| Message ID | 20210612090738.22408-1-toiwoton@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | selinux.8: document how mount flag nosuid affects SELinux | expand |
Topi Miettinen <toiwoton@gmail.com> writes: > Using mount flag `nosuid` also affects SELinux domain transitions but > this has not been documented well. > > Signed-off-by: Topi Miettinen <toiwoton@gmail.com> > Acked-by: Petr Lautrbach <plautrba@redhat.com> Merged. Thanks! > --- > libselinux/man/man8/selinux.8 | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8 > index 0ef01460..5842150b 100644 > --- a/libselinux/man/man8/selinux.8 > +++ b/libselinux/man/man8/selinux.8 > @@ -94,6 +94,13 @@ and reboot. > also has this capability. The > .BR restorecon / fixfiles > commands are also available for relabeling files. > + > +Please note that using mount flag > +.I nosuid > +also disables SELinux domain transitions, unless permission > +.I nosuid_transition > +is used in the policy to allow this, which in turn needs also policy capability > +.IR nnp_nosuid_transition . > . > .SH AUTHOR > This manual page was written by Dan Walsh <dwalsh@redhat.com>. > -- > 2.30.2
diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8 index 0ef01460..5842150b 100644 --- a/libselinux/man/man8/selinux.8 +++ b/libselinux/man/man8/selinux.8 @@ -94,6 +94,13 @@ and reboot. also has this capability. The .BR restorecon / fixfiles commands are also available for relabeling files. + +Please note that using mount flag +.I nosuid +also disables SELinux domain transitions, unless permission +.I nosuid_transition +is used in the policy to allow this, which in turn needs also policy capability +.IR nnp_nosuid_transition . . .SH AUTHOR This manual page was written by Dan Walsh <dwalsh@redhat.com>.
Using mount flag `nosuid` also affects SELinux domain transitions but this has not been documented well. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> --- libselinux/man/man8/selinux.8 | 7 +++++++ 1 file changed, 7 insertions(+)