On 12/06/2016 01:27 PM, william.c.roberts@xxxxxxxxx wrote: > From: Yongqin Liu <yongqin.liu@xxxxxxxxxx> > > Since kernel 4.1 ftrace is supported as a new separate filesystem. It > gets automatically mounted by the kernel under the old path > /sys/kernel/debug/tracing. Because it lives now on a separate filesystem > SELinux needs to be updated to also support setting SELinux labels > on tracefs inodes. This is required for compatibility in Android > when moving to Linux 4.1 or newer. > > Signed-off-by: Yongqin Liu <yongqin.liu@xxxxxxxxxx> > Signed-off-by: William Roberts <william.c.roberts@xxxxxxxxx> Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx> I'm ok with this under the view that it is needed for compatibility and the general purpose solution may take some time to implement and then will further require updated policy toolchain and policy. Of course, it would be nice to start that sooner rather than later... > --- > security/selinux/hooks.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 09fd610..24bd84d 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -491,6 +491,7 @@ static int selinux_is_sblabel_mnt(struct super_block *sb) > !strcmp(sb->s_type->name, "sysfs") || > !strcmp(sb->s_type->name, "pstore") || > !strcmp(sb->s_type->name, "debugfs") || > + !strcmp(sb->s_type->name, "tracefs") || > !strcmp(sb->s_type->name, "rootfs"); > } > > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
