Gitweb:     http://git.kernel.org/linus/cd89596f0ccfa3ccb8a81ce47782231cf7ea7296
Commit:     cd89596f0ccfa3ccb8a81ce47782231cf7ea7296
Parent:     11689d47f0957121920c9ec646eb5d838755853a
Author:     David P. Quigley <dpquigl@tycho.nsa.gov>
AuthorDate: Fri Jan 16 09:22:04 2009 -0500
Committer:  James Morris <jmorris@macbook.localdomain>
CommitDate: Mon Jan 19 09:47:14 2009 +1100

    SELinux: Unify context mount and genfs behavior
    
    Context mounts and genfs labeled file systems behave differently with respect to
    setting file system labels. This patch brings genfs labeled file systems in line
    with context mounts in that setxattr calls to them should return EOPNOTSUPP and
    fscreate calls will be ignored.
    
    Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov>
    Acked-by: Eric Paris <eparis@redhat.com>
    Signed-off-by: James Morris <jmorris@macbook.localdomain>
---
 security/selinux/hooks.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 1a9768a..3bb4942 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1613,7 +1613,7 @@ static int may_create(struct inode *dir,
 	if (rc)
 		return rc;
 
-	if (!newsid || sbsec->behavior == SECURITY_FS_USE_MNTPOINT) {
+	if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
 		rc = security_transition_sid(sid, dsec->sid, tclass, &newsid);
 		if (rc)
 			return rc;
@@ -2597,7 +2597,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
 	sid = tsec->sid;
 	newsid = tsec->create_sid;
 
-	if (!newsid || sbsec->behavior == SECURITY_FS_USE_MNTPOINT) {
+	if (!newsid || !(sbsec->flags & SE_SBLABELSUPP)) {
 		rc = security_transition_sid(sid, dsec->sid,
 					     inode_mode_to_security_class(inode->i_mode),
 					     &newsid);
@@ -2619,7 +2619,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
 		isec->initialized = 1;
 	}
 
-	if (!ss_initialized || sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
+	if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP))
 		return -EOPNOTSUPP;
 
 	if (name) {
@@ -2796,7 +2796,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
 		return selinux_inode_setotherxattr(dentry, name);
 
 	sbsec = inode->i_sb->s_security;
-	if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
+	if (!(sbsec->flags & SE_SBLABELSUPP))
 		return -EOPNOTSUPP;
 
 	if (!is_owner_or_cap(inode))
--
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html