| Message ID | 20200206211430.150615-1-smoreland@google.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [v2] security: selinux: allow per-file labeling for bpffs | expand |
On 2/6/20 4:14 PM, Steven Moreland wrote: > From: Connor O'Brien <connoro@google.com> > > Add support for genfscon per-file labeling of bpffs files. This allows > for separate permissions for different pinned bpf objects, which may > be completely unrelated to each other. > > Signed-off-by: Connor O'Brien <connoro@google.com> > Signed-off-by: Steven Moreland <smoreland@google.com> Is this relative to the next branch of the selinux git tree? Doesn't apply for me. > --- > security/selinux/hooks.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 116b4d644f68..d7b11188dc8d 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -750,7 +750,8 @@ static int selinux_set_mnt_opts(struct super_block *sb, > if (strcmp(sb->s_type->name, "proc") == 0) > sbsec->flags |= SE_SBPROC | SE_SBGENFS; > > - if (!strcmp(sb->s_type->name, "debugfs") || > + if (!strcmp(sb->s_type->name, "bpf") || > + !strcmp(sb->s_type->name, "debugfs") || > !strcmp(sb->s_type->name, "tracefs") || > !strcmp(sb->s_type->name, "pstore")) > sbsec->flags |= SE_SBGENFS; >
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 116b4d644f68..d7b11188dc8d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -750,7 +750,8 @@ static int selinux_set_mnt_opts(struct super_block *sb, if (strcmp(sb->s_type->name, "proc") == 0) sbsec->flags |= SE_SBPROC | SE_SBGENFS; - if (!strcmp(sb->s_type->name, "debugfs") || + if (!strcmp(sb->s_type->name, "bpf") || + !strcmp(sb->s_type->name, "debugfs") || !strcmp(sb->s_type->name, "tracefs") || !strcmp(sb->s_type->name, "pstore")) sbsec->flags |= SE_SBGENFS;