[PATCH] Fix security check for joint context= and fscontext= mount options
After some discussion on the actual meaning of the filesystem class security check in try context mount it was determined that the checks for the context= mount options were not correct if fscontext mount option had already been used. When labeling the superblock we should be checking relabel_from and relabel_to. But if the superblock has already been labeled (with fscontext) then context= is actually labeling the inodes, and so we should be checking relabel_from and associate. This patch fixes which checks are called depending on the mount options. Signed-off-by:Eric Paris <eparis@redhat.com> Acked-by:
Stephen Smalley <sds@tycho.nsa.gov> Acked-by:
James Morris <jmorris@namei.org> Cc: Chris Wright <chrisw@sous-sol.org> Signed-off-by:
Andrew Morton <akpm@osdl.org> Signed-off-by:
Linus Torvalds <torvalds@osdl.org>
Loading
Please register or sign in to comment
