summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2013-08-28 13:32:42 -0400
committerEric Paris <eparis@redhat.com>2013-08-28 14:45:21 -0400
commit0b4bdb3573a86a88c829b9e4ad702859eb923e7e (patch)
tree17494a87030cbb6678c1cb8c904f93ce79ce4b47
parent102aefdda4d8275ce7d7100bc16c88c74272b260 (diff)
downloadlinux-0b4bdb3573a86a88c829b9e4ad702859eb923e7e.tar.gz
linux-0b4bdb3573a86a88c829b9e4ad702859eb923e7e.tar.bz2
linux-0b4bdb3573a86a88c829b9e4ad702859eb923e7e.zip
Revert "SELinux: do not handle seclabel as a special flag"
This reverts commit 308ab70c465d97cf7e3168961dfd365535de21a6. It breaks my FC6 test box. /dev/pts is not mounted. dmesg says SELinux: mount invalid. Same superblock, different security settings for (dev devpts, type devpts) Cc: Peter Hurley <peter@hurleysoftware.com> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r--security/selinux/hooks.c3
-rw-r--r--security/selinux/include/security.h2
2 files changed, 4 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 0d4408debb45..c156f5eb1aea 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -504,6 +504,9 @@ static int selinux_get_mnt_opts(const struct super_block *sb,
opts->num_mnt_opts++;
tmp >>= 1;
}
+ /* Check if the Label support flag is set */
+ if (sbsec->flags & SBLABEL_MNT)
+ opts->num_mnt_opts++;
opts->mnt_opts = kcalloc(opts->num_mnt_opts, sizeof(char *), GFP_ATOMIC);
if (!opts->mnt_opts) {
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 004a2479880f..7aad3a1389d1 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -43,7 +43,7 @@
#endif
/* Mask for just the mount related flags */
-#define SE_MNTMASK 0x1f
+#define SE_MNTMASK 0x0f
/* Super block security struct flags for mount options */
/* BE CAREFUL, these need to be the low order bits for selinux_get_mnt_opts */
#define CONTEXT_MNT 0x01