Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
selinux: only filter copy-up xattrs following initialization
Extended attribute copy-up functionality added via 19472b6 ("selinux: Implementation for inode_copy_up_xattr() hook") sees "security.selinux" contexts dropped, instead relying on contexts applied via the inode_copy_up() hook. When copy-up takes place during early boot, prior to selinux initialization / policy load, the context stripping can be unwanted and unexpected. With this change, filtering of "security.selinux" xattrs will only occur after selinux initialization. Signed-off-by: David Disseldorp <[email protected]> Signed-off-by: Paul Moore <[email protected]>
- Loading branch information