From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch defers setting the inode security state for newly created inodes
until after policy has been loaded.

Signed-off-by:  Stephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 25-akpm/security/selinux/hooks.c |    6 ++++++
 1 files changed, 6 insertions(+)

diff -puN security/selinux/hooks.c~selinux-defer-inode-security-initialization security/selinux/hooks.c
--- 25/security/selinux/hooks.c~selinux-defer-inode-security-initialization	2004-08-16 11:46:59.097301584 -0700
+++ 25-akpm/security/selinux/hooks.c	2004-08-16 11:46:59.103300672 -0700
@@ -1266,6 +1266,12 @@ static inline u32 file_to_av(struct file
 int inode_security_set_sid(struct inode *inode, u32 sid)
 {
 	struct inode_security_struct *isec = inode->i_security;
+	struct superblock_security_struct *sbsec = inode->i_sb->s_security;
+
+	if (!sbsec->initialized) {
+		/* Defer initialization to selinux_complete_init. */
+		return 0;
+	}
 
 	down(&isec->sem);
 	isec->sclass = inode_mode_to_security_class(inode->i_mode);
_