@@ -716,7 +716,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
*/
if (!strncmp(sb->s_type->name, "rootfs",
sizeof("rootfs")))
- sbsec->flags |= SBLABEL_MNT;
+ sbsec->flags |= SBLABEL_MNT|DELAYAFTERINIT_MNT;
/* Defer initialization until selinux_complete_init,
after the initial policy is loaded and the security
@@ -3253,6 +3253,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
{
struct inode *inode = d_backing_inode(dentry);
struct inode_security_struct *isec;
+ struct superblock_security_struct *sbsec;
u32 newsid;
int rc;
@@ -3261,6 +3262,12 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
return;
}
+ if (!ss_initialized) {
+ sbsec = inode->i_sb->s_security;
+ if (sbsec->flags & DELAYAFTERINIT_MNT)
+ return;
+ }
+
rc = security_context_to_sid_force(value, size, &newsid);
if (rc) {
printk(KERN_ERR "SELinux: unable to map context to SID"
@@ -52,6 +52,7 @@
#define ROOTCONTEXT_MNT 0x04
#define DEFCONTEXT_MNT 0x08
#define SBLABEL_MNT 0x10
+#define DELAYAFTERINIT_MNT 0x20
/* Non-mount related flags */
#define SE_SBINITIALIZED 0x0100
#define SE_SBPROC 0x0200