summaryrefslogtreecommitdiffstats
path: root/security/selinux/include
diff options
context:
space:
mode:
authorOndrej Mosnacek <omosnace@redhat.com>2019-02-22 15:57:14 +0100
committerPaul Moore <paul@paul-moore.com>2019-03-21 02:53:04 +0100
commitb754026bd98e644f9337224ffd4201e02dfe1c43 (patch)
tree28bcd384136745922f26e5cfed3b1511d2461f9a /security/selinux/include
parentkernfs: do not alloc iattrs in kernfs_xattr_get (diff)
downloadlinux-b754026bd98e644f9337224ffd4201e02dfe1c43.tar.xz
linux-b754026bd98e644f9337224ffd4201e02dfe1c43.zip
selinux: try security xattr after genfs for kernfs filesystems
Since kernfs supports the security xattr handlers, we can simply use these to determine the inode's context, dropping the need to update it from kernfs explicitly using a security_inode_notifysecctx() call. We achieve this by setting a new sbsec flag SE_SBGENFS_XATTR to all mounts that are known to use kernfs under the hood and then fetching the xattrs after determining the fallback genfs sid in inode_doinit_with_dentry() when this flag is set. This will allow implementing full security xattr support in kernfs and removing the ...notifysecctx() call in a subsequent patch. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Casey Schaufler <casey@schaufler-ca.com> [PM: more manual merge fixups] Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/include')
-rw-r--r--security/selinux/include/security.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index b5b7c5aade8c..111121281c47 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -58,6 +58,7 @@
#define SE_SBINITIALIZED 0x0100
#define SE_SBPROC 0x0200
#define SE_SBGENFS 0x0400
+#define SE_SBGENFS_XATTR 0x0800
#define CONTEXT_STR "context"
#define FSCONTEXT_STR "fscontext"