02/10/2020 14:12, Burakov, Anatoly: > On 02-Oct-20 10:36 AM, David Marchand wrote: > > On Thu, Sep 17, 2020 at 4:47 PM David Marchand > > <david.march...@redhat.com> wrote: > >> > >> On Thu, Sep 17, 2020 at 4:17 PM Burakov, Anatoly > >> <anatoly.bura...@intel.com> wrote: > >>> Anonymous hugepages shouldn't matter, yes, but single-file segments mode > >>> does fallocate() and remove - you have the remove part covered, but i'm > >>> just curious if fallocate() would also cause any issues with SELinux. > >> > >> I found no hook in the kernel for fallocate + selinux... > >> Looked into fallocate itself and it ends up validating lsm write > >> access on the file. > >> > >> I don't have the full setup atm but since I could truncate and write > >> to it, I'd say we are good. > > > > I could not gain access to the same setup again. > > > > FWIW, I tried with my reproducer: > > - no issue with --in-memory option (with or without patch) > > > > - error correctly detected (with this patch) in normal mode after > > restarting: > > Acked-by: Anatoly Burakov <anatoly.bura...@intel.com>
Applied, thanks
