On 2/7/20 1:01 PM, Steven Moreland wrote:
From: Connor O'Brien <connoro@xxxxxxxxxx> Add support for genfscon per-file labeling of bpffs files. This allows for separate permissions for different pinned bpf objects, which may be completely unrelated to each other. Signed-off-by: Connor O'Brien <connoro@xxxxxxxxxx> Signed-off-by: Steven Moreland <smoreland@xxxxxxxxxx>
Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
--- security/selinux/hooks.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index d9e8b2131a65..18f8cd47729c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -699,6 +699,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, if (!strcmp(sb->s_type->name, "debugfs") || !strcmp(sb->s_type->name, "tracefs") || !strcmp(sb->s_type->name, "binderfs") || + !strcmp(sb->s_type->name, "bpf") || !strcmp(sb->s_type->name, "pstore")) sbsec->flags |= SE_SBGENFS;
