Add full SELinux support

Linux Kernel / ZFS On Linux - Matthew Thode [mthode.org] - 19 December 2013 12:37 UTC

Four new dataset properties have been added to support SELinux. They are 'context', 'fscontext', 'defcontext' and 'rootcontext' which map directly to the context options described in mount(8). When one of these properties is set to something other than 'none'. That string will be passed verbatim as a mount option for the given context when the filesystem is mounted.



For example, if you wanted the rootcontext for a filesystem to be set to 'system_u:object_r:fs_t' you would set the property as follows:



$ zfs set rootcontext="system_u:object_r:fs_t" storage-pool/media



This will ensure the filesystem is automatically mounted with that rootcontext. It is equivalent to manually specifying the rootcontext with the -o option like this:



$ zfs mount -o rootcontext=system_u:object_r:fs_t storage-pool/media



By default all four contexts are set to 'none'. Further information on SELinux contexts is detailed in mount(8) and selinux(8) man pages.

11b9ec2 Add full SELinux support

cmd/mount_zfs/Makefile.am | 2 -

cmd/mount_zfs/mount_zfs.c | 88 ++++++++++++++++++++++++++-------------

config/user-selinux.m4 | 36 ----------------

config/user.m4 | 1 -

include/sys/fs/zfs.h | 4 ++

lib/libspl/include/sys/mntent.h | 2 -

man/man8/mount.zfs.8 | 13 ++++++

man/man8/zfs.8 | 46 ++++++++++++++++++++

module/zcommon/zfs_prop.c | 12 ++++++

rpm/generic/zfs.spec.in | 12 +-----

10 files changed, 134 insertions(+), 82 deletions(-)

Upstream: github.com