]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: badf28b) | patch
evm: labeling pseudo filesystems exception
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Tue, 21 Apr 2015 17:59:31 +0000 (13:59 -0400)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Thu, 21 May 2015 17:28:47 +0000 (13:28 -0400)
commita95869fdec17d193540dda6263a4a3d0d557aa10
tree5ef7ac633c626864273b091ffe6b180e5b92297ftree | snapshot
parentbadf28b426e585b07362a015b883c7426c194aabcommit | diff
evm: labeling pseudo filesystems exception

To prevent offline stripping of existing file xattrs and relabeling of
them at runtime, EVM allows only newly created files to be labeled.  As
pseudo filesystems are not persistent, stripping of xattrs is not a
concern.

Some LSMs defer file labeling on pseudo filesystems.  This patch
permits the labeling of existing files on pseudo files systems.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
security/integrity/evm/evm_main.c diff | blob | history
Linux Kernel Source Tree.