Support multiple selinuxfs instances, one per selinux namespace.
The expected usage would be to unshare the SELinux namespace and
the mount namespace, and then mount a new selinuxfs instance. The
new instance would then provide an interface for viewing and manipulating
the state of the new SELinux namespace and would not affect the parent
namespace in any manner.
This change by itself should have no effect on SELinux behavior or
APIs (userspace or LSM).
Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
---
security/selinux/selinuxfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 3873946f4dd8..a69381f94d37 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -2006,7 +2006,7 @@ static int sel_fill_super(struct super_block *sb, struct fs_context *fc)
static int sel_get_tree(struct fs_context *fc)
{
- return get_tree_single(fc, sel_fill_super);
+ return get_tree_keyed(fc, sel_fill_super, current_selinux_ns);
}
static const struct fs_context_operations sel_context_ops = {
--
2.21.0
