Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> > + if ((sbsec->flags & SE_SBINITIALIZED) &&
> > + (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {
> > + *_new_isid = sbsec->mntpoint_sid;
> > + } else if (tsec->create_sid) {
>
> This doesn't quite match the logic in inode_init_security today, see its
> checking of SBLABEL_MNT.
Fair point. What does SBLABEL_MNT mean precisely? It seems to indicate one
of an odd mix of behaviours. I presume it means that we *have* to calculate a
label and can't get one from the underlying fs if it is not set.
Also, in:
sbsec->flags |= SE_SBINITIALIZED;
if (selinux_is_sblabel_mnt(sb))
sbsec->flags |= SBLABEL_MNT;
should SE_SBINITIALIZED be set after SBLABEL_MNT? And should there be a
memory barrier in here somewhere before the setting of SE_SBINITIALIZED?
David
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
