Commit e517a0cd authored by Stephen Smalley's avatar Stephen Smalley Committed by Linus Torvalds
Browse files

[PATCH] selinux: MLS compatibility

This patch enables files created on a MLS-enabled SELinux system to be
accessible on a non-MLS SELinux system, by skipping the MLS component of
the security context in the non-MLS case.

Signed-off-by: default avatarStephen Smalley <>
Signed-off-by: default avatarJames Morris <>
Signed-off-by: default avatarAndrew Morton <>
Signed-off-by: default avatarLinus Torvalds <>
parent d34d7ae2
......@@ -262,8 +262,11 @@ int mls_context_to_sid(char oldc,
struct cat_datum *catdatum, *rngdatum;
int l, rc = -EINVAL;
if (!selinux_mls_enabled)
if (!selinux_mls_enabled) {
if (def_sid != SECSID_NULL && oldc)
*scontext += strlen(*scontext);
return 0;
* No MLS component to the security context, try and map to
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment