Re: [Bug #11500] /proc/net bug related to selinux

From: Eric W. Biederman <hidden>
Date: 2008-09-17 23:05:31
Also in: lkml

Possibly related (same subject, not in this thread)

2008-09-29 · Re: [Bug #11500] /proc/net bug related to selinux · Stephen Smalley <hidden>
2008-09-19 · Re: [Bug #11500] /proc/net bug related to selinux · Stephen Smalley <hidden>
2008-09-19 · Re: [Bug #11500] /proc/net bug related to selinux · <hidden>
2008-09-18 · Re: [Bug #11500] /proc/net bug related to selinux · Stephen Smalley <hidden>
2008-09-18 · Re: [Bug #11500] /proc/net bug related to selinux · Eric W. Biederman <hidden>

Andrew Morton [off-list ref] writes:

On Wed, 17 Sep 2008 18:12:59 -0400
Paul Moore [off-list ref] wrote:

quoted

We don't even know the extent of the damage yet.  Which distros were
affected? With which versions of which userspace packages?

Can I assume that the "right" thing to do would be to find the problem 
and revert whatever change caused the issue, yes?  Or are we happy to 
wait and see since the fallout so far has been minimal?

I don't think a revert is justified after all this time.  afaik I'm the
first person to notice the problem, and it's been out there for
multiple months.

However it would be good if we could find some not-completely-stinky
way of making the old userspace work.

otoh, people who are shipping 2.6.25- and 2.6.26-based distros probably
wouldn't want such a patch in their kernels anyway.

Disable selinux?

Get a selinux mystic to update that selinux policy.  I bet it is a one line
change to each the policy about /proc/net as a symlink.

Although I am puzzled why we don't get the same label as /proc/net as a directory
had.

Eric

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help