diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2013-05-10 10:16:19 -0400 |
---|---|---|
committer | Brett Rogers <brettrogers11@gmail.com> | 2015-11-07 23:25:35 -0800 |
commit | 193be18cdc2b9b06f359d14d42cdfd46f2afa773 (patch) | |
tree | 44069e0f25c01966c4c4542c03e8a9c5135194e0 /security | |
parent | dbcebd4c943ec1bf3af6ad2b0886aa4346831de2 (diff) | |
download | kernel_samsung_smdk4412-193be18cdc2b9b06f359d14d42cdfd46f2afa773.tar.gz kernel_samsung_smdk4412-193be18cdc2b9b06f359d14d42cdfd46f2afa773.tar.bz2 kernel_samsung_smdk4412-193be18cdc2b9b06f359d14d42cdfd46f2afa773.zip |
Enable setting security contexts on rootfs inodes.
rootfs (ramfs) can support setting of security contexts
by userspace due to the vfs fallback behavior of calling
the security module to set the in-core inode state
for security.* attributes when the filesystem does not
provide an xattr handler. No xattr handler required
as the inodes are pinned in memory and have no backing
store.
This is useful in allowing early userspace to label individual
files within a rootfs while still providing a policy-defined
default via genfs.
Change-Id: Ia7116e0a9100b9a1957af548a78e8f0ab8087e32
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/hooks.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 49ddc59153a..71f949f0d00 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -407,6 +407,13 @@ static int sb_finish_set_opts(struct super_block *sb) if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0) sbsec->flags |= SE_SBLABELSUPP; + /* + * Special handling for rootfs. Is genfs but supports + * setting SELinux context on in-core inodes. + */ + if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0) + sbsec->flags |= SE_SBLABELSUPP; + /* Initialize the root inode. */ rc = inode_doinit_with_dentry(root_inode, root); |