author | Paul Moore <pmoore@redhat.com> | |
Wed, 18 Sep 2013 17:52:20 +0000 (13:52 -0400) | ||
committer | Paul Moore <pmoore@redhat.com> | |
Wed, 18 Sep 2013 17:52:20 +0000 (13:52 -0400) |
Conflicts:
security/selinux/hooks.c
Pull Eric's existing SELinux tree as there are a number of patches in
there that are not yet upstream. There was some minor fixup needed to
resolve a conflict in security/selinux/hooks.c:selinux_set_mnt_opts()
between the labeled NFS patches and Eric's security_fs_use()
simplification patch.
security/selinux/hooks.c
Pull Eric's existing SELinux tree as there are a number of patches in
there that are not yet upstream. There was some minor fixup needed to
resolve a conflict in security/selinux/hooks.c:selinux_set_mnt_opts()
between the labeled NFS patches and Eric's security_fs_use()
simplification patch.
1 | 2 | |||
---|---|---|---|---|
include/linux/security.h | patch | | diff1 | | diff2 | | blob | history |
security/capability.c | patch | | diff1 | | diff2 | | blob | history |
security/security.c | patch | | diff1 | | diff2 | | blob | history |
security/selinux/hooks.c | patch | | diff1 | | diff2 | | blob | history |
security/selinux/include/security.h | patch | | diff1 | | diff2 | | blob | history |
security/selinux/ss/policydb.c | patch | | diff1 | | diff2 | | blob | history |
diff --cc include/linux/security.h
Simple merge
diff --cc security/capability.c
Simple merge
diff --cc security/security.c
Simple merge
diff --cc security/selinux/hooks.c
index c956390a9136b75a7fb8ed17ded49c69310b31cf,c156f5eb1aea26b7b4d8b281e32974563f281449..c09211a4d7da2b88398d702b87defb1f3a1d2f00
+++ b/security/selinux/hooks.c
if (strcmp(sb->s_type->name, "proc") == 0)
sbsec->flags |= SE_SBPROC;
- /* Determine the labeling behavior to use for this filesystem type. */
- rc = security_fs_use(sb);
- if (rc) {
- printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
- __func__, sb->s_type->name, rc);
- goto out;
+ if (!sbsec->behavior) {
+ /*
+ * Determine the labeling behavior to use for this
+ * filesystem type.
+ */
- rc = security_fs_use((sbsec->flags & SE_SBPROC) ?
- "proc" : sb->s_type->name,
- &sbsec->behavior, &sbsec->sid);
++ rc = security_fs_use(sb);
+ if (rc) {
+ printk(KERN_WARNING
+ "%s: security_fs_use(%s) returned %d\n",
+ __func__, sb->s_type->name, rc);
+ goto out;
+ }
}
-
/* sets the context of the superblock for the fs being mounted. */
if (fscontext_sid) {
rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
diff --cc security/selinux/include/security.h
index 8fd8e18ea34019c863d91ba88268b8c4018f3410,7aad3a1389d155d0f5f1bfc209264df5f0d9b0e9..fe341ae370049b39ac2012d665a64dd4dc9af198
#define SECURITY_FS_USE_GENFS 4 /* use the genfs support */
#define SECURITY_FS_USE_NONE 5 /* no labeling support */
#define SECURITY_FS_USE_MNTPOINT 6 /* use mountpoint labeling */
+#define SECURITY_FS_USE_NATIVE 7 /* use native label support */
+#define SECURITY_FS_USE_MAX 7 /* Highest SECURITY_FS_USE_XXX */
- int security_fs_use(const char *fstype, unsigned int *behavior,
- u32 *sid);
+ int security_fs_use(struct super_block *sb);
int security_genfs_sid(const char *fstype, char *name, u16 sclass,
u32 *sid);
diff --cc security/selinux/ss/policydb.c
Simple merge