linux-sg2042/security
Eric Paris b04ea3cebf [PATCH] Fix security check for joint context= and fscontext= mount options
After some discussion on the actual meaning of the filesystem class
security check in try context mount it was determined that the checks for
the context= mount options were not correct if fscontext mount option had
already been used.

When labeling the superblock we should be checking relabel_from and
relabel_to.  But if the superblock has already been labeled (with
fscontext) then context= is actually labeling the inodes, and so we should
be checking relabel_from and associate.  This patch fixes which checks are
called depending on the mount options.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Cc: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-07-14 21:53:55 -07:00
..
keys [PATCH] Keys: Allow in-kernel key requestor to pass auxiliary data to upcaller 2006-06-29 10:26:20 -07:00
selinux [PATCH] Fix security check for joint context= and fscontext= mount options 2006-07-14 21:53:55 -07:00
Kconfig [PATCH] keys: restrict contents of /proc/keys to Viewable keys 2006-06-26 09:58:18 -07:00
Makefile [PATCH] add securityfs for all LSMs to use 2005-07-08 18:48:41 -07:00
capability.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
commoncap.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
dummy.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial 2006-06-30 15:39:30 -07:00
inode.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
root_plug.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
seclvl.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
security.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00