SELinux: correctly detect proc filesystems of the form "proc/foo"
Stephen Smalley [Fri, 5 Dec 2008 14:12:19 +0000 (09:12 -0500)]
Map all of these proc/ filesystem types to "proc" for the policy lookup at
filesystem mount time.

Signed-off-by: James Morris <jmorris@namei.org>

security/selinux/hooks.c

index 520f82a..8dbc54c 100644 (file)
@@ -702,7 +702,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
                sbsec->proc = 1;
 
        /* Determine the labeling behavior to use for this filesystem type. */
-       rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid);
+       rc = security_fs_use(sbsec->proc ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);
        if (rc) {
                printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
                       __func__, sb->s_type->name, rc);