From da474c119e750c2901c01692e44da2f84e38c26c Mon Sep 17 00:00:00 2001
From: Alexey Kodanev <alexey.kodanev@oracle.com>
Date: Wed, 26 Aug 2015 11:56:55 -0700
Subject: [PATCH] selinux: enable setting security context in cgroup

Orabug: 21295765

cgroup uses kernfs that has 'security.*' setxattr handler. But setxattr
with 'security.selinux' name returns EOPNOTSUPP, i.e. SBLABEL_MNT
not set on the cgroup filesystem.

Fix it by adding 'cgroup' type to genfs special handling list.

Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Guangyu Sun <guangyu.sun@oracle.com>
Signed-off-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
---
 security/selinux/hooks.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 7dade28affba..91276c28e0f0 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -404,6 +404,7 @@ static int selinux_is_sblabel_mnt(struct super_block *sb)
 		sbsec->behavior == SECURITY_FS_USE_TRANS ||
 		sbsec->behavior == SECURITY_FS_USE_TASK ||
 		/* Special handling. Genfs but also in-core setxattr handler */
+		!strcmp(sb->s_type->name, "cgroup") ||
 		!strcmp(sb->s_type->name, "sysfs") ||
 		!strcmp(sb->s_type->name, "pstore") ||
 		!strcmp(sb->s_type->name, "debugfs") ||
-- 
2.50.1