Proxmox-Port/linux-loongson
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson synced 2025-09-03 17:51:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

selinux: allow per-file labeling for cgroupfs

Browse Source 
This patch allows genfscon per-file labeling for cgroupfs. For instance,
this allows to label the "release_agent" file within each
cgroup mount and limit writes to it.

Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
[PM: subject line and merge tweaks]
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Antonio Murdaca 2017-02-09 17:02:42 +01:00 committed by Paul Moore
parent 5d72801538
commit 901ef845fa
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
security/selinux/hooks.c
View File

@ -815,7 +815,9 @@ static int selinux_set_mnt_opts(struct super_block *sb,
if (!strcmp(sb->s_type->name, "debugfs") || if (!strcmp(sb->s_type->name, "debugfs") ||
!strcmp(sb->s_type->name, "tracefs") || !strcmp(sb->s_type->name, "tracefs") ||
!strcmp(sb->s_type->name, "sysfs") || !strcmp(sb->s_type->name, "sysfs") ||
!strcmp(sb->s_type->name, "pstore")) !strcmp(sb->s_type->name, "pstore") ||
!strcmp(sb->s_type->name, "cgroup") ||
!strcmp(sb->s_type->name, "cgroup2"))
sbsec->flags |= SE_SBGENFS; sbsec->flags |= SE_SBGENFS;
if (!sbsec->behavior) { if (!sbsec->behavior) {