From 046be46d8ee0555b1fd8a3a3cec16ea9ed6f7d4e Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Mon, 22 Dec 2008 18:46:45 +0100 Subject: [PATCH] mount: add rootcontext= SELinux mount option Note, the description in the mount.8 man page is copy & paste from rootcontext= kernel patch (by James Morris). I didn't found anything more useful... (patches welcomed:-) Signed-off-by: Karel Zak --- mount/mount.8 | 8 +++++++- mount/mount.c | 4 ++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/mount/mount.8 b/mount/mount.8 index 45f24e9e..e40e75c9 100644 --- a/mount/mount.8 +++ b/mount/mount.8 @@ -666,7 +666,7 @@ Can only be mounted explicitly (i.e., the .B \-a option will not cause the file system to be mounted). .TP -\fBcontext=\fP\fIcontext\fP, \fBfscontext=\fP\fIcontext\fP and \fBdefcontext=\fP\fIcontext\fP +\fBcontext=\fP\fIcontext\fP, \fBfscontext=\fP\fIcontext\fP, \fBdefcontext=\fP\fIcontext\fP and \fBrootcontext=\fP\fIcontext\fP The .BR context= option is useful when mounting filesystems that do not support @@ -707,6 +707,12 @@ You can set the default security context for unlabeled files using option. This overrides the value set for unlabeled files in the policy and requires a file system that supports xattr labeling. +The +.BR rootcontext= +option allows you to explicitly label the root inode of a FS being mounted +before that FS or inode because visable to userspace. This was found to be +useful for things like stateless linux. + For more details, see .BR selinux (8) diff --git a/mount/mount.c b/mount/mount.c index 947c94a8..34ef7165 100644 --- a/mount/mount.c +++ b/mount/mount.c @@ -423,6 +423,10 @@ parse_opt(char *opt, int *mask, char **extra_opts) { if (append_context("defcontext=", opt+11, extra_opts) == 0) return; } + if (strncmp(opt, "rootcontext=", 12) == 0 && *(opt+12)) { + if (append_context("rootcontext=", opt+12, extra_opts) == 0) + return; + } #endif *extra_opts = append_opt(*extra_opts, opt, NULL); } -- 2.39.5