From: Karel Zak <kzak@redhat.com>
Date: Mon, 22 Dec 2008 17:46:45 +0000 (+0100)
Subject: mount: add rootcontext= SELinux mount option
X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b80d3b31df01ad5e4b4ecb9613fe1474ce3147ca;p=util-linux

mount: add rootcontext= SELinux mount option

Note, the description in the mount.8 man page is copy & paste from
rootcontext= kernel patch (by James Morris). I didn't found anything
more useful... (patches welcomed:-)

Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/mount/mount.8 b/mount/mount.8
index 8905599e..50655f0b 100644
--- a/mount/mount.8
+++ b/mount/mount.8
@@ -678,7 +678,7 @@ Can only be mounted explicitly (i.e., the
 .B \-a
 option will not cause the file system to be mounted).
 .TP
-\fBcontext=\fP\fIcontext\fP, \fBfscontext=\fP\fIcontext\fP and \fBdefcontext=\fP\fIcontext\fP
+\fBcontext=\fP\fIcontext\fP, \fBfscontext=\fP\fIcontext\fP, \fBdefcontext=\fP\fIcontext\fP and \fBrootcontext=\fP\fIcontext\fP
 The
 .BR context=
 option is useful when mounting filesystems that do not support
@@ -719,6 +719,12 @@ You can set the default security context for unlabeled files using
 option. This overrides the value set for unlabeled files in the policy and requires a
 file system that supports xattr labeling.
 
+The
+.BR rootcontext=
+option allows you to explicitly label the root inode of a FS being mounted
+before that FS or inode because visable to userspace. This was found to be
+useful for things like stateless linux.
+
 For more details, see
 .BR selinux (8)
 
diff --git a/mount/mount.c b/mount/mount.c
index e70121cc..f92b23cb 100644
--- a/mount/mount.c
+++ b/mount/mount.c
@@ -422,6 +422,10 @@ parse_opt(char *opt, int *mask, char **extra_opts) {
 		if (append_context("defcontext=", opt+11, extra_opts) == 0)
 			return;
 	}
+	if (strncmp(opt, "rootcontext=", 12) == 0 && *(opt+12)) {
+		if (append_context("rootcontext=", opt+12, extra_opts) == 0)
+			return;
+	}
 #endif
 	*extra_opts = append_opt(*extra_opts, opt, NULL);
 }