On Wed, Feb 2, 2022 at 7:55 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
>
> Commit b8b87fd954b4 ("selinux: Fix selinux_sb_mnt_opts_compat()")
> started to parse mount options into SIDs in selinux_add_opt() if policy
> has already been loaded. Since it's extremely unlikely that anyone would
> depend on the ability to set SELinux contexts on fs_context before
> loading the policy and then mounting that context after simplify the
> logic by always parsing the options early.
>
> Note that the multi-step mounting is only possible with the new
> fscontext mount API and wasn't possible before its introduction.
>
> Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
> ---
> security/selinux/hooks.c | 202 ++++++++++-----------------------------
> 1 file changed, 53 insertions(+), 149 deletions(-)
Merged into selinux/next, thanks.
Please keep an eye on line length in the future; I understand it is
considered poor form to split long error messages, but some of the
messages in this patch are unnecessarily long and wordy. You may have
inherited some of those messages from the current code, but that
doesn't mean you can't make them more concise.
--
paul-moore.com
