1
linux/security/selinux
Eric Paris b04ea3cebf [PATCH] Fix security check for joint context= and fscontext= mount options
After some discussion on the actual meaning of the filesystem class
security check in try context mount it was determined that the checks for
the context= mount options were not correct if fscontext mount option had
already been used.

When labeling the superblock we should be checking relabel_from and
relabel_to.  But if the superblock has already been labeled (with
fscontext) then context= is actually labeling the inodes, and so we should
be checking relabel_from and associate.  This patch fixes which checks are
called depending on the mount options.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Cc: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-14 21:53:55 -07:00
..
include [PATCH] SELinux: decouple fscontext/context mount options 2006-07-10 13:24:13 -07:00
ss [PATCH] audit: support for object context filters 2006-07-01 05:44:19 -04:00
avc.c [PATCH] support for context based audit filtering 2006-05-01 06:06:24 -04:00
exports.c [SECMARK]: Add SELinux exports 2006-06-17 21:29:55 -07:00
hooks.c [PATCH] Fix security check for joint context= and fscontext= mount options 2006-07-14 21:53:55 -07:00
Kconfig [SECMARK]: Add new packet controls to SELinux 2006-06-17 21:30:05 -07:00
Makefile [PATCH] support for context based audit filtering 2006-05-01 06:06:24 -04:00
netif.c
netlink.c
nlmsgtab.c
selinuxfs.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
xfrm.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00