On Fri, 2008-12-19 at 12:05 +1100, James Morris wrote:
> From: Stephen Smalley <s...@tycho.nsa.gov>
>
> Map all of these proc/ filesystem types to "proc" for the policy lookup at
> filesystem mount time.
>
> Signed-off-by: James Morris <jmor...@namei.org>
> ---
> security/selinux/hooks.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index d337748..470763a 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -672,7 +672,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
> sbsec->proc = 1;
>
> /* Determine the labeling behavior to use for this filesystem type. */
> - rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid);
> + rc = security_fs_use(sbsec->proc ? "proc" : sb->s_type->name,
> &sbsec->behavior, &sbsec->sid);
> if (rc) {
> printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
> __func__, sb->s_type->name, rc);
I'm not sure if you took the patches I sent out for condensing the
flags and adding a /proc/mount notification for label support but if you
did then your patches haven't been updated to use them. sbsec->proc
should no longer exist and instead it should be sbsec->flags &
SE_SBPROC.
Dave
------------------------------------------------------------------------------
_______________________________________________
E1000-devel mailing list
E1000-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/e1000-devel
