mount: add rootcontext= SELinux mount option

Note, the description in the mount.8 man page is copy & paste from
rootcontext= kernel patch (by James Morris). I didn't found anything
more useful... (patches welcomed:-)

Signed-off-by: Karel Zak <kzak@redhat.com>

diff --git a/mount/mount.8 b/mount/mount.8
index 8905599ee22e2507477a7832d4c5eca0af251375..50655f0bed089f21490419143bf706e7fa656c6a 100644 (file)
--- a/mount/mount.8
+++ b/mount/mount.8
@@ -678,7 +678,7 @@ Can only be mounted explicitly (i.e., the
 .B \-a
 option will not cause the file system to be mounted).
 .TP
-\fBcontext=\fP\fIcontext\fP, \fBfscontext=\fP\fIcontext\fP and \fBdefcontext=\fP\fIcontext\fP
+\fBcontext=\fP\fIcontext\fP, \fBfscontext=\fP\fIcontext\fP, \fBdefcontext=\fP\fIcontext\fP and \fBrootcontext=\fP\fIcontext\fP
 The
 .BR context=
 option is useful when mounting filesystems that do not support
@@ -719,6 +719,12 @@ You can set the default security context for unlabeled files using
 option. This overrides the value set for unlabeled files in the policy and requires a
 file system that supports xattr labeling.
 
+The
+.BR rootcontext=
+option allows you to explicitly label the root inode of a FS being mounted
+before that FS or inode because visable to userspace. This was found to be
+useful for things like stateless linux.
+
 For more details, see
 .BR selinux (8)
 

diff --git a/mount/mount.c b/mount/mount.c
index e70121cccf9513ba69311fdc31c3ef308caad7ba..f92b23cbaffe1d3cbb7902b37d1b2e59c894ac92 100644 (file)
--- a/mount/mount.c
+++ b/mount/mount.c
@@ -422,6 +422,10 @@ parse_opt(char *opt, int *mask, char **extra_opts) {
                if (append_context("defcontext=", opt+11, extra_opts) == 0)
                        return;
        }
+       if (strncmp(opt, "rootcontext=", 12) == 0 && *(opt+12)) {
+               if (append_context("rootcontext=", opt+12, extra_opts) == 0)
+                       return;
+       }
 #endif
        *extra_opts = append_opt(*extra_opts, opt, NULL);
 }