void unlock_mtab (void);
void update_mtab (const char *special, struct my_mntent *with);
+char *get_option(const char *optname, const char *src, size_t *len);
char *get_option_value(const char *list, const char *s);
#endif /* MOUNT_FSTAB_H */
return opts;
}
+
+static int has_context_option(char *opts)
+{
+ if (get_option("context=", opts, NULL) ||
+ get_option("fscontext=", opts, NULL) ||
+ get_option("defcontext=", opts, NULL) ||
+ get_option("rootcontext=", opts, NULL))
+ return 1;
+
+ return 0;
+}
+
#endif
/*
types = "none";
#ifdef HAVE_LIBSELINUX
- if ((flags & MS_REMOUNT) && mount_opts)
- mount_opts = remove_context_options(mount_opts);
+ if (flags & MS_REMOUNT) {
+ /*
+ * Linux kernel does not accept any selinux context option on remount
+ */
+ if (mount_opts)
+ mount_opts = remove_context_options(mount_opts);
+
+ } else if (types && strcmp(types, "tmpfs") == 0 && is_selinux_enabled() > 0 &&
+ !has_context_option(mount_opts)) {
+ /*
+ * Add rootcontext= mount option for tmpfs
+ * https://bugzilla.redhat.com/show_bug.cgi?id=476964
+ */
+ security_context_t sc = NULL;
+
+ if (getfilecon(node, &sc) > 0 && strcmp("unlabeled", sc))
+ append_context("rootcontext=", (char *) sc, &mount_opts);
+ freecon(sc);
+ }
#endif
/*