On 12/06/2016 01:19 PM, william.c.roberts@xxxxxxxxx wrote:
> From: Yongqin Liu <yongqin.liu@xxxxxxxxxx>
>
> Support setting the security.selinux xattr from userspace
> for tracefs. This is required for restorecon/setcon
> functionality.
Drop "setcon" (not to be confused with setfilecon, but unimportant
regardless). Maybe add a note along these lines based on the
corresponding policy commit in Android:
Since kernel 4.1 ftrace is supported as a new separate filesystem. It
gets automatically mounted by the kernel under the old path
/sys/kernel/debug/tracing. Because it lives now on a separate filesystem
SELinux needs to be updated to also support setting SELinux labels
on tracefs inodes. This is required for compatibility in Android
when moving to Linux 4.1 or newer.
>
> Signed-off-by: Yongqin Liu <yongqin.liu@xxxxxxxxxx>
> Signed-off-by: William Roberts <william.c.roberts@xxxxxxxxx>
> ---
> security/selinux/hooks.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 09fd610..24bd84d 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -491,6 +491,7 @@ static int selinux_is_sblabel_mnt(struct super_block *sb)
> !strcmp(sb->s_type->name, "sysfs") ||
> !strcmp(sb->s_type->name, "pstore") ||
> !strcmp(sb->s_type->name, "debugfs") ||
> + !strcmp(sb->s_type->name, "tracefs") ||
> !strcmp(sb->s_type->name, "rootfs");
> }
>
>
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
