]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4f19dc3) | patch
selinux: enable genfscon labeling for securityfs
authorChristian Göttsche <cgzones@googlemail.com>
Tue, 28 Sep 2021 15:39:31 +0000 (17:39 +0200)
committerPaul Moore <paul@paul-moore.com>
Tue, 28 Sep 2021 22:49:03 +0000 (18:49 -0400)
commit0f44f86417f4edfd84e25c735abf0a3979f96371
tree22a465b0c1c93c2bb0a552e08526630d00d3232btree | snapshot
parent4f19dc3bf25441c015204c917ba37679cbae5837commit | diff
selinux: enable genfscon labeling for securityfs

Add support for genfscon per-file labeling of securityfs files.
This allows for separate labels and thereby access control for
different files. For example a genfscon statement

    genfscon securityfs /integrity/ima/policy \
system_u:object_r:ima_policy_t:s0

will set a private label to the IMA policy file and thus allow to
control the ability to set the IMA policy. Setting labels directly
with setxattr(2), e.g. by chcon(1) or setfiles(8), is still not
supported.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
[PM: line width fixes in the commit description]
Signed-off-by: Paul Moore <paul@paul-moore.com>
security/selinux/hooks.c diff | blob | history
Linux Kernel Source Tree.