diff options
| author | Matthew Thode <[email protected]> | 2013-12-19 00:24:14 -0600 |
|---|---|---|
| committer | Brian Behlendorf <[email protected]> | 2013-12-19 10:37:31 -0800 |
| commit | 11b9ec23b98eefe1e7bde0033dc8285f94cb0b90 (patch) | |
| tree | 6be0568aea0dcbb0a76443768a70a26ae692b2bc /config | |
| parent | d1d7e2689db9e03f11c069ebc9f1ba12829e5dac (diff) | |
Add full SELinux support
Four new dataset properties have been added to support SELinux. They
are 'context', 'fscontext', 'defcontext' and 'rootcontext' which map
directly to the context options described in mount(8). When one of
these properties is set to something other than 'none'. That string
will be passed verbatim as a mount option for the given context when
the filesystem is mounted.
For example, if you wanted the rootcontext for a filesystem to be set
to 'system_u:object_r:fs_t' you would set the property as follows:
$ zfs set rootcontext="system_u:object_r:fs_t" storage-pool/media
This will ensure the filesystem is automatically mounted with that
rootcontext. It is equivalent to manually specifying the rootcontext
with the -o option like this:
$ zfs mount -o rootcontext=system_u:object_r:fs_t storage-pool/media
By default all four contexts are set to 'none'. Further information
on SELinux contexts is detailed in mount(8) and selinux(8) man pages.
Signed-off-by: Matthew Thode <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Signed-off-by: Richard Yao <[email protected]>
Closes #1504
Diffstat (limited to 'config')
| -rw-r--r-- | config/user-selinux.m4 | 36 | ||||
| -rw-r--r-- | config/user.m4 | 1 |
2 files changed, 0 insertions, 37 deletions
diff --git a/config/user-selinux.m4 b/config/user-selinux.m4 deleted file mode 100644 index 84df6ce7b..000000000 --- a/config/user-selinux.m4 +++ /dev/null @@ -1,36 +0,0 @@ -dnl # -dnl # Check to see if the selinux libraries are available. If they -dnl # are then they will be consulted during mount to determine if -dnl # selinux is enabled or disabled. -dnl # -AC_DEFUN([ZFS_AC_CONFIG_USER_LIBSELINUX], [ - AC_ARG_WITH([selinux], - [AS_HELP_STRING([--with-selinux], - [support selinux @<:@default=check@:>@])], - [], - [with_selinux=check]) - - LIBSELINUX= - AS_IF([test "x$with_selinux" != xno], [ - AC_CHECK_HEADER([selinux/selinux.h], [ - AC_CHECK_LIB([selinux], [is_selinux_enabled], [ - AC_SUBST([LIBSELINUX], ["-lselinux"]) - AC_DEFINE([HAVE_LIBSELINUX], 1, - [Define if you have selinux]) - ], [ - AS_IF([test "x$with_selinux" != xcheck], - [AC_MSG_FAILURE( - [--with-selinux given but unavailable]) - ]) - ]) - ], [ - AS_IF([test "x$with_selinux" != xcheck], - [AC_MSG_FAILURE( - [--with-selinux given but unavailable]) - ]) - ]) - ], [ - AC_MSG_CHECKING([for selinux support]) - AC_MSG_RESULT([no]) - ]) -]) diff --git a/config/user.m4 b/config/user.m4 index 6925e56f4..4f9963787 100644 --- a/config/user.m4 +++ b/config/user.m4 @@ -9,6 +9,5 @@ AC_DEFUN([ZFS_AC_CONFIG_USER], [ ZFS_AC_CONFIG_USER_ZLIB ZFS_AC_CONFIG_USER_LIBUUID ZFS_AC_CONFIG_USER_LIBBLKID - ZFS_AC_CONFIG_USER_LIBSELINUX ZFS_AC_CONFIG_USER_FRAME_LARGER_THAN ]) |