Skip to content

Commit

Permalink
SELINUX: add /sys/fs/selinux mount point to put selinuxfs
Browse files Browse the repository at this point in the history
In the interest of keeping userspace from having to create new root
filesystems all the time, let's follow the lead of the other in-kernel
filesystems and provide a proper mount point for it in sysfs.

For selinuxfs, this mount point should be in /sys/fs/selinux/

Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <jmorris@namei.org>
Cc: Eric Paris <eparis@parisplace.org>
Cc: Lennart Poettering <mzerqung@0pointer.de>
Cc: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[include kobject.h - Eric Paris]
[use selinuxfs_obj throughout - Eric Paris]
Signed-off-by: Eric Paris <eparis@redhat.com>
  • Loading branch information
Greg Kroah-Hartman authored and Eric Paris committed May 11, 2011
1 parent 2875fa0 commit 7a627e3
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion security/selinux/selinuxfs.c
Original file line number Diff line number Diff line change
@@ -28,6 +28,7 @@
#include <linux/percpu.h>
#include <linux/audit.h>
#include <linux/uaccess.h>
#include <linux/kobject.h>

/* selinuxfs pseudo filesystem for exporting the security policy API.
Based on the proc code and the fs/nfsd/nfsctl.c code. */
@@ -1909,16 +1910,24 @@ static struct file_system_type sel_fs_type = {
};

struct vfsmount *selinuxfs_mount;
static struct kobject *selinuxfs_kobj;

static int __init init_sel_fs(void)
{
int err;

if (!selinux_enabled)
return 0;

selinuxfs_kobj = kobject_create_and_add("selinux", fs_kobj);
if (!selinuxfs_kobj)
return -ENOMEM;

err = register_filesystem(&sel_fs_type);
if (err)
if (err) {
kobject_put(selinuxfs_kobj);
return err;
}

selinuxfs_mount = kern_mount(&sel_fs_type);
if (IS_ERR(selinuxfs_mount)) {
@@ -1935,6 +1944,7 @@ __initcall(init_sel_fs);
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
void exit_sel_fs(void)
{
kobject_put(selinuxfs_kobj);
unregister_filesystem(&sel_fs_type);
}
#endif

0 comments on commit 7a627e3

Please sign in to comment.