On Wed, Jun 12, 2019 at 3:37 AM Ondrej Mosnacek omosnace@redhat.com wrote:
On Wed, Jun 12, 2019 at 12:56 AM Paul Moore paul@paul-moore.com wrote:
On Tue, Jun 11, 2019 at 4:07 AM Ondrej Mosnacek omosnace@redhat.com wrote:
These strings may come from untrusted sources (e.g. file xattrs) so they need to be properly escaped.
Reproducer: # setenforce 0 # touch /tmp/test # setfattr -n security.selinux -v 'kuřecí řízek' /tmp/test # runcon system_u:system_r:sshd_t:s0 cat /tmp/test (look at the generated AVCs)
Actual result: type=AVC [...] trawcon=kuřecí řízek
Expected result: type=AVC [...] trawcon=6B75C5996563C3AD20C599C3AD7A656B
Fixes: fede148324c3 ("selinux: log invalid contexts in AVCs") Cc: stable@vger.kernel.org # v5.1+ Signed-off-by: Ondrej Mosnacek omosnace@redhat.com
security/selinux/avc.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)
Thanks, the patch looks fine to me, but it is borderline -stable material in my opinion. I'll add it to the stable-5.2 branch, but in the future I would prefer if you left the stable marking off patches and sent a reply discussing *why* this should go to stable so we can discuss it. I realize Greg likes to pull a lot of stuff into stable, but I try to be a bit more conservative about what gets marked. Even the simplest fix can still break things :)
OK, I was a bit unsure whether to mark it as stable or not and eventually inclined to do so... I'll try be more careful about it in the future.
If it makes you feel better, it's not that big of a deal, I just felt it was worth mentioning since we've been doing a bit of a "best practices for submitting SELinux kernel patches" on the mailing list lately and I felt this was worth mentioning. The basic idea is that I think marking something for stable shouldn't be taken lightly and it is worth a discussion, even if it is short.