From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7728EA04B5; Fri, 2 Oct 2020 14:12:52 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 0CDBC1D56C; Fri, 2 Oct 2020 14:12:51 +0200 (CEST) Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id 6628F1D55F; Fri, 2 Oct 2020 14:12:47 +0200 (CEST) IronPort-SDR: CD75BciYLJdwP8yc9YOPX0+P8hbahtrV9mriFtX9t1Ur1s/GRGvZe5VFfGngEp2sNcNZQgEOCg IwCu+5hEL+JA== X-IronPort-AV: E=McAfee;i="6000,8403,9761"; a="227100519" X-IronPort-AV: E=Sophos;i="5.77,327,1596524400"; d="scan'208";a="227100519" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Oct 2020 05:12:39 -0700 IronPort-SDR: UsUG0TrfiFXBIH4rEthJ6gNsLX1UDPPCFv+m/MRCafoiR3HOsnlp9HRE9czJENdXhhxPHy+Ext vd1pY8KutHGg== X-IronPort-AV: E=Sophos;i="5.77,327,1596524400"; d="scan'208";a="508334414" Received: from aburakov-mobl.ger.corp.intel.com (HELO [10.213.219.167]) ([10.213.219.167]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Oct 2020 05:12:37 -0700 To: David Marchand Cc: dev , Maxime Coquelin , Sebastian Scheinkman , dpdk stable , Aaron Conole References: <20200910162407.12669-1-david.marchand@redhat.com> <41283b3a-5591-da2b-dea3-f069248d3265@intel.com> From: "Burakov, Anatoly" Message-ID: Date: Fri, 2 Oct 2020 13:12:24 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [PATCH] eal/linux: fix memory allocations in containers+SELinux X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 02-Oct-20 10:36 AM, David Marchand wrote: > On Thu, Sep 17, 2020 at 4:47 PM David Marchand > wrote: >> >> On Thu, Sep 17, 2020 at 4:17 PM Burakov, Anatoly >> wrote: >>> Anonymous hugepages shouldn't matter, yes, but single-file segments mode >>> does fallocate() and remove - you have the remove part covered, but i'm >>> just curious if fallocate() would also cause any issues with SELinux. >> >> I found no hook in the kernel for fallocate + selinux... >> Looked into fallocate itself and it ends up validating lsm write >> access on the file. >> >> I don't have the full setup atm but since I could truncate and write >> to it, I'd say we are good. > > I could not gain access to the same setup again. > > FWIW, I tried with my reproducer: > - no issue with --in-memory option (with or without patch) > > - error correctly detected (with this patch) in normal mode after restarting: > Acked-by: Anatoly Burakov -- Thanks, Anatoly