backport patch allowing setting SELinux context on FUSE mounts

This commit is contained in:
Adam Williamson 2015-10-08 15:40:30 -07:00
parent 5bf8a910e2
commit a37b7ae5c1
2 changed files with 45 additions and 4 deletions

View File

@ -0,0 +1,33 @@
From c52cafc81ced83fbd5cc7edf4ef5f7cb57b82729 Mon Sep 17 00:00:00 2001
From: Dalvik Khertel <khertel@outlook.com>
Date: Thu, 9 Aug 2012 12:48:20 +0000
Subject: [PATCH] libfuse: pass security context options to kernel
Mount can be used with an "-o context=" option in order to specify a
mountpoint-wide SELinux security context different from the default context
provided by the active SELinux policy.
This is useful in order to enable users to mount multiple sshfs targets under
distinct contexts, which is my main motivation for getting this patch mainlined.
---
lib/mount.c | 4 ++++
1 files changed, 4 insertions(+)
diff --git a/lib/mount.c b/lib/mount.c
index 6182a17..01f64da 100644
--- a/lib/mount.c
+++ b/lib/mount.c
@@ -97,6 +97,10 @@ static const struct fuse_opt fuse_mount_opts[] = {
FUSE_OPT_KEY("large_read", KEY_KERN_OPT),
FUSE_OPT_KEY("blksize=", KEY_KERN_OPT),
FUSE_OPT_KEY("default_permissions", KEY_KERN_OPT),
+ FUSE_OPT_KEY("context=", KEY_KERN_OPT),
+ FUSE_OPT_KEY("fscontext=", KEY_KERN_OPT),
+ FUSE_OPT_KEY("defcontext=", KEY_KERN_OPT),
+ FUSE_OPT_KEY("rootcontext=", KEY_KERN_OPT),
FUSE_OPT_KEY("max_read=", KEY_KERN_OPT),
FUSE_OPT_KEY("max_read=", FUSE_OPT_KEY_KEEP),
FUSE_OPT_KEY("user=", KEY_MTAB_OPT),
--
2.5.0

View File

@ -1,6 +1,6 @@
Name: fuse
Version: 2.9.4
Release: 2%{?dist}
Release: 3%{?dist}
Summary: File System in Userspace (FUSE) utilities
Group: System Environment/Base
@ -12,6 +12,10 @@ Source1: %{name}.conf
Patch1: fuse-0001-More-parentheses.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=970768
Patch2: fuse-2.9.2-namespace-conflict-fix.patch
# Allow setting SELinux context on fuse mounts: backport from master
# c52cafc81ced83fbd5cc7edf4ef5f7cb57b82729 , with ChangeLog changes
# dropped as they conflict
Patch3: 0001-libfuse-pass-security-context-options-to-kernel.patch
Requires: which
Conflicts: filesystem < 3
BuildRequires: libselinux-devel
@ -52,6 +56,7 @@ pgk-config) to develop FUSE based applications/filesystems.
sed -i 's|mknod|echo Disabled: mknod |g' util/Makefile.in
%patch1 -p1 -b .add_parentheses
%patch2 -p1 -b .conflictfix
%patch3 -p1 -b .context
%build
# Can't pass --disable-static here, or else the utils don't build
@ -103,6 +108,9 @@ rm -f %{buildroot}%{_sysconfdir}/udev/rules.d/99-fuse.rules
%{_includedir}/fuse
%changelog
* Thu Oct 08 2015 Adam Williamson <awilliam@redhat.com> - 2.9.4-3
- backport patch allowing setting SELinux context on FUSE mounts
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.9.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild