On Tue, 2013-12-10 at 15:25 -0500, Eric Paris wrote: > I'll try to write a patch to fix that logic...
Anand, How about something like (untested but it compiles): diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index ee470a0..2b437fc8 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -2349,9 +2359,17 @@ int security_fs_use(struct super_block *sb) if (strncmp(fstype, c->u.name, baselen)) continue; - /* if there is no subtype, this is the one! */ - if (!subtype) - break; + /* current mount has no subtype */ + if (!subtype) { + /* + * if there is no subtype in policy this is our match + * if there is a subtype in policy keep looking, + */ + if (baselen == strlen(c->u.name)) + break; + else + continue; + } /* skip past the base in this entry */ sub = c->u.name + baselen; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/