On Wed, Sep 15, 2021 at 12:24 PM Christian Göttsche <cgzones@xxxxxxxxxxxxxx> wrote: > > Add support for genfscon per-file labeling of securityfs files. This allows > for separate labels and therby permissions for different files, e.g. > /sys/kernel/security/integrity/ima/policy. > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> > --- > security/selinux/hooks.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) Hi Christian, It would be nice if you could add some additional notes on how this was tested to the description above. > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 6517f221d52c..a18626424731 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -760,7 +760,8 @@ static int selinux_set_mnt_opts(struct super_block *sb, > !strcmp(sb->s_type->name, "tracefs") || > !strcmp(sb->s_type->name, "binder") || > !strcmp(sb->s_type->name, "bpf") || > - !strcmp(sb->s_type->name, "pstore")) > + !strcmp(sb->s_type->name, "pstore") || > + !strcmp(sb->s_type->name, "securityfs")) > sbsec->flags |= SE_SBGENFS; > > if (!strcmp(sb->s_type->name, "sysfs") || > -- > 2.33.0 -- paul moore www.paul-moore.com
