Commit bf2e9904 authored by Stephen D. Smalley's avatar Stephen D. Smalley Committed by Linus Torvalds

[PATCH] SElinux; defer inode security initialization

This patch defers setting the inode security state for newly created inodes
until after policy has been loaded.
Signed-off-by: default avatarStephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent ac2dfbcb
...@@ -1266,6 +1266,12 @@ static inline u32 file_to_av(struct file *file) ...@@ -1266,6 +1266,12 @@ static inline u32 file_to_av(struct file *file)
int inode_security_set_sid(struct inode *inode, u32 sid) int inode_security_set_sid(struct inode *inode, u32 sid)
{ {
struct inode_security_struct *isec = inode->i_security; struct inode_security_struct *isec = inode->i_security;
struct superblock_security_struct *sbsec = inode->i_sb->s_security;
if (!sbsec->initialized) {
/* Defer initialization to selinux_complete_init. */
return 0;
}
down(&isec->sem); down(&isec->sem);
isec->sclass = inode_mode_to_security_class(inode->i_mode); isec->sclass = inode_mode_to_security_class(inode->i_mode);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment