summaryrefslogtreecommitdiff
path: root/scripts/namespace.pl
diff options
context:
space:
mode:
authorOndrej Mosnacek <omosnace@redhat.com>2019-02-22 15:57:14 +0100
committerPaul Moore <paul@paul-moore.com>2019-03-20 21:53:04 -0400
commitb754026bd98e644f9337224ffd4201e02dfe1c43 (patch)
tree28bcd384136745922f26e5cfed3b1511d2461f9a /scripts/namespace.pl
parentd0c9c153b4bd6963c8fcccbc0caa12e8fa8d971d (diff)
selinux: try security xattr after genfs for kernfs filesystems
Since kernfs supports the security xattr handlers, we can simply use these to determine the inode's context, dropping the need to update it from kernfs explicitly using a security_inode_notifysecctx() call. We achieve this by setting a new sbsec flag SE_SBGENFS_XATTR to all mounts that are known to use kernfs under the hood and then fetching the xattrs after determining the fallback genfs sid in inode_doinit_with_dentry() when this flag is set. This will allow implementing full security xattr support in kernfs and removing the ...notifysecctx() call in a subsequent patch. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Casey Schaufler <casey@schaufler-ca.com> [PM: more manual merge fixups] Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'scripts/namespace.pl')
0 files changed, 0 insertions, 0 deletions