Re: [PATCH v3] security: selinux: allow per-file labeling for bpffs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2/7/20 1:01 PM, Steven Moreland wrote:
From: Connor O'Brien <connoro@xxxxxxxxxx>

Add support for genfscon per-file labeling of bpffs files. This allows
for separate permissions for different pinned bpf objects, which may
be completely unrelated to each other.

Signed-off-by: Connor O'Brien <connoro@xxxxxxxxxx>
Signed-off-by: Steven Moreland <smoreland@xxxxxxxxxx>

Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>

---
  security/selinux/hooks.c | 1 +
  1 file changed, 1 insertion(+)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d9e8b2131a65..18f8cd47729c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -699,6 +699,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
  	if (!strcmp(sb->s_type->name, "debugfs") ||
  	    !strcmp(sb->s_type->name, "tracefs") ||
  	    !strcmp(sb->s_type->name, "binderfs") ||
+	    !strcmp(sb->s_type->name, "bpf") ||
  	    !strcmp(sb->s_type->name, "pstore"))
  		sbsec->flags |= SE_SBGENFS;




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux