On Mon, Aug 08, 2022 at 12:20:48PM +0200, Alexander Grund wrote:
This patch fixes an inconsistency, if not a clear bug, with the extended permissions. To quote from the original discussion [1]:
The behavior of dontauditx and auditallowx appears to be broken making them useless.
[1] https://lore.kernel.org/selinux/6a791504-7728-3026-17ee-c22cbff8c3d1@gmail.c...
bauen1 (1): selinux: allow dontauditx and auditallowx rules to take effect without allowx
security/selinux/ss/services.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)
For obvious reasons, we can't take patches only for 4.9.y that are not also in newer kernel branches. You don't want to upgrade to 4.14.y and have a regression, right?
So this would need to be backported to 4.14.y, 4.19.y, 5.4.y, and 5.10.y before we could consider it.
BUT, as this is something that just never worked, why is it needed at all? Making it work is a "new feature", not really a bugfix for these older kernels as it is not a regression.
I'll drop this from my queue, if you really think it needs to come back, we need backports for all affected kernel branches.
thanks,
greg k-h