From: Karel Zak <kzak@redhat.com>
Date: Wed, 9 Feb 2011 13:15:02 +0000 (+0100)
Subject: mount: add rootcontext= for tmpfs on SELinux boxes
X-Git-Tag: v2.19~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=086f6471089b3487f46309b401867b3dae7d1551;p=thirdparty%2Futil-linux.git

mount: add rootcontext= for tmpfs on SELinux boxes

Addresses: http://bugzilla.redhat.com/show_bug.cgi?id=476964
Addresses: http://bugzilla.redhat.com/show_bug.cgi?id=676100
Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/mount/fstab.c b/mount/fstab.c
index 069a4084c5..32b8dac181 100644
--- a/mount/fstab.c
+++ b/mount/fstab.c
@@ -761,7 +761,7 @@ lock_mtab (void) {
 }
 
 /* returns whole option with name @optname from @src list */
-static char *
+char *
 get_option(const char *optname, const char *src, size_t *len)
 {
 	char *opt, *end;
diff --git a/mount/fstab.h b/mount/fstab.h
index f631bebe3a..15a7ecad6a 100644
--- a/mount/fstab.h
+++ b/mount/fstab.h
@@ -39,6 +39,7 @@ void lock_mtab (void);
 void unlock_mtab (void);
 void update_mtab (const char *special, struct my_mntent *with);
 
+char *get_option(const char *optname, const char *src, size_t *len);
 char *get_option_value(const char *list, const char *s);
 
 #endif /* MOUNT_FSTAB_H */
diff --git a/mount/mount.c b/mount/mount.c
index 9fd92480d7..f5b3521a80 100644
--- a/mount/mount.c
+++ b/mount/mount.c
@@ -451,6 +451,18 @@ static char *remove_context_options(char *opts)
 
 	return opts;
 }
+
+static int has_context_option(char *opts)
+{
+	if (get_option("context=", opts, NULL) ||
+	    get_option("fscontext=", opts, NULL) ||
+	    get_option("defcontext=", opts, NULL) ||
+	    get_option("rootcontext=", opts, NULL))
+		return 1;
+
+	return 0;
+}
+
 #endif
 
 /*
@@ -1593,8 +1605,25 @@ try_mount_one (const char *spec0, const char *node0, const char *types0,
       types = "none";
 
 #ifdef HAVE_LIBSELINUX
-  if ((flags & MS_REMOUNT) && mount_opts)
-      mount_opts = remove_context_options(mount_opts);
+  if (flags & MS_REMOUNT) {
+      /*
+       * Linux kernel does not accept any selinux context option on remount
+       */
+      if (mount_opts)
+          mount_opts = remove_context_options(mount_opts);
+
+  } else if (types && strcmp(types, "tmpfs") == 0 && is_selinux_enabled() > 0 &&
+	   !has_context_option(mount_opts)) {
+      /*
+       * Add rootcontext= mount option for tmpfs
+       * https://bugzilla.redhat.com/show_bug.cgi?id=476964
+       */
+      security_context_t sc = NULL;
+
+      if (getfilecon(node, &sc) > 0 && strcmp("unlabeled", sc))
+	      append_context("rootcontext=", (char *) sc, &mount_opts);
+      freecon(sc);
+  }
 #endif
 
   /*