rpms/fuse
7
0
Fork 0
Code Issues Pull Requests Releases Activity

backport patch allowing setting SELinux context on FUSE mounts

Browse Source
This commit is contained in:
Adam Williamson 2015-10-08 15:40:30 -07:00
parent 5bf8a910e2
commit a37b7ae5c1
2 changed files with 45 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
0001-libfuse-pass-security-context-options-to-kernel.patch Normal file
View File

@ -0,0 +1,33 @@
From c52cafc81ced83fbd5cc7edf4ef5f7cb57b82729 Mon Sep 17 00:00:00 2001
From: Dalvik Khertel <khertel@outlook.com>
Date: Thu, 9 Aug 2012 12:48:20 +0000
Subject: [PATCH] libfuse: pass security context options to kernel
Mount can be used with an "-o context=" option in order to specify a
mountpoint-wide SELinux security context different from the default context
provided by the active SELinux policy.
This is useful in order to enable users to mount multiple sshfs targets under
distinct contexts, which is my main motivation for getting this patch mainlined.
---
lib/mount.c | 4 ++++
1 files changed, 4 insertions(+)
diff --git a/lib/mount.c b/lib/mount.c
index 6182a17..01f64da 100644
--- a/lib/mount.c
+++ b/lib/mount.c
@@ -97,6 +97,10 @@ static const struct fuse_opt fuse_mount_opts[] = {
FUSE_OPT_KEY("large_read", KEY_KERN_OPT),
FUSE_OPT_KEY("blksize=", KEY_KERN_OPT),
FUSE_OPT_KEY("default_permissions", KEY_KERN_OPT),
+ FUSE_OPT_KEY("context=", KEY_KERN_OPT),
+ FUSE_OPT_KEY("fscontext=", KEY_KERN_OPT),
+ FUSE_OPT_KEY("defcontext=", KEY_KERN_OPT),
+ FUSE_OPT_KEY("rootcontext=", KEY_KERN_OPT),
FUSE_OPT_KEY("max_read=", KEY_KERN_OPT),
FUSE_OPT_KEY("max_read=", FUSE_OPT_KEY_KEEP),
FUSE_OPT_KEY("user=", KEY_MTAB_OPT),
--
2.5.0

10
fuse.spec
View File

@ -1,6 +1,6 @@
Name: fuse Name: fuse
Version: 2.9.4 Version: 2.9.4
Release: 2%{?dist} Release: 3%{?dist}
Summary: File System in Userspace (FUSE) utilities Summary: File System in Userspace (FUSE) utilities
Group: System Environment/Base Group: System Environment/Base
@ -12,6 +12,10 @@ Source1: %{name}.conf
Patch1: fuse-0001-More-parentheses.patch Patch1: fuse-0001-More-parentheses.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=970768 # https://bugzilla.redhat.com/show_bug.cgi?id=970768
Patch2: fuse-2.9.2-namespace-conflict-fix.patch Patch2: fuse-2.9.2-namespace-conflict-fix.patch
# Allow setting SELinux context on fuse mounts: backport from master
# c52cafc81ced83fbd5cc7edf4ef5f7cb57b82729 , with ChangeLog changes
# dropped as they conflict
Patch3: 0001-libfuse-pass-security-context-options-to-kernel.patch
Requires: which Requires: which
Conflicts: filesystem < 3 Conflicts: filesystem < 3
BuildRequires: libselinux-devel BuildRequires: libselinux-devel
@ -52,6 +56,7 @@ pgk-config) to develop FUSE based applications/filesystems.
sed -i 's|mknod|echo Disabled: mknod |g' util/Makefile.in sed -i 's|mknod|echo Disabled: mknod |g' util/Makefile.in
%patch1 -p1 -b .add_parentheses %patch1 -p1 -b .add_parentheses
%patch2 -p1 -b .conflictfix %patch2 -p1 -b .conflictfix
%patch3 -p1 -b .context
%build %build
# Can't pass --disable-static here, or else the utils don't build # Can't pass --disable-static here, or else the utils don't build
@ -103,6 +108,9 @@ rm -f %{buildroot}%{_sysconfdir}/udev/rules.d/99-fuse.rules
%{_includedir}/fuse %{_includedir}/fuse
%changelog %changelog
* Thu Oct 08 2015 Adam Williamson <awilliam@redhat.com> - 2.9.4-3
- backport patch allowing setting SELinux context on FUSE mounts
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.9.4-2 * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.9.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild