static int superblock_alloc_security(struct super_block *sb)
{
...
sbsec->def_sid = SECINITSID_FILE;
static int inode_alloc_security(struct inode *inode)
{
struct inode_security_struct *isec;
...
isec->sid = SECINITSID_UNLABELED;
static int inode_doinit_with_dentry(struct inode *inode, struct dentry
*opt_dentry)
{
...
if (rc != -ENODATA) {
sid = sbsec->def_sid;
...
if (rc) {
...
/* Leave with the unlabeled SID */
rc = 0;
break;
So there you have it...
I believe we need a new initial sid. SECINITSID_INVALID_LABEL....
On Thu, Jan 9, 2014 at 5:54 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> On Thursday, January 09, 2014 11:21:24 PM Dominick Grift wrote:
>> Then leave the unlabeled isid for netlabel ( i think netlabel also uses
>> the unlabeled isid )
>
> While NetLabel uses the unlabeled initial sid, there are plenty of other
> places where it is used, the most obvious being almost all the initial object
> allocation functions in the kernel. Were going to need to keep the unlabeled
> initial sid as "unlabeled_t" or similar for the foreseeable future.
>
> --
> paul moore
> www.paul-moore.com
>
> _______________________________________________
> Selinux mailing list
> Selinux@xxxxxxxxxxxxx
> To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
> To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
