On 06/18/2015 12:33 PM, Alexey Kodanev wrote: > cgroup uses kernfs that has 'security.*' setxattr handler. But setxattr > with 'security.selinux' name returns EOPNOTSUPP, i.e. SBLABEL_MNT > not set on the cgroup filesystem. > > Fix it by adding 'cgroup' type to genfs special handling list. > > Signed-off-by: Alexey Kodanev <alexey.kodanev@xxxxxxxxxx> Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx> > --- > security/selinux/hooks.c | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 7dade28..91276c2 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -404,6 +404,7 @@ static int selinux_is_sblabel_mnt(struct super_block *sb) > sbsec->behavior == SECURITY_FS_USE_TRANS || > sbsec->behavior == SECURITY_FS_USE_TASK || > /* Special handling. Genfs but also in-core setxattr handler */ > + !strcmp(sb->s_type->name, "cgroup") || > !strcmp(sb->s_type->name, "sysfs") || > !strcmp(sb->s_type->name, "pstore") || > !strcmp(sb->s_type->name, "debugfs") || > -- To unsubscribe from this list: send the line "unsubscribe cgroups" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
