diff options
author | Brian Behlendorf <[email protected]> | 2010-12-16 14:26:08 -0800 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2011-01-28 12:45:19 -0800 |
commit | b3259b6a2ba29595dc5f2df0f6def8c7fc6bcb98 (patch) | |
tree | 57c70e929f1dd3ec12243144ea542b51c3dade56 /lib/libzfs | |
parent | 95c73795b001267d6b683b71e8abe51de4b0c938 (diff) |
Autoconf selinux support
If libselinux is detected on your system at configure time link
against it. This allows us to use a library call to detect if
selinux is enabled and if it is to pass the mount option:
"context=\"system_u:object_r:file_t:s0"
For now this is required because none of the existing selinux
policies are aware of the zfs filesystem type. Because of this
they do not properly enable xattr based labeling even though
zfs supports all of the required hooks.
Until distro's add zfs as a known xattr friendly fs type we
must use mntpoint labeling. Alternately, end users could modify
their existing selinux policy with a little guidance.
Diffstat (limited to 'lib/libzfs')
-rw-r--r-- | lib/libzfs/Makefile.am | 2 | ||||
-rw-r--r-- | lib/libzfs/Makefile.in | 4 | ||||
-rw-r--r-- | lib/libzfs/libzfs_mount.c | 9 |
3 files changed, 13 insertions, 2 deletions
diff --git a/lib/libzfs/Makefile.am b/lib/libzfs/Makefile.am index 70210c35b..de5212234 100644 --- a/lib/libzfs/Makefile.am +++ b/lib/libzfs/Makefile.am @@ -6,7 +6,7 @@ DEFAULT_INCLUDES += \ lib_LTLIBRARIES = libzfs.la -libzfs_la_LDFLAGS = -lm +libzfs_la_LDFLAGS = -lm $(LIBSELINUX) libzfs_la_LIBADD = \ $(top_builddir)/lib/libefi/libefi.la \ diff --git a/lib/libzfs/Makefile.in b/lib/libzfs/Makefile.in index 741f39da4..c8b500466 100644 --- a/lib/libzfs/Makefile.in +++ b/lib/libzfs/Makefile.in @@ -67,6 +67,7 @@ am__aclocal_m4_deps = \ $(top_srcdir)/config/user-libshare.m4 \ $(top_srcdir)/config/user-libuuid.m4 \ $(top_srcdir)/config/user-nptl_guard_within_stack.m4 \ + $(top_srcdir)/config/user-selinux.m4 \ $(top_srcdir)/config/user-zlib.m4 $(top_srcdir)/config/user.m4 \ $(top_srcdir)/config/zfs-build.m4 \ $(top_srcdir)/config/zfs-meta.m4 $(top_srcdir)/configure.ac @@ -197,6 +198,7 @@ LDFLAGS = @LDFLAGS@ LIBBLKID = @LIBBLKID@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ +LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIBUUID = @LIBUUID@ LINUX = @LINUX@ @@ -314,7 +316,7 @@ AM_CFLAGS = -Wall -Wstrict-prototypes -fno-strict-aliasing \ -D_POSIX_PTHREAD_SEMANTICS -D_FILE_OFFSET_BITS=64 \ -D_LARGEFILE64_SOURCE -DTEXT_DOMAIN=\"zfs-linux-user\" lib_LTLIBRARIES = libzfs.la -libzfs_la_LDFLAGS = -lm +libzfs_la_LDFLAGS = -lm $(LIBSELINUX) libzfs_la_LIBADD = \ $(top_builddir)/lib/libefi/libefi.la \ $(top_builddir)/lib/libuutil/libuutil.la diff --git a/lib/libzfs/libzfs_mount.c b/lib/libzfs/libzfs_mount.c index 88bd0714e..9950bf967 100644 --- a/lib/libzfs/libzfs_mount.c +++ b/lib/libzfs/libzfs_mount.c @@ -72,6 +72,9 @@ #include <sys/mntent.h> #include <sys/mount.h> #include <sys/stat.h> +#ifdef HAVE_LIBSELINUX +#include <selinux/selinux.h> +#endif /* HAVE_LIBSELINUX */ #include <libzfs.h> @@ -277,6 +280,12 @@ zfs_mount(zfs_handle_t *zhp, const char *options, int flags) if (zpool_get_prop_int(zhp->zpool_hdl, ZPOOL_PROP_READONLY, NULL)) flags |= MS_RDONLY; +#ifdef HAVE_LIBSELINUX + if (is_selinux_enabled()) + (void) strlcat(mntopts, ",context=\"system_u:" + "object_r:file_t:s0\"", sizeof (mntopts)); +#endif /* HAVE_LIBSELINUX */ + if (!zfs_is_mountable(zhp, mountpoint, sizeof (mountpoint), NULL)) return (0); |