From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 77956A04B1; Tue, 6 Oct 2020 01:13:16 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 780372B8B; Tue, 6 Oct 2020 01:13:14 +0200 (CEST) Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) by dpdk.org (Postfix) with ESMTP id 3FD5F2B82; Tue, 6 Oct 2020 01:13:12 +0200 (CEST) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id A10859E2; Mon, 5 Oct 2020 19:13:09 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Mon, 05 Oct 2020 19:13:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monjalon.net; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s=fm2; bh= hk+2HGgWQWTr724F4cxjLoWxF9zJ7d2Pil9m5InqUcg=; b=mE22+jf9H6ibl6nI hIcE8IO5Rrxo05Zu54pK5HeefZReGQYyusSfB0XVqtCB0ID2/VAruKDaUhKJp/Xz 0PRF/Yty2rjpALIXOn/gEWXQhfGmN1FQ5GY0Lj+LBxv7zf8N3kADflu7dUIDCgJE ffZJ3/e5hHEEX2ITzsK99IlZkhU4yNa+ZPf9RVGGMfKtabM9xjTfiPIHbL5jD7bo 9OSHnckuCohbW5EJw1qA0p6N0S7Ypqkb4oxpOLTamn4wtaC8SbmPJi6dtTln1vY7 FzzYNm6nndskcjTpatyQI4XdoMPDMSid/JI1sg5/pRIddh5CO7jT7XkltL8VEbpW mjOIAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=hk+2HGgWQWTr724F4cxjLoWxF9zJ7d2Pil9m5InqU cg=; b=GD84mNsB7iTG7kdbnd+lY/tGtvcrojMunCCiflDEpCoosG4MzN9EvlTfj 6QxNw9XeHwwYoxhWEQH7IA76DbY+Z79ihz1XVH6nH8UM8JmrgKYdLro7tScB7k3l R4kK8skDfqDJt68CbTtOgzidTxskunXiGMIX7WVxhV3+KV2n2vX1okYVyW9qSkdZ X0hvPehUvNy8Vvndtv/F5Q8DHPEpyLskKFPtE2is2elZBoOufGgb8m+P1gzNOb1t Rjb2dDxZKALezAHK2dYK7wZiDIEP8CMmoyX2aUcmiCjm94Jsb2CfWEGsLskmeIbO tqqcbRRC3SVp+QmAo4fqGirm6TeSg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrgeefgddulecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefhvffufffkjghfggfgtgesthfuredttddtvdenucfhrhhomhepvfhhohhmrghs ucfoohhnjhgrlhhonhcuoehthhhomhgrshesmhhonhhjrghlohhnrdhnvghtqeenucggtf frrghtthgvrhhnpedugefgvdefudfftdefgeelgffhueekgfffhfeujedtteeutdejueei iedvffegheenucfkphepjeejrddufeegrddvtdefrddukeegnecuvehluhhsthgvrhfuih iivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepthhhohhmrghssehmohhnjhgrlhho nhdrnhgvth X-ME-Proxy: Received: from xps.localnet (184.203.134.77.rev.sfr.net [77.134.203.184]) by mail.messagingengine.com (Postfix) with ESMTPA id 737AB3280063; Mon, 5 Oct 2020 19:13:07 -0400 (EDT) From: Thomas Monjalon To: David Marchand Cc: dev@dpdk.org, Maxime Coquelin , Sebastian Scheinkman , dpdk stable , Aaron Conole , "Burakov, Anatoly" , rasland@nvidia.com, Slava Ovsiienko Date: Tue, 06 Oct 2020 01:13:06 +0200 Message-ID: <5847579.AWupWrHo64@thomas> In-Reply-To: References: <20200910162407.12669-1-david.marchand@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Subject: Re: [dpdk-dev] [PATCH] eal/linux: fix memory allocations in containers+SELinux X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" 02/10/2020 14:12, Burakov, Anatoly: > On 02-Oct-20 10:36 AM, David Marchand wrote: > > On Thu, Sep 17, 2020 at 4:47 PM David Marchand > > wrote: > >> > >> On Thu, Sep 17, 2020 at 4:17 PM Burakov, Anatoly > >> wrote: > >>> Anonymous hugepages shouldn't matter, yes, but single-file segments mode > >>> does fallocate() and remove - you have the remove part covered, but i'm > >>> just curious if fallocate() would also cause any issues with SELinux. > >> > >> I found no hook in the kernel for fallocate + selinux... > >> Looked into fallocate itself and it ends up validating lsm write > >> access on the file. > >> > >> I don't have the full setup atm but since I could truncate and write > >> to it, I'd say we are good. > > > > I could not gain access to the same setup again. > > > > FWIW, I tried with my reproducer: > > - no issue with --in-memory option (with or without patch) > > > > - error correctly detected (with this patch) in normal mode after restarting: > > Acked-by: Anatoly Burakov Applied, thanks