mirrors/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2025-11-04 10:40:15 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

selinux: allow per-file labeling for cgroupfs

Browse source 
This patch allows genfscon per-file labeling for cgroupfs. For instance,
this allows to label the "release_agent" file within each
cgroup mount and limit writes to it.

Signed-off-by: Antonio Murdaca <amurdaca@redhat.com>
[PM: subject line and merge tweaks]
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Antonio Murdaca 2017-02-09 17:02:42 +01:00 committed by Paul Moore
parent 5d72801538
commit 901ef845fa
1 changed files with 3 additions and 1 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

4
security/selinux/hooks.c
View file

@ -815,7 +815,9 @@ static int selinux_set_mnt_opts(struct super_block *sb,
if (!strcmp(sb->s_type->name, "debugfs") ||
!strcmp(sb->s_type->name, "tracefs") ||
!strcmp(sb->s_type->name, "sysfs") ||
!strcmp(sb->s_type->name, "pstore"))
!strcmp(sb->s_type->name, "pstore") ||
!strcmp(sb->s_type->name, "cgroup") ||
!strcmp(sb->s_type->name, "cgroup2"))
sbsec->flags |= SE_SBGENFS;
if (!sbsec->behavior) {