Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-22 12:11:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

LSM: split ->sb_set_mnt_opts() out of ->sb_kern_mount()

Browse Source 
... leaving the "is it kernel-internal" logics in the caller.

Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro 2018-12-05 11:58:35 -05:00
parent f5c0c26d90
commit a10d7c22b3
6 changed files with 13 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
fs/super.c
View File

@ -1275,10 +1275,16 @@ mount_fs(struct file_system_type *type, int flags, const char *name, void *data)
smp_wmb(); smp_wmb();
sb->s_flags |= SB_BORN; sb->s_flags |= SB_BORN;
error = security_sb_kern_mount(sb, flags, &opts); error = security_sb_set_mnt_opts(sb, &opts, 0, NULL);
if (error) if (error)
goto out_sb; goto out_sb;
if (!(flags & MS_KERNMOUNT)) {
error = security_sb_kern_mount(sb);
if (error)
goto out_sb;
}
/* /*
* filesystems should never set s_maxbytes larger than MAX_LFS_FILESIZE * filesystems should never set s_maxbytes larger than MAX_LFS_FILESIZE
* but s_maxbytes was an unsigned long long for many releases. Throw * but s_maxbytes was an unsigned long long for many releases. Throw

3
include/linux/lsm_hooks.h
View File

@ -1464,8 +1464,7 @@ union security_list_options {
int (*sb_copy_data)(char *orig, char *copy); int (*sb_copy_data)(char *orig, char *copy);
int (*sb_remount)(struct super_block *sb, int (*sb_remount)(struct super_block *sb,
struct security_mnt_opts *opts); struct security_mnt_opts *opts);
int (*sb_kern_mount)(struct super_block *sb, int flags, int (*sb_kern_mount)(struct super_block *sb);
struct security_mnt_opts *opts);
int (*sb_show_options)(struct seq_file *m, struct super_block *sb); int (*sb_show_options)(struct seq_file *m, struct super_block *sb);
int (*sb_statfs)(struct dentry *dentry); int (*sb_statfs)(struct dentry *dentry);
int (*sb_mount)(const char *dev_name, const struct path *path, int (*sb_mount)(const char *dev_name, const struct path *path,

6
include/linux/security.h
View File

@ -250,8 +250,7 @@ int security_sb_alloc(struct super_block *sb);
void security_sb_free(struct super_block *sb); void security_sb_free(struct super_block *sb);
int security_sb_eat_lsm_opts(char *options, struct security_mnt_opts *opts); int security_sb_eat_lsm_opts(char *options, struct security_mnt_opts *opts);
int security_sb_remount(struct super_block *sb, struct security_mnt_opts *opts); int security_sb_remount(struct super_block *sb, struct security_mnt_opts *opts);
int security_sb_kern_mount(struct super_block *sb, int flags, int security_sb_kern_mount(struct super_block *sb);
struct security_mnt_opts *opts);
int security_sb_show_options(struct seq_file *m, struct super_block *sb); int security_sb_show_options(struct seq_file *m, struct super_block *sb);
int security_sb_statfs(struct dentry *dentry); int security_sb_statfs(struct dentry *dentry);
int security_sb_mount(const char *dev_name, const struct path *path, int security_sb_mount(const char *dev_name, const struct path *path,
@ -568,8 +567,7 @@ static inline int security_sb_remount(struct super_block *sb,
return 0; return 0;
} }
static inline int security_sb_kern_mount(struct super_block *sb, int flags, static inline int security_sb_kern_mount(struct super_block *sb)
struct security_mnt_opts *opts)
{ {
return 0; return 0;
} }

5
security/security.c
View File

@ -405,10 +405,9 @@ int security_sb_remount(struct super_block *sb,
return call_int_hook(sb_remount, 0, sb, opts); return call_int_hook(sb_remount, 0, sb, opts);
} }
int security_sb_kern_mount(struct super_block *sb, int flags, int security_sb_kern_mount(struct super_block *sb)
struct security_mnt_opts *opts)
{ {
return call_int_hook(sb_kern_mount, 0, sb, flags, opts); return call_int_hook(sb_kern_mount, 0, sb);
} }
int security_sb_show_options(struct seq_file *m, struct super_block *sb) int security_sb_show_options(struct seq_file *m, struct super_block *sb)

10
security/selinux/hooks.c
View File

@ -2874,18 +2874,10 @@ out_bad_option:
return -EINVAL; return -EINVAL;
} }
static int selinux_sb_kern_mount(struct super_block *sb, int flags, static int selinux_sb_kern_mount(struct super_block *sb)
struct security_mnt_opts *opts)
{ {
const struct cred *cred = current_cred(); const struct cred *cred = current_cred();
struct common_audit_data ad; struct common_audit_data ad;
int rc = selinux_set_mnt_opts(sb, opts, 0, NULL);
if (rc)
return rc;
/* Allow all mounts performed by the kernel */
if (flags & MS_KERNMOUNT)
return 0;
ad.type = LSM_AUDIT_DATA_DENTRY; ad.type = LSM_AUDIT_DATA_DENTRY;
ad.u.dentry = sb->s_root; ad.u.dentry = sb->s_root;

15
security/smack/smack_lsm.c
View File

@ -851,20 +851,6 @@ static int smack_set_mnt_opts(struct super_block *sb,
return 0; return 0;
} }
/**
* smack_sb_kern_mount - Smack specific mount processing
* @sb: the file system superblock
* @flags: the mount flags
* @data: the smack mount options
*
* Returns 0 on success, an error code on failure
*/
static int smack_sb_kern_mount(struct super_block *sb, int flags,
struct security_mnt_opts *opts)
{
return smack_set_mnt_opts(sb, opts, 0, NULL);
}
/** /**
* smack_sb_statfs - Smack check on statfs * smack_sb_statfs - Smack check on statfs
* @dentry: identifies the file system in question * @dentry: identifies the file system in question
@ -4652,7 +4638,6 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
LSM_HOOK_INIT(sb_free_security, smack_sb_free_security), LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
LSM_HOOK_INIT(sb_copy_data, smack_sb_copy_data), LSM_HOOK_INIT(sb_copy_data, smack_sb_copy_data),
LSM_HOOK_INIT(sb_kern_mount, smack_sb_kern_mount),
LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts), LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
LSM_HOOK_INIT(sb_parse_opts_str, smack_parse_opts_str), LSM_HOOK_INIT(sb_parse_opts_str, smack_parse_opts_str),