UPSTREAM: selinux: enable genfscon labeling for securityfs
Add support for genfscon per-file labeling of securityfs files.
This allows for separate labels and thereby access control for
different files. For example a genfscon statement
genfscon securityfs /integrity/ima/policy \
system_u:object_r:ima_policy_t:s0
will set a private label to the IMA policy file and thus allow to
control the ability to set the IMA policy. Setting labels directly
with setxattr(2), e.g. by chcon(1) or setfiles(8), is still not
supported.
Change-Id: Ifa71f8d3e2d9beb6f5ad6b1f7de62ac9ffcb90d4
Signed-off-by: Christian Göttsche <[email protected]>
[PM: line width fixes in the commit description]
Signed-off-by: Paul Moore <[email protected]>
(cherry picked from commit 8a764ef1bd43fb2bb4ff3290746e5c820a3a9716)
Signed-off-by: BIN.LV <[email protected]>
1 file changed
