linux-stable-rt/security/selinux/include
James Morris f5c1d5b2aa [PATCH] SELinux: default labeling of MLS field
Implement kernel labeling of the MLS (multilevel security) field of
security contexts for files which have no existing MLS field.  This is to
enable upgrades of a system from non-MLS to MLS without performing a full
filesystem relabel including all of the mountpoints, which would be quite
painful for users.

With this patch, with MLS enabled, if a file has no MLS field, the kernel
internally adds an MLS field to the in-core inode (but not to the on-disk
file).  This MLS field added is the default for the superblock, allowing
per-mountpoint control over the values via fixed policy or mount options.

This patch has been tested by enabling MLS without relabeling its
filesystem, and seems to be working correctly.

Signed-off-by: James Morris <jmorris@redhat.com>
Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-07-28 08:39:02 -07:00
..
av_inherit.h [PATCH] SELinux: add support for NETLINK_KOBJECT_UEVENT 2005-04-16 15:24:13 -07:00
av_perm_to_string.h [PATCH] selinux: add executable heap check 2005-06-25 16:24:26 -07:00
av_permissions.h [PATCH] selinux: add executable heap check 2005-06-25 16:24:26 -07:00
avc.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
avc_ss.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
class_to_string.h [PATCH] SELinux: add support for NETLINK_KOBJECT_UEVENT 2005-04-16 15:24:13 -07:00
common_perm_to_string.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
conditional.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
flask.h [PATCH] SELinux: add support for NETLINK_KOBJECT_UEVENT 2005-04-16 15:24:13 -07:00
initial_sid_to_string.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
netif.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
objsec.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
security.h [PATCH] SELinux: default labeling of MLS field 2005-07-28 08:39:02 -07:00