On 07/05/2013 02:58 PM, William Roberts wrote:
bind mount seems to not care about the context option
root@maguro:/data # touch
a
root@maguro:/data # touch b
root@maguro:/data # mount -obind,context=u:object_r:mqueue:s0 a b
root@maguro:/data # ls -Z a
-rw-rw-rw- root root u:object_r:system_data_file:s0 a
root@maguro:/data # ls -Z
b
-rw-rw-rw- root root u:object_r:system_data_file:s0 b
I was initially trying to bind mount stuff out of /proc and apply a
separate label to it, and it didn't work. Any idea on how to bind mount a
file, from /proc/<pid> (no xattr support) and provide a separate label for
the entity?
No, you can't do that. Each inode can only have a single security
context. And /proc/pid is special - those inodes are labeled via the
selinux_task_to_inode() hook function, called via
security_task_to_inode() from fs/proc/base.c.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
