selinux: Add support for unprivileged mounts from user namespaces - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Seth Forshee <[email protected]>	2016-04-26 14:36:20 -0500
committer	Eric W. Biederman <[email protected]>	2016-06-24 11:02:54 -0500
commit	aad82892af261b9903cc11c55be3ecf5f0b0b4f8 (patch)
tree	63dd314cee5d53b1c17e002d2be94dfff3f23289 /tools/perf/scripts/python/stackcollapse.py
parent	809c02e091a8272bc8586a5d606565bc900f3467 (diff)

selinux: Add support for unprivileged mounts from user namespaces

Security labels from unprivileged mounts in user namespaces must be ignored. Force superblocks from user namespaces whose labeling behavior is to use xattrs to use mountpoint labeling instead. For the mountpoint label, default to converting the current task context into a form suitable for file objects, but also allow the policy writer to specify a different label through policy transition rules. Pieced together from code snippets provided by Stephen Smalley. Signed-off-by: Seth Forshee <[email protected]> Acked-by: Stephen Smalley <[email protected]> Acked-by: James Morris <[email protected]> Signed-off-by: Eric W. Biederman <[email protected]>

Diffstat (limited to 'tools/perf/scripts/python/stackcollapse.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: