diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/mount-setup.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/mount-setup.c b/src/mount-setup.c index 7c14ea8e55..aaffb655ee 100644 --- a/src/mount-setup.c +++ b/src/mount-setup.c @@ -51,13 +51,15 @@ typedef struct MountPoint { } MountPoint; /* The first three entries we might need before SELinux is up. The - * other ones we can delay until SELinux is loaded. */ -#define N_EARLY_MOUNT 3 + * fourth (securityfs) is needed by IMA to load a custom policy. The + * other ones we can delay until SELinux and IMA are loaded. */ +#define N_EARLY_MOUNT 4 static const MountPoint mount_table[] = { { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true }, { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true }, { "devtmpfs", "/dev", "devtmpfs", "mode=755", MS_NOSUID, true }, + { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, false }, { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV, true }, { "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC, false }, { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV, true }, |