Merge git://git.infradead.org/users/eparis/selinux
authorPaul Moore <pmoore@redhat.com>
Wed, 18 Sep 2013 17:52:20 +0000 (13:52 -0400)
committerPaul Moore <pmoore@redhat.com>
Wed, 18 Sep 2013 17:52:20 +0000 (13:52 -0400)
Conflicts:
security/selinux/hooks.c

Pull Eric's existing SELinux tree as there are a number of patches in
there that are not yet upstream.  There was some minor fixup needed to
resolve a conflict in security/selinux/hooks.c:selinux_set_mnt_opts()
between the labeled NFS patches and Eric's security_fs_use()
simplification patch.

1  2 
include/linux/security.h
security/capability.c
security/security.c
security/selinux/hooks.c
security/selinux/include/security.h
security/selinux/ss/policydb.c

Simple merge
Simple merge
Simple merge
index c956390a9136b75a7fb8ed17ded49c69310b31cf,c156f5eb1aea26b7b4d8b281e32974563f281449..c09211a4d7da2b88398d702b87defb1f3a1d2f00
@@@ -680,21 -708,14 +718,19 @@@ static int selinux_set_mnt_opts(struct 
        if (strcmp(sb->s_type->name, "proc") == 0)
                sbsec->flags |= SE_SBPROC;
  
 -      /* Determine the labeling behavior to use for this filesystem type. */
 -      rc = security_fs_use(sb);
 -      if (rc) {
 -              printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
 -                     __func__, sb->s_type->name, rc);
 -              goto out;
 +      if (!sbsec->behavior) {
 +              /*
 +               * Determine the labeling behavior to use for this
 +               * filesystem type.
 +               */
-               rc = security_fs_use((sbsec->flags & SE_SBPROC) ?
-                                       "proc" : sb->s_type->name,
-                                       &sbsec->behavior, &sbsec->sid);
++              rc = security_fs_use(sb);
 +              if (rc) {
 +                      printk(KERN_WARNING
 +                              "%s: security_fs_use(%s) returned %d\n",
 +                                      __func__, sb->s_type->name, rc);
 +                      goto out;
 +              }
        }
 -
        /* sets the context of the superblock for the fs being mounted. */
        if (fscontext_sid) {
                rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
index 8fd8e18ea34019c863d91ba88268b8c4018f3410,7aad3a1389d155d0f5f1bfc209264df5f0d9b0e9..fe341ae370049b39ac2012d665a64dd4dc9af198
@@@ -169,11 -173,8 +173,10 @@@ int security_get_allow_unknown(void)
  #define SECURITY_FS_USE_GENFS         4 /* use the genfs support */
  #define SECURITY_FS_USE_NONE          5 /* no labeling support */
  #define SECURITY_FS_USE_MNTPOINT      6 /* use mountpoint labeling */
 +#define SECURITY_FS_USE_NATIVE                7 /* use native label support */
 +#define SECURITY_FS_USE_MAX           7 /* Highest SECURITY_FS_USE_XXX */
  
- int security_fs_use(const char *fstype, unsigned int *behavior,
-       u32 *sid);
+ int security_fs_use(struct super_block *sb);
  
  int security_genfs_sid(const char *fstype, char *name, u16 sclass,
        u32 *sid);
Simple merge