git://ftp.safe.ca / safe / jmp / linux-2.6 / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 006ebb4) | patch
SELinux: enable processes with mac_admin to get the raw inode contexts
authorStephen Smalley <sds@tycho.nsa.gov>
Wed, 21 May 2008 18:16:12 +0000 (14:16 -0400)
committerJames Morris <jmorris@namei.org>
Mon, 14 Jul 2008 05:01:52 +0000 (15:01 +1000)
commitabc69bb633931bf54c6db798bcdc6fd1e0284742
tree711aaf6c5e1d8bdd57138e8baf3a369ed832602dtree | snapshot
parent006ebb40d3d65338bd74abb03b945f8d60e362bdcommit | diff
SELinux: enable processes with mac_admin to get the raw inode contexts

Enable processes with CAP_MAC_ADMIN + mac_admin permission in policy
to get undefined contexts on inodes.  This extends the support for
deferred mapping of security contexts in order to permit restorecon
and similar programs to see the raw file contexts unknown to the
system policy in order to check them.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
security/selinux/hooks.c diff | blob | history
Full containers within linux kernel