summaryrefslogtreecommitdiff
path: root/fs/nfs/internal.h
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-03-05 14:20:18 -0500
committerJames Morris <jmorris@namei.org>2008-03-06 08:40:59 +1100
commitf9c3a3802119a2d30f3e4a69aef30a81e09d0209 (patch)
treee777be38afbbec60e3c366169395b9fca7226540 /fs/nfs/internal.h
parente0007529893c1c064be90bd21422ca0da4a0198e (diff)
downloadlwn-f9c3a3802119a2d30f3e4a69aef30a81e09d0209.tar.gz
lwn-f9c3a3802119a2d30f3e4a69aef30a81e09d0209.zip
NFS: use new LSM interfaces to explicitly set mount options
NFS and SELinux worked together previously because SELinux had NFS specific knowledge built in. This design was approved by both groups back in 2004 but the recent NFS changes to use nfs_parsed_mount_data and the usage of nfs_clone_mount_data showed this to be a poor fragile solution. This patch fixes the NFS functionality regression by making use of the new LSM interfaces to allow an FS to explicitly set its own mount options. The explicit setting of mount options is done in the nfs get_sb functions which are called before the generic vfs hooks try to set mount options for filesystems which use text mount data. This does not currently support NFSv4 as that functionality did not exist in previous kernels and thus there is no regression. I will be adding the needed code, which I believe to be the exact same as the v3 code, in nfs4_get_sb for 2.6.26. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/nfs/internal.h')
-rw-r--r--fs/nfs/internal.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h
index 0f5619611b8d..931992763e68 100644
--- a/fs/nfs/internal.h
+++ b/fs/nfs/internal.h
@@ -3,6 +3,7 @@
*/
#include <linux/mount.h>
+#include <linux/security.h>
struct nfs_string;
@@ -57,6 +58,8 @@ struct nfs_parsed_mount_data {
char *export_path;
int protocol;
} nfs_server;
+
+ struct security_mnt_opts lsm_opts;
};
/* client.c */