From: Alexey Kodanev <alexey.kodanev@oracle.com>
Date: Wed, 26 Aug 2015 18:56:55 +0000 (-0700)
Subject: selinux: enable setting security context in cgroup
X-Git-Tag: v4.1.12-92~295^2
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=da474c119e750c2901c01692e44da2f84e38c26c;p=users%2Fjedix%2Flinux-maple.git

selinux: enable setting security context in cgroup

Orabug: 21295765

cgroup uses kernfs that has 'security.*' setxattr handler. But setxattr
with 'security.selinux' name returns EOPNOTSUPP, i.e. SBLABEL_MNT
not set on the cgroup filesystem.

Fix it by adding 'cgroup' type to genfs special handling list.

Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Guangyu Sun <guangyu.sun@oracle.com>
Signed-off-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
---

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 7dade28affba..91276c28e0f0 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -404,6 +404,7 @@ static int selinux_is_sblabel_mnt(struct super_block *sb)
 		sbsec->behavior == SECURITY_FS_USE_TRANS ||
 		sbsec->behavior == SECURITY_FS_USE_TASK ||
 		/* Special handling. Genfs but also in-core setxattr handler */
+		!strcmp(sb->s_type->name, "cgroup") ||
 		!strcmp(sb->s_type->name, "sysfs") ||
 		!strcmp(sb->s_type->name, "pstore") ||
 		!strcmp(sb->s_type->name, "debugfs") ||