|
|
@@ -354,6 +354,29 @@ static int may_context_mount_inode_relabel(u32 sid,
|
|
|
return rc;
|
|
|
}
|
|
|
|
|
|
+static int selinux_is_sblabel_mnt(struct super_block *sb)
|
|
|
+{
|
|
|
+ struct superblock_security_struct *sbsec = sb->s_security;
|
|
|
+
|
|
|
+ if (sbsec->behavior == SECURITY_FS_USE_XATTR ||
|
|
|
+ sbsec->behavior == SECURITY_FS_USE_TRANS ||
|
|
|
+ sbsec->behavior == SECURITY_FS_USE_TASK)
|
|
|
+ return 1;
|
|
|
+
|
|
|
+ /* Special handling for sysfs. Is genfs but also has setxattr handler*/
|
|
|
+ if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
|
|
|
+ return 1;
|
|
|
+
|
|
|
+ /*
|
|
|
+ * Special handling for rootfs. Is genfs but supports
|
|
|
+ * setting SELinux context on in-core inodes.
|
|
|
+ */
|
|
|
+ if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0)
|
|
|
+ return 1;
|
|
|
+
|
|
|
+ return 0;
|
|
|
+}
|
|
|
+
|
|
|
static int sb_finish_set_opts(struct super_block *sb)
|
|
|
{
|
|
|
struct superblock_security_struct *sbsec = sb->s_security;
|
|
|
@@ -396,20 +419,7 @@ static int sb_finish_set_opts(struct super_block *sb)
|
|
|
labeling_behaviors[sbsec->behavior-1]);
|
|
|
|
|
|
sbsec->flags |= SE_SBINITIALIZED;
|
|
|
- if (sbsec->behavior == SECURITY_FS_USE_XATTR ||
|
|
|
- sbsec->behavior == SECURITY_FS_USE_TRANS ||
|
|
|
- sbsec->behavior == SECURITY_FS_USE_TASK)
|
|
|
- sbsec->flags |= SBLABEL_MNT;
|
|
|
-
|
|
|
- /* Special handling for sysfs. Is genfs but also has setxattr handler*/
|
|
|
- if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
|
|
|
- sbsec->flags |= SBLABEL_MNT;
|
|
|
-
|
|
|
- /*
|
|
|
- * Special handling for rootfs. Is genfs but supports
|
|
|
- * setting SELinux context on in-core inodes.
|
|
|
- */
|
|
|
- if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0)
|
|
|
+ if (selinux_is_sblabel_mnt(sb))
|
|
|
sbsec->flags |= SBLABEL_MNT;
|
|
|
|
|
|
/* Initialize the root inode. */
|
Eric Paris