git.kernel.dk Git - linux-2.6-block.git/commit

author	Christian Göttsche <cgzones@googlemail.com>
	Tue, 28 Jan 2020 19:16:48 +0000 (20:16 +0100)
committer	Paul Moore <paul@paul-moore.com>
	Mon, 10 Feb 2020 15:49:01 +0000 (10:49 -0500)
commit	7470d0d13fb680bb82b40f18831f7d4ee7a4bb62
tree	d39d3d44ae8407d80d2751b83ee6680d7dc4f45c	tree \| snapshot
parent	06c2efe2cf3aa70abbdf97e88641abca2e707a15	commit \| diff

selinux: allow kernfs symlinks to inherit parent directory context

Currently symlinks on kernel filesystems, like sysfs, are labeled on
creation with the parent filesystem root sid.

Allow symlinks to inherit the parent directory context, so fine-grained
kernfs labeling can be applied to symlinks too and checking contexts
doesn't complain about them.

For backward-compatibility this behavior is contained in a new policy
capability: genfs_seclabel_symlinks

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>

security/selinux/hooks.c		diff \| blob \| blame \| history
security/selinux/include/security.h		diff \| blob \| blame \| history
security/selinux/ss/services.c		diff \| blob \| blame \| history