[dpdk-dev] [PATCH] eal/linux: fix memory allocations in containers+SELinux

Burakov, Anatoly anatoly.burakov at intel.com
Fri Oct 2 14:12:24 CEST 2020

Previous message: [dpdk-dev] [PATCH] eal/linux: fix memory allocations in containers+SELinux
Next message: [dpdk-dev] [PATCH] eal/linux: fix memory allocations in containers+SELinux
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 02-Oct-20 10:36 AM, David Marchand wrote:
> On Thu, Sep 17, 2020 at 4:47 PM David Marchand
> <david.marchand at redhat.com> wrote:
>>
>> On Thu, Sep 17, 2020 at 4:17 PM Burakov, Anatoly
>> <anatoly.burakov at intel.com> wrote:
>>> Anonymous hugepages shouldn't matter, yes, but single-file segments mode
>>> does fallocate() and remove - you have the remove part covered, but i'm
>>> just curious if fallocate() would also cause any issues with SELinux.
>>
>> I found no hook in the kernel for fallocate + selinux...
>> Looked into fallocate itself and it ends up validating lsm write
>> access on the file.
>>
>> I don't have the full setup atm but since I could truncate and write
>> to it, I'd say we are good.
> 
> I could not gain access to the same setup again.
> 
> FWIW, I tried with my reproducer:
> - no issue with --in-memory option (with or without patch)
> 
> - error correctly detected (with this patch) in normal mode after restarting:
> 

Acked-by: Anatoly Burakov <anatoly.burakov at intel.com>

-- 
Thanks,
Anatoly

Previous message: [dpdk-dev] [PATCH] eal/linux: fix memory allocations in containers+SELinux
Next message: [dpdk-dev] [PATCH] eal/linux: fix memory allocations in containers+SELinux
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list