On Mon, Apr 14, 2025 at 4:09 PM Chuck Lever <chuck.lever@xxxxxxxxxx> wrote: > > On 4/14/25 6:53 AM, Ondrej Mosnacek wrote: > > Hello, > > > > I noticed that the selinux-testsuite > > (https://github.com/SELinuxProject/selinux-testsuite) nfs_filesystem > > test recently started to spuriously fail on latest mainline-based > > kernels (the root directory didn't have the expected SELinux label > > after a specific sequence of exports/unexports + mounts/unmounts). > > > > I bisected (and revert-tested) the regression to: > > > > commit fc2a169c56de0860ea7599ea6f67ad5fc451bde1 > > Author: Li Lingfeng <lilingfeng3@xxxxxxxxxx> > > Date: Fri Dec 27 16:33:53 2024 +0800 > > > > sunrpc: clean cache_detail immediately when flush is written frequently > > > > It's not immediately obvious to me what the bug is, so I'm posting > > this to relevant people/lists in the hope they can debug and fix this > > better than I could. > > > > I'm attaching a simplified reproducer. > > It looks like the attachment did not make it through. It did for me, here is the script: >>>>> #!/bin/bash set -e systemctl start nfs-server for (( i = 0; i < 50; i++ )); do exportfs -o rw,no_root_squash,security_label localhost:/var mount -t nfs -o nfsvers=4.2,proto=tcp,clientaddr=127.0.0.1,addr=127.0.0.1,context=system_u:object_r:etc_t:s0 localhost:/var/lib /mnt secon -t -f /mnt umount /mnt exportfs -u localhost:/var exportfs -o rw,no_root_squash localhost:/var mount -t nfs -o nfsvers=4.2,proto=tcp,clientaddr=127.0.0.1,addr=127.0.0.1,context=system_u:object_r:etc_t:s0 localhost:/var/lib /mnt secon -t -f /mnt umount /mnt mount -t nfs -o nfsvers=4.2,proto=tcp,clientaddr=127.0.0.1,addr=127.0.0.1 localhost:/var/lib /mnt secon -t -f /mnt label="$(secon -t -f /mnt)" umount /mnt exportfs -u localhost:/var [ "$label" = "nfs_t" ] || exit 1 done exit 0 >>>>> -- paul-moore.com
