diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2005-11-09 00:34:33 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-11-09 10:55:51 -0500 |
commit | 25a74f3ba8efb394e9a30d6de37566bf03fd3de8 (patch) | |
tree | 8fbe98b01a13946c02a56ab7bab2c4ed077aee3f | |
parent | e517a0cd859ae0c4d9451107113fc2b076456f8f (diff) |
[PATCH] selinux: disable setxattr on mountpoint labeled filesystems
This patch disables the setting of SELinux xattrs on files created in
filesystems labeled via mountpoint labeling (mounted with the context=
option). selinux_inode_setxattr already prevents explicit setxattr from
userspace on such filesystems, so this provides consistent behavior for
file creation.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | security/selinux/hooks.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 45c41490d521..fc774436a264 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -1986,6 +1986,9 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | |||
1986 | 1986 | ||
1987 | inode_security_set_sid(inode, newsid); | 1987 | inode_security_set_sid(inode, newsid); |
1988 | 1988 | ||
1989 | if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT) | ||
1990 | return -EOPNOTSUPP; | ||
1991 | |||
1989 | if (name) { | 1992 | if (name) { |
1990 | namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_KERNEL); | 1993 | namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_KERNEL); |
1991 | if (!namep) | 1994 | if (!namep) |