Commit d99520c3 authored by James Morris's avatar James Morris Committed by Linus Torvalds

[PATCH] SELinux: allow all filesystems to specify fscreate mount option

The patch below allows all types of filesystems to specify the fscreate
mount option (which is used to specify the security context of the
filesystem itself).  This was previously only available for filesystems
with full xattr security labeling, but is also potentially required for
filesystems with e.g.  psuedo xattr labeling such as devpts and tmpfs.

An example of use is to specify at mount time the fs security context of a
tmpfs filesystem, overriding the default specified in policy for that
filesystem.

This patch has been in the Fedora kernel for some weeks with no problems.
Signed-off-by: default avatarJames Morris <jmorris@redhat.com>
Signed-off-by: default avatarStephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent dfca7b21
...@@ -387,13 +387,6 @@ static int try_context_mount(struct super_block *sb, void *data) ...@@ -387,13 +387,6 @@ static int try_context_mount(struct super_block *sb, void *data)
break; break;
case Opt_fscontext: case Opt_fscontext:
if (sbsec->behavior != SECURITY_FS_USE_XATTR) {
rc = -EINVAL;
printk(KERN_WARNING "SELinux: "
"fscontext option is invalid for"
" this filesystem type\n");
goto out_free;
}
if (seen & (Opt_context|Opt_fscontext)) { if (seen & (Opt_context|Opt_fscontext)) {
rc = -EINVAL; rc = -EINVAL;
printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment