mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-13 17:44:54 +00:00
e3cab998b4
The Fedora Distribution is looking to standardize kernel subsystem file systems to be mounted under /sys/fs. They would like us to move /selinux to /sys/fs/selinux. This patch changes libselinux in the following ways: 1. load_policy will first check if /sys/fs/selinux exists and mount the selinuxfs at this location, if it does not exists it will fall back to mounting the file system at /selinux (if it exists). 2. The init functions of selinux will now check if /sys/fs/selinux is mounted, if it is and has an SELinuxfs mounted on it, the code will then check if the selinuxfs is mounted rw, if it is, libselinux will set the mountpoint, if it is readonly, libselinux will return no mountpoint. If /sys/fs/selinux does not exists, the same check will be done for /selinux and finally for an entry in /proc/mounts. NOTE: We added the check for RO, to allow tools like mock to be able to tell a chroot that SELinux is disabled while enforcing it outside the chroot. $ getenforce Enabled $ mount --bind /selinux /var/chroot/selinux $ mount -o remount,ro /var/chroot/selinux $ chroot /var/chroot $ getenforce Disabled 3. In order to make this work, I needed to stop enabled from checking if /proc/filesystem for entries if selinux_mnt did not exist. Now enabeled checks if selinux_mnt has been discovered otherwise it will report selinux disabled. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> |
||
|---|---|---|
| checkpolicy | ||
| libselinux | ||
| libsemanage | ||
| libsepol | ||
| policycoreutils | ||
| scripts | ||
| sepolgen | ||
| .gitignore | ||
| Makefile | ||