SELinux: correctly detect proc filesystems of the form "proc/foo"
authorStephen Smalley <sds@tycho.nsa.gov>
Fri, 5 Dec 2008 14:12:19 +0000 (09:12 -0500)
committerJames Morris <jmorris@namei.org>
Fri, 19 Dec 2008 22:01:03 +0000 (09:01 +1100)
Map all of these proc/ filesystem types to "proc" for the policy lookup at
filesystem mount time.

Signed-off-by: James Morris <jmorris@namei.org>
security/selinux/hooks.c

index 520f82ab3fbfbea2fc136af8f881bf41420c990a..8dbc54cde59e69e40d01a4baf655ce1c10f8d3d5 100644 (file)
@@ -702,7 +702,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
                sbsec->proc = 1;
 
        /* Determine the labeling behavior to use for this filesystem type. */
-       rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid);
+       rc = security_fs_use(sbsec->proc ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);
        if (rc) {
                printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
                       __func__, sb->s_type->name, rc);