From: James Morris <jmorris@namei.org>
To: linux-security-module@vger.kernel.org
Cc: Alexey Dobriyan <adobriyan@gmail.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
David Miller <davem@davemloft.net>,
auke-jan.h.kok@intel.com,
Andrew Morton <akpm@linux-foundation.org>,
e1000-devel@lists.sourceforge.net, netdev@vger.kernel.org,
Eric Paris <eparis@parisplace.org>,
Stephen Smalley <sds@tycho.nsa.gov>,
Al Viro <viro@ftp.linux.org.uk>,
Chris Wright <chrisw@sous-sol.org>
Subject: [PATCH 2/3][RFC] security: pass mount flags to security_sb_kern_mount()
Date: Fri, 19 Dec 2008 12:06:32 +1100 (EST) [thread overview]
Message-ID: <alpine.LRH.1.10.0812191205530.4137@tundra.namei.org> (raw)
In-Reply-To: <alpine.LRH.1.10.0812191144370.4137@tundra.namei.org>
Pass mount flags to security_sb_kern_mount(), so security modules
can determine if a mount operation is being performed by the kernel.
Signed-off-by: James Morris <jmorris@namei.org>
---
fs/super.c | 2 +-
include/linux/security.h | 6 +++---
security/capability.c | 2 +-
security/security.c | 4 ++--
security/selinux/hooks.c | 2 +-
security/smack/smack_lsm.c | 3 ++-
6 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/fs/super.c b/fs/super.c
index 400a760..ddba069 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -914,7 +914,7 @@ vfs_kern_mount(struct file_system_type *type, int flags, const char *name, void
goto out_free_secdata;
BUG_ON(!mnt->mnt_sb);
- error = security_sb_kern_mount(mnt->mnt_sb, secdata);
+ error = security_sb_kern_mount(mnt->mnt_sb, flags, secdata);
if (error)
goto out_sb;
diff --git a/include/linux/security.h b/include/linux/security.h
index c13f1ce..dff563b 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1327,7 +1327,7 @@ struct security_operations {
int (*sb_alloc_security) (struct super_block *sb);
void (*sb_free_security) (struct super_block *sb);
int (*sb_copy_data) (char *orig, char *copy);
- int (*sb_kern_mount) (struct super_block *sb, void *data);
+ int (*sb_kern_mount) (struct super_block *sb, int flags, void *data);
int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
int (*sb_statfs) (struct dentry *dentry);
int (*sb_mount) (char *dev_name, struct path *path,
@@ -1596,7 +1596,7 @@ int security_bprm_secureexec(struct linux_binprm *bprm);
int security_sb_alloc(struct super_block *sb);
void security_sb_free(struct super_block *sb);
int security_sb_copy_data(char *orig, char *copy);
-int security_sb_kern_mount(struct super_block *sb, void *data);
+int security_sb_kern_mount(struct super_block *sb, int flags, void *data);
int security_sb_show_options(struct seq_file *m, struct super_block *sb);
int security_sb_statfs(struct dentry *dentry);
int security_sb_mount(char *dev_name, struct path *path,
@@ -1877,7 +1877,7 @@ static inline int security_sb_copy_data(char *orig, char *copy)
return 0;
}
-static inline int security_sb_kern_mount(struct super_block *sb, void *data)
+static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
{
return 0;
}
diff --git a/security/capability.c b/security/capability.c
index 2458748..0f6612d 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -64,7 +64,7 @@ static int cap_sb_copy_data(char *orig, char *copy)
return 0;
}
-static int cap_sb_kern_mount(struct super_block *sb, void *data)
+static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data)
{
return 0;
}
diff --git a/security/security.c b/security/security.c
index c0acfa7..5a37d79 100644
--- a/security/security.c
+++ b/security/security.c
@@ -266,9 +266,9 @@ int security_sb_copy_data(char *orig, char *copy)
}
EXPORT_SYMBOL(security_sb_copy_data);
-int security_sb_kern_mount(struct super_block *sb, void *data)
+int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
{
- return security_ops->sb_kern_mount(sb, data);
+ return security_ops->sb_kern_mount(sb, flags, data);
}
int security_sb_show_options(struct seq_file *m, struct super_block *sb)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 470763a..3897758 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2452,7 +2452,7 @@ out:
return rc;
}
-static int selinux_sb_kern_mount(struct super_block *sb, void *data)
+static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
{
struct avc_audit_data ad;
int rc;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 6e2dc0b..f23e927 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -248,11 +248,12 @@ static int smack_sb_copy_data(char *orig, char *smackopts)
/**
* smack_sb_kern_mount - Smack specific mount processing
* @sb: the file system superblock
+ * @flags: the mount flags
* @data: the smack mount options
*
* Returns 0 on success, an error code on failure
*/
-static int smack_sb_kern_mount(struct super_block *sb, void *data)
+static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
{
struct dentry *root = sb->s_root;
struct inode *inode = root->d_inode;
--
1.6.0.4
next prev parent reply other threads:[~2008-12-19 1:07 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-04 1:18 networking probs in next-20081203 Andrew Morton
2008-12-04 15:14 ` Alexey Dobriyan
2008-12-04 17:41 ` Kok, Auke
2008-12-04 17:52 ` Alexey Dobriyan
2008-12-04 18:11 ` [E1000-devel] " Stephen Smalley
2008-12-04 18:21 ` David Miller
2008-12-04 19:32 ` Stephen Smalley
2008-12-04 20:06 ` Stephen Smalley
2008-12-04 21:00 ` [E1000-devel] " Eric W. Biederman
2008-12-05 2:03 ` James Morris
2008-12-05 7:49 ` Eric W. Biederman
2008-12-05 14:12 ` Stephen Smalley
2008-12-11 10:41 ` James Morris
2008-12-12 5:24 ` Alexey Dobriyan
2008-12-12 9:26 ` James Morris
2008-12-12 9:29 ` James Morris
2008-12-12 10:51 ` Eric W. Biederman
2008-12-12 21:40 ` [E1000-devel] " James Morris
2008-12-12 21:24 ` Stephen Smalley
2008-12-15 13:28 ` James Morris
2008-12-19 1:04 ` [PATCH 0/3][RFC] Fix security and SELinux handling of proc/* filesystems James Morris
2008-12-19 1:05 ` [PATCH 1/3][RFC] SELinux: correctly detect proc filesystems of the form "proc/foo" James Morris
2008-12-19 12:29 ` David P. Quigley
2008-12-19 1:06 ` James Morris [this message]
2008-12-19 12:52 ` [PATCH 2/3][RFC] security: pass mount flags to security_sb_kern_mount() Stephen Smalley
2008-12-19 1:07 ` [PATCH 3/3][RFC] SELinux: don't check permissions for kernel mounts James Morris
2008-12-19 12:52 ` Stephen Smalley
2008-12-19 6:40 ` [PATCH 0/3][RFC] Fix security and SELinux handling of proc/* filesystems David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.LRH.1.10.0812191205530.4137@tundra.namei.org \
--to=jmorris@namei.org \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=auke-jan.h.kok@intel.com \
--cc=chrisw@sous-sol.org \
--cc=davem@davemloft.net \
--cc=e1000-devel@lists.sourceforge.net \
--cc=ebiederm@xmission.com \
--cc=eparis@parisplace.org \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.