Add support for libselinux 2.0.5 init_selinuxmnt() changes.

2007-02-27 17:02:35 +00:00 · 2007-02-27 17:02:35 +00:00 · 86d754eed6
parent cd548f7abc
commit 86d754eed6
3 changed files with 11 additions and 1 deletions
--- a/1
+++ b/1
@ -1,3 +1,4 @@
+- Add support for libselinux 2.0.5 init_selinuxmnt() changes.
 - Patch for misc fixes to bluetooth from Dan Walsh.
 - Patch for misc fixes to kerberos from Dan Walsh.
 - Patch to start deprecating usercanread attribute from Ryan Bradetich.
--- a/policy/modules/kernel/selinux.if
+++ b/policy/modules/kernel/selinux.if
@ -16,6 +16,15 @@
 ## </param>
 #
 interface(`selinux_get_fs_mount',`
+	gen_require(`
+		type security_t;
+	')
+
+	# starting in libselinux 2.0.5, init_selinuxmnt() will
+	# attempt to short circuit by checking if SELINUXMNT
+	# (/selinux) is already a selinuxfs
+	allow $1 security_t:filesystem getattr;
+
 	# read /proc/filesystems to see if selinuxfs is supported
 	# then read /proc/self/mount to see where selinuxfs is mounted
 	kernel_read_system_state($1)
--- a/policy/modules/kernel/selinux.te
+++ b/policy/modules/kernel/selinux.te
@ -1,5 +1,5 @@

-policy_module(selinux,1.2.0)
+policy_module(selinux,1.2.1)

 ########################################
 #