On Wed, Jul 24, 2019 at 10:57 PM Mark Salyzyn wrote:
>
> Because of the overlayfs getxattr recursion, the incoming inode fails
> to update the selinux sid resulting in avc denials being reported
> against a target context of u:object_r:unlabeled:s0.
This description is too brief for me to underst
Because of the overlayfs getxattr recursion, the incoming inode fails
to update the selinux sid resulting in avc denials being reported
against a target context of u:object_r:unlabeled:s0.
Solution is to add a _get xattr method that calls the __vfs_getxattr
handler so that the context can be read
2 matches
Mail list logo
