Ondrej Mosnacek 869d1e4564 selinux: never allow relabeling on context mounts ... commit a83d6ddaeb upstream. In the SECURITY_FS_USE_MNTPOINT case we never want to allow relabeling files/directories, so we should never set the SBLABEL_MNT flag. The 'special handling' in selinux_is_sblabel_mnt() is only intended for when the behavior is set to SECURITY_FS_USE_GENFS. While there, make the logic in selinux_is_sblabel_mnt() more explicit and add a BUILD_BUG_ON() to make sure that introducing a new SECURITY_FS_USE_* forces a review of the logic. Fixes: d5f3a5f6e7 ("selinux: add security in-core xattr support for pstore and debugfs") Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2019-05-08 07:19:12 +02:00
..
apparmor
integrity
keys	KEYS: restrict /proc/keys by credentials at open time	2019-03-19 13:14:08 +01:00
loadpin
selinux	selinux: never allow relabeling on context mounts	2019-05-08 07:19:12 +02:00
smack	smack: fix access permissions for keyring	2019-02-12 19:44:54 +01:00
tomoyo
yama	Yama: Check for pid death before checking ancestry	2019-01-23 08:10:54 +01:00
commoncap.c
device_cgroup.c	device_cgroup: fix RCU imbalance in error case	2019-04-27 09:34:46 +02:00
inode.c
Kconfig
lsm_audit.c	missing barriers in some of unix_sock ->addr and ->path accesses	2019-03-19 13:14:10 +01:00
Makefile
min_addr.c
security.c	LSM: Check for NULL cred-security on free	2019-01-23 08:10:55 +01:00