SELinux: use a helper function to determine seclabel
Use a helper to determine if a superblock should have the seclabel flag rather than doing it in the function. I'm going to use this in the security server as well. Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
parent
a64c54cf08
commit
b43e725d8d
|
@ -354,6 +354,29 @@ static int may_context_mount_inode_relabel(u32 sid,
|
|||
return rc;
|
||||
}
|
||||
|
||||
static int selinux_is_sblabel_mnt(struct super_block *sb)
|
||||
{
|
||||
struct superblock_security_struct *sbsec = sb->s_security;
|
||||
|
||||
if (sbsec->behavior == SECURITY_FS_USE_XATTR ||
|
||||
sbsec->behavior == SECURITY_FS_USE_TRANS ||
|
||||
sbsec->behavior == SECURITY_FS_USE_TASK)
|
||||
return 1;
|
||||
|
||||
/* Special handling for sysfs. Is genfs but also has setxattr handler*/
|
||||
if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
|
||||
return 1;
|
||||
|
||||
/*
|
||||
* Special handling for rootfs. Is genfs but supports
|
||||
* setting SELinux context on in-core inodes.
|
||||
*/
|
||||
if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0)
|
||||
return 1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int sb_finish_set_opts(struct super_block *sb)
|
||||
{
|
||||
struct superblock_security_struct *sbsec = sb->s_security;
|
||||
|
@ -396,20 +419,7 @@ static int sb_finish_set_opts(struct super_block *sb)
|
|||
labeling_behaviors[sbsec->behavior-1]);
|
||||
|
||||
sbsec->flags |= SE_SBINITIALIZED;
|
||||
if (sbsec->behavior == SECURITY_FS_USE_XATTR ||
|
||||
sbsec->behavior == SECURITY_FS_USE_TRANS ||
|
||||
sbsec->behavior == SECURITY_FS_USE_TASK)
|
||||
sbsec->flags |= SBLABEL_MNT;
|
||||
|
||||
/* Special handling for sysfs. Is genfs but also has setxattr handler*/
|
||||
if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
|
||||
sbsec->flags |= SBLABEL_MNT;
|
||||
|
||||
/*
|
||||
* Special handling for rootfs. Is genfs but supports
|
||||
* setting SELinux context on in-core inodes.
|
||||
*/
|
||||
if (strncmp(sb->s_type->name, "rootfs", sizeof("rootfs")) == 0)
|
||||
if (selinux_is_sblabel_mnt(sb))
|
||||
sbsec->flags |= SBLABEL_MNT;
|
||||
|
||||
/* Initialize the root inode. */
|
||||
|
|
Loading…
Reference in New Issue