On Thu, Feb 9, 2017 at 5:32 PM, Antonio Murdaca <[email protected]> wrote: > > > On Feb 9, 2017 20:23, "Paul Moore" <[email protected]> wrote: > > On Thu, Feb 9, 2017 at 12:39 PM, Antonio Murdaca <[email protected]> > wrote: >> On Feb 9, 2017 17:14, "Paul Moore" <[email protected]> wrote: >> On Thu, Feb 9, 2017 at 11:02 AM, Antonio Murdaca <[email protected]> >> wrote: >>> From: Antonio Murdaca <[email protected]> >>> >>> This patch allows genfscon per-file labeling for cgroupfs. For instance, >>> this allows to label the "release_agent" file within each >>> cgroup mount and limit writes to it. >>> >>> Signed-off-by: Antonio Murdaca <[email protected]> >>> --- >>> security/selinux/hooks.c | 2 ++ >>> 1 file changed, 2 insertions(+) >> >> This was already merged ... ? >> >> >> This is adding cgroup and cgroup2 to the other whitelist (afaict). > > Yes, my apologies, I read this patch too quickly and confused it with > the previous cgroups patch. > > Just to set expectations, this patch is too late for the upcoming > merge window, we can consider it in a few weeks once the merge window > has closed. This should give you some time to do some further testing > (hint, hint). > > > Sure, I'm going to test this and add tests in selinux-testsuite as well
Great, thank you. -- paul moore www.paul-moore.com
