From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Fri, 5 Dec 2008 14:12:19 +0000 (-0500)
Subject: SELinux: correctly detect proc filesystems of the form "proc/foo"
X-Git-Tag: v2.6.29-rc1~577^2^2~3
X-Git-Url: http://ftp.safe.ca/?p=safe%2Fjmp%2Flinux-2.6;a=commitdiff_plain;h=459c19f524a9d89c65717a7d061d5f11ecf6bcb8

SELinux: correctly detect proc filesystems of the form "proc/foo"

Map all of these proc/ filesystem types to "proc" for the policy lookup at
filesystem mount time.

Signed-off-by: James Morris <jmorris@namei.org>
---

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 520f82a..8dbc54c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -702,7 +702,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
 		sbsec->proc = 1;
 
 	/* Determine the labeling behavior to use for this filesystem type. */
-	rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid);
+	rc = security_fs_use(sbsec->proc ? "proc" : sb->s_type->name, &sbsec->behavior, &sbsec->sid);
 	if (rc) {
 		printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
 		       __func__, sb->s_type->name, rc);