cgroup uses kernfs that has 'security.*' setxattr handler. But setxattr with 'security.selinux' name returns EOPNOTSUPP, i.e. SBLABEL_MNT not set on the cgroup filesystem. Fix it by adding 'cgroup' type to genfs special handling list. Signed-off-by: Alexey Kodanev <alexey.kodanev@xxxxxxxxxx> --- security/selinux/hooks.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7dade28..91276c2 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -404,6 +404,7 @@ static int selinux_is_sblabel_mnt(struct super_block *sb) sbsec->behavior == SECURITY_FS_USE_TRANS || sbsec->behavior == SECURITY_FS_USE_TASK || /* Special handling. Genfs but also in-core setxattr handler */ + !strcmp(sb->s_type->name, "cgroup") || !strcmp(sb->s_type->name, "sysfs") || !strcmp(sb->s_type->name, "pstore") || !strcmp(sb->s_type->name, "debugfs") || -- 1.7.1 -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
