davidlt/kernel-ark
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4d546f8171
kernel-ark/security
History
Paul Moore 4d546f8171 selinux: revert 102aefdda4 
Revert "selinux: consider filesystem subtype in policies"

This reverts commit 102aefdda4.

Explanation from Eric Paris:

	SELinux policy can specify if it should use a filesystem's
	xattrs or not.  In current policy we have a specification that
	fuse should not use xattrs but fuse.glusterfs should use
	xattrs.  This patch has a bug in which non-glusterfs
	filesystems would match the rule saying fuse.glusterfs should
	use xattrs.  If both fuse and the particular filesystem in
	question are not written to handle xattr calls during the mount
	command, they will deadlock.

	I have fixed the bug to do proper matching, however I believe a
	revert is still the correct solution.  The reason I believe
	that is because the code still does not work.  The s_subtype is
	not set until after the SELinux hook which attempts to match on
	the ".gluster" portion of the rule.  So we cannot match on the
	rule in question.  The code is useless.

Signed-off-by: Paul Moore <pmoore@redhat.com>
2013-12-13 14:52:25 -05:00
..
apparmor apparmor: fix bad lock balance when introspecting policy 2013-10-16 11:54:01 +11:00
integrity xattr: Constify ->name member of "struct xattr". 2013-07-25 19:30:03 +10:00
keys aio: don't include aio.h in sched.h 2013-05-07 20:16:25 -07:00
selinux selinux: revert 102aefdda4 2013-12-13 14:52:25 -05:00
smack Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2013-09-07 14:34:07 -07:00
tomoyo Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
yama yama: Better permission check for ptraceme 2013-03-26 13:17:58 -07:00
capability.c Linux 3.12 2013-11-08 13:56:38 -05:00
commoncap.c capabilities: allow nice if we are privileged 2013-08-30 23:44:09 -07:00
device_cgroup.c cgroup: make css_for_each_descendant() and friends include the origin css in the iteration 2013-08-08 20:11:27 -04:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
Kconfig KEYS: Move the key config into security/keys/Kconfig 2012-05-11 10:56:56 +01:00
lsm_audit.c LSM: BUILD_BUG_ON if the common_audit_data union ever grows 2012-04-09 12:23:03 -04:00
Makefile security: Yama LSM 2012-02-10 09:18:52 +11:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c Linux 3.12 2013-11-08 13:56:38 -05:00