Hello, I noticed that the selinux-testsuite (https://github.com/SELinuxProject/selinux-testsuite) nfs_filesystem test recently started to spuriously fail on latest mainline-based kernels (the root directory didn't have the expected SELinux label after a specific sequence of exports/unexports + mounts/unmounts). I bisected (and revert-tested) the regression to: commit fc2a169c56de0860ea7599ea6f67ad5fc451bde1 Author: Li Lingfeng <lilingfeng3@xxxxxxxxxx> Date: Fri Dec 27 16:33:53 2024 +0800 sunrpc: clean cache_detail immediately when flush is written frequently It's not immediately obvious to me what the bug is, so I'm posting this to relevant people/lists in the hope they can debug and fix this better than I could. I'm attaching a simplified reproducer. Note that it only tries 50 iterations, but sometimes that's not enough to trigger the bug. It requires a system with SELinux enabled and probably a policy that is close enough to Fedora's. I tested it on Fedora Rawhide, but it should probably also work on other SELinux-enabled distros that use the upstream refpolicy. -- Ondrej Mosnacek Senior Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.
Attachment:
reproduce_nfs_mount_regression.sh
Description: application/shellscript
