aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/include/security.h
diff options
context:
space:
mode:
authorJames Morris <jmorris@redhat.com>2005-07-28 01:07:37 -0700
committerLinus Torvalds <torvalds@g5.osdl.org>2005-07-28 08:39:02 -0700
commitf5c1d5b2aaf9a98f15a6dcdfbba1f494d0aaae52 (patch)
treee896d0b6b9f561c9d124fa81efd261518ccbddf4 /security/selinux/include/security.h
parente1699f508ab5098de4b258268fa8913db38d9d35 (diff)
downloadmrst-s0i3-test-f5c1d5b2aaf9a98f15a6dcdfbba1f494d0aaae52.tar.gz
mrst-s0i3-test-f5c1d5b2aaf9a98f15a6dcdfbba1f494d0aaae52.tar.xz
mrst-s0i3-test-f5c1d5b2aaf9a98f15a6dcdfbba1f494d0aaae52.zip
[PATCH] SELinux: default labeling of MLS field
Implement kernel labeling of the MLS (multilevel security) field of security contexts for files which have no existing MLS field. This is to enable upgrades of a system from non-MLS to MLS without performing a full filesystem relabel including all of the mountpoints, which would be quite painful for users. With this patch, with MLS enabled, if a file has no MLS field, the kernel internally adds an MLS field to the in-core inode (but not to the on-disk file). This MLS field added is the default for the superblock, allowing per-mountpoint control over the values via fixed policy or mount options. This patch has been tested by enabling MLS without relabeling its filesystem, and seems to be working correctly. Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/selinux/include/security.h')
-rw-r--r--security/selinux/include/security.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index fa187c9a351..71c0a19c975 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -65,6 +65,8 @@ int security_sid_to_context(u32 sid, char **scontext,
int security_context_to_sid(char *scontext, u32 scontext_len,
u32 *out_sid);
+int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *out_sid, u32 def_sid);
+
int security_get_user_sids(u32 callsid, char *username,
u32 **sids, u32 *nel);