From: Paul Moore Date: Wed, 18 Sep 2013 17:52:20 +0000 (-0400) Subject: Merge git://git.infradead.org/users/eparis/selinux X-Git-Tag: v3.13-rc4~6^2^2~9 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=98f700f317967d45cf60c9843b3c42ce3c286f7c;p=kernel%2Fkernel-generic.git Merge git://git.infradead.org/users/eparis/selinux Conflicts: security/selinux/hooks.c Pull Eric's existing SELinux tree as there are a number of patches in there that are not yet upstream. There was some minor fixup needed to resolve a conflict in security/selinux/hooks.c:selinux_set_mnt_opts() between the labeled NFS patches and Eric's security_fs_use() simplification patch. --- 98f700f317967d45cf60c9843b3c42ce3c286f7c diff --cc security/selinux/hooks.c index c956390,c156f5e..c09211a --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@@ -680,21 -708,14 +718,19 @@@ static int selinux_set_mnt_opts(struct if (strcmp(sb->s_type->name, "proc") == 0) sbsec->flags |= SE_SBPROC; - /* Determine the labeling behavior to use for this filesystem type. */ - rc = security_fs_use(sb); - if (rc) { - printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n", - __func__, sb->s_type->name, rc); - goto out; + if (!sbsec->behavior) { + /* + * Determine the labeling behavior to use for this + * filesystem type. + */ - rc = security_fs_use((sbsec->flags & SE_SBPROC) ? - "proc" : sb->s_type->name, - &sbsec->behavior, &sbsec->sid); ++ rc = security_fs_use(sb); + if (rc) { + printk(KERN_WARNING + "%s: security_fs_use(%s) returned %d\n", + __func__, sb->s_type->name, rc); + goto out; + } } - /* sets the context of the superblock for the fs being mounted. */ if (fscontext_sid) { rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred); diff --cc security/selinux/include/security.h index 8fd8e18,7aad3a1..fe341ae --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@@ -169,11 -173,8 +173,10 @@@ int security_get_allow_unknown(void) #define SECURITY_FS_USE_GENFS 4 /* use the genfs support */ #define SECURITY_FS_USE_NONE 5 /* no labeling support */ #define SECURITY_FS_USE_MNTPOINT 6 /* use mountpoint labeling */ +#define SECURITY_FS_USE_NATIVE 7 /* use native label support */ +#define SECURITY_FS_USE_MAX 7 /* Highest SECURITY_FS_USE_XXX */ - int security_fs_use(const char *fstype, unsigned int *behavior, - u32 *sid); + int security_fs_use(struct super_block *sb); int security_genfs_sid(const char *fstype, char *name, u16 sclass, u32 *sid);