Before the current modifications, SELinux extended attributes were
visible inside the user namespace but changes in patch 1 hid them.
This patch enables security.selinux in user namespaces and allows
them to be written to in the same way as security.capability.
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>
---
fs/xattr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/xattr.c b/fs/xattr.c
index 045be85..37686ee 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -138,6 +138,7 @@ xattr_permission(struct inode *inode, const char *name, int mask)
*/
static const char *const userns_xattrs[] = {
XATTR_NAME_CAPS,
+ XATTR_NAME_SELINUX,
NULL
};
--
2.7.4
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/containers
