On 02-Oct-20 10:36 AM, David Marchand wrote:
On Thu, Sep 17, 2020 at 4:47 PM David Marchand
<david.march...@redhat.com> wrote:
On Thu, Sep 17, 2020 at 4:17 PM Burakov, Anatoly
<anatoly.bura...@intel.com> wrote:
Anonymous hugepages shouldn't matter, yes, but single-file segments mode
does fallocate() and remove - you have the remove part covered, but i'm
just curious if fallocate() would also cause any issues with SELinux.
I found no hook in the kernel for fallocate + selinux...
Looked into fallocate itself and it ends up validating lsm write
access on the file.
I don't have the full setup atm but since I could truncate and write
to it, I'd say we are good.
I could not gain access to the same setup again.
FWIW, I tried with my reproducer:
- no issue with --in-memory option (with or without patch)
- error correctly detected (with this patch) in normal mode after restarting:
Acked-by: Anatoly Burakov <anatoly.bura...@intel.com>
--
Thanks,
Anatoly
