AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-02-27 01:54:07 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
102aefdda4
linux_dsm_epyc7002/security/selinux/ss
History
Anand Avati 102aefdda4 selinux: consider filesystem subtype in policies 
Not considering sub filesystem has the following limitation. Support
for SELinux in FUSE is dependent on the particular userspace
filesystem, which is identified by the subtype. For e.g, GlusterFS,
a FUSE based filesystem supports SELinux (by mounting and processing
FUSE requests in different threads, avoiding the mount time
deadlock), whereas other FUSE based filesystems (identified by a
different subtype) have the mount time deadlock.

By considering the subtype of the filesytem in the SELinux policies,
allows us to specify a filesystem subtype, in the following way:

fs_use_xattr fuse.glusterfs gen_context(system_u:object_r:fs_t,s0);

This way not all FUSE filesystems are put in the same bucket and
subjected to the limitations of the other subtypes.

Signed-off-by: Anand Avati <avati@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2013-08-28 14:44:52 -04:00
..
avtab.c
avtab.h
conditional.c
conditional.h
constraint.h
context.h
ebitmap.c SELinux: Reduce overhead of mls_level_isvalid() function call 2013-07-25 13:02:18 -04:00
ebitmap.h SELinux: Increase ebitmap_node size for 64-bit configuration 2013-07-25 13:02:31 -04:00
hashtab.c
hashtab.h
mls_types.h SELinux: Reduce overhead of mls_level_isvalid() function call 2013-07-25 13:02:18 -04:00
mls.c SELinux: Reduce overhead of mls_level_isvalid() function call 2013-07-25 13:02:18 -04:00
mls.h
policydb.c SELinux: fix selinuxfs policy file on big endian systems 2013-07-25 13:02:44 -04:00
policydb.h
services.c selinux: consider filesystem subtype in policies 2013-08-28 14:44:52 -04:00
services.h
sidtab.c
sidtab.h
status.c
symtab.c
symtab.h