[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-id: <1403095304-15368-1-git-send-email-chanho61.park@samsung.com>
Date: Wed, 18 Jun 2014 21:41:44 +0900
From: Chanho Park <chanho61.park@...sung.com>
To: casey@...aufler-ca.com
Cc: james.l.morris@...cle.com, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org,
Chanho Park <chanho61.park@...sung.com>
Subject: [PATCH] Smack: separate smackfstransmute and smackfsroot
According to previous commit(e830b39: Smack: Add smkfstransmute mount option),
the smackfstransmute option is the smackfsroot option + transmute option.
I think it can be confused because the transmute option can only have "TRUE".
Before the patch, you cannot use the smackfsroot and the smackfstransmute at
the same time. If you use the options simultaenously, the previous option will
be omitted. In the below example, the smackfsroot option will be omitted.
mount -t tmpfs -o size=128M,smackfsroot=*,smackfstransmute=_ tmpfs /tmp
After the patch, now you can use the smackfstransmute option like below:
mount -t tmpfs -o size=128M,smackfsroot=*,smackfstransmute=TRUE tmpfs /tmp
Signed-off-by: Chanho Park <chanho61.park@...sung.com>
---
Documentation/security/Smack.txt | 3 +++
security/smack/smack.h | 2 ++
security/smack/smack_lsm.c | 5 ++---
3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/Documentation/security/Smack.txt b/Documentation/security/Smack.txt
index b6ef7e9..27290d8 100644
--- a/Documentation/security/Smack.txt
+++ b/Documentation/security/Smack.txt
@@ -669,6 +669,9 @@ Smack supports some mount options:
smackfsfloor=label: specifies a label to which all labels set on the
filesystem must have read access. Not yet enforced.
+ smackfstransmute=TRUE: assign a transmute option for the root of the
+ file system if it lacks the Smack extended attribute.
+
These mount options apply to all file system types.
Smack auditing
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 020307e..d4f75e6 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -146,6 +146,8 @@ struct smk_port_label {
#define SMK_FSROOT "smackfsroot="
#define SMK_FSTRANS "smackfstransmute="
+#define SMK_FSTRANS_ON "TRUE"
+
#define SMACK_CIPSO_OPTION "-CIPSO"
/*
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index f2c3080..7d3f40d 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -450,9 +450,8 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
}
} else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
op += strlen(SMK_FSTRANS);
- nsp = smk_import(op, 0);
- if (nsp != NULL) {
- sp->smk_root = nsp;
+ if (strncmp(op, SMK_FSTRANS_ON,
+ strlen(SMK_FSTRANS_ON)) == 0) {
transmute = 1;
specified = 1;
}
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists