summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2011-03-03 16:09:14 -0500
committerEric Paris <eparis@redhat.com>2011-03-03 16:12:27 -0500
commitff36fe2c845cab2102e4826c1ffa0a6ebf487c65 (patch)
treed61f4c65bc51e6455f0cb5a3d03fab41d0f83169 /security
parent2ad18bdf3b8f84c85c7da7e4de365f7c5701fb3f (diff)
downloadlwn-ff36fe2c845cab2102e4826c1ffa0a6ebf487c65.tar.gz
lwn-ff36fe2c845cab2102e4826c1ffa0a6ebf487c65.zip
LSM: Pass -o remount options to the LSM
The VFS mount code passes the mount options to the LSM. The LSM will remove options it understands from the data and the VFS will then pass the remaining options onto the underlying filesystem. This is how options like the SELinux context= work. The problem comes in that -o remount never calls into LSM code. So if you include an LSM specific option it will get passed to the filesystem and will cause the remount to fail. An example of where this is a problem is the 'seclabel' option. The SELinux LSM hook will print this word in /proc/mounts if the filesystem is being labeled using xattrs. If you pass this word on mount it will be silently stripped and ignored. But if you pass this word on remount the LSM never gets called and it will be passed to the FS. The FS doesn't know what seclabel means and thus should fail the mount. For example an ext3 fs mounted over loop # mount -o loop /tmp/fs /mnt/tmp # cat /proc/mounts | grep /mnt/tmp /dev/loop0 /mnt/tmp ext3 rw,seclabel,relatime,errors=continue,barrier=0,data=ordered 0 0 # mount -o remount /mnt/tmp mount: /mnt/tmp not mounted already, or bad option # dmesg EXT3-fs (loop0): error: unrecognized mount option "seclabel" or missing value This patch passes the remount mount options to an new LSM hook. Signed-off-by: Eric Paris <eparis@redhat.com> Reviewed-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/capability.c6
-rw-r--r--security/security.c5
2 files changed, 11 insertions, 0 deletions
diff --git a/security/capability.c b/security/capability.c
index 85b67c8632df..ab3d807accc3 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -54,6 +54,11 @@ static int cap_sb_copy_data(char *orig, char *copy)
return 0;
}
+static int cap_sb_remount(struct super_block *sb, void *data)
+{
+ return 0;
+}
+
static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data)
{
return 0;
@@ -887,6 +892,7 @@ void __init security_fixup_ops(struct security_operations *ops)
set_to_cap_if_null(ops, sb_alloc_security);
set_to_cap_if_null(ops, sb_free_security);
set_to_cap_if_null(ops, sb_copy_data);
+ set_to_cap_if_null(ops, sb_remount);
set_to_cap_if_null(ops, sb_kern_mount);
set_to_cap_if_null(ops, sb_show_options);
set_to_cap_if_null(ops, sb_statfs);
diff --git a/security/security.c b/security/security.c
index 8f28685ee0d9..b1d6134548bc 100644
--- a/security/security.c
+++ b/security/security.c
@@ -267,6 +267,11 @@ int security_sb_copy_data(char *orig, char *copy)
}
EXPORT_SYMBOL(security_sb_copy_data);
+int security_sb_remount(struct super_block *sb, void *data)
+{
+ return security_ops->sb_remount(sb, data);
+}
+
int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
{
return security_ops->sb_kern_mount(sb, flags, data);