[PATCH] Fix security check for joint context= and fscontext= mount options
authorEric Paris <eparis@parisplace.org>
Fri, 14 Jul 2006 07:24:33 +0000 (00:24 -0700)
committerLinus Torvalds <torvalds@g5.osdl.org>
Sat, 15 Jul 2006 04:53:55 +0000 (21:53 -0700)
commitb04ea3cebf79d6808632808072f276dbc98aaf01
tree7620a01477510d9e4ae042baab17bce103b59185
parent517e7aa5b022f9dc486639c7689666663daee24f
[PATCH] Fix security check for joint context= and fscontext= mount options

After some discussion on the actual meaning of the filesystem class
security check in try context mount it was determined that the checks for
the context= mount options were not correct if fscontext mount option had
already been used.

When labeling the superblock we should be checking relabel_from and
relabel_to.  But if the superblock has already been labeled (with
fscontext) then context= is actually labeling the inodes, and so we should
be checking relabel_from and associate.  This patch fixes which checks are
called depending on the mount options.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Cc: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
security/selinux/hooks.c