus this
> patch can be only applied on trees that have that commit. That's what
> I tried to communicate with the "Fixes:" tag. Maybe I abused it a
> little, but it is often used to guide backporting so I figured it
> would make sense like this.
That makes sense. In cases like that I use Ref: instead of Fixes:
That makes the connection clear, without implying the other patch was
wrong.
That and I would say something like. It is now possible to fix this
as submounts are not detectable. Or something like that.
Eric
More information about the Linux-security-module-archive
mailing list