git://ftp.safe.ca / safe / jmp / linux-2.6 / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[PATCH] selinux: disable setxattr on mountpoint labeled filesystems
[safe/jmp/linux-2.6] / security / selinux / hooks.c
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 45c4149..fc77443 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1986,6 +1986,9 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
 
        inode_security_set_sid(inode, newsid);
 
+       if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT)
+               return -EOPNOTSUPP;
+
        if (name) {
                namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_KERNEL);
                if (!namep)
Full containers within linux kernel