These patches address the issues encountered in the recent discussion:

"[E1000-devel] networking probs in next-20081203"
<https://kerneltrap.org/mailarchive/linux-netdev/2008/12/4/4315684/thread>

where making proc/net into its own filesystem to be mounted on a 
per-namespace basis caused SELinux labeling to stop working.

The solution is to first ensure that the filesystem is correctly labeled, 
and then to also allow filesystems being mounted by the kernel to bypass 
SELinux permission checks (these operations should always be allowed).

The mount flags are now passed to security_sb_kern_mount(), so that the 
security module can check whether MS_KERNMOUNT is set.

Please review and ack if ok.

These patches are against 
git://git.kernel.org/pub/scm/linux/kernel/git/adobriyan/proc.git#proc-wip


-- 
James Morris
<jmor...@namei.org>

------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
E1000-devel mailing list
E1000-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/e1000-devel

Reply via email to