These patches address the issues encountered in the recent discussion: "[E1000-devel] networking probs in next-20081203" <https://kerneltrap.org/mailarchive/linux-netdev/2008/12/4/4315684/thread>
where making proc/net into its own filesystem to be mounted on a per-namespace basis caused SELinux labeling to stop working. The solution is to first ensure that the filesystem is correctly labeled, and then to also allow filesystems being mounted by the kernel to bypass SELinux permission checks (these operations should always be allowed). The mount flags are now passed to security_sb_kern_mount(), so that the security module can check whether MS_KERNMOUNT is set. Please review and ack if ok. These patches are against git://git.kernel.org/pub/scm/linux/kernel/git/adobriyan/proc.git#proc-wip -- James Morris <jmor...@namei.org> ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ E1000-devel mailing list E1000-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/e1000-devel