lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-id: <1403095304-15368-1-git-send-email-chanho61.park@samsung.com>
Date:	Wed, 18 Jun 2014 21:41:44 +0900
From:	Chanho Park <chanho61.park@...sung.com>
To:	casey@...aufler-ca.com
Cc:	james.l.morris@...cle.com, linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Chanho Park <chanho61.park@...sung.com>
Subject: [PATCH] Smack: separate smackfstransmute and smackfsroot

According to previous commit(e830b39: Smack: Add smkfstransmute mount option),
the smackfstransmute option is the smackfsroot option + transmute option.
I think it can be confused because the transmute option can only have "TRUE".
Before the patch, you cannot use the smackfsroot and the smackfstransmute at
the same time. If you use the options simultaenously, the previous option will
be omitted. In the below example, the smackfsroot option will be omitted.
mount -t tmpfs -o size=128M,smackfsroot=*,smackfstransmute=_ tmpfs /tmp

After the patch, now you can use the smackfstransmute option like below:
mount -t tmpfs -o size=128M,smackfsroot=*,smackfstransmute=TRUE tmpfs /tmp

Signed-off-by: Chanho Park <chanho61.park@...sung.com>
---
 Documentation/security/Smack.txt | 3 +++
 security/smack/smack.h           | 2 ++
 security/smack/smack_lsm.c       | 5 ++---
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Documentation/security/Smack.txt b/Documentation/security/Smack.txt
index b6ef7e9..27290d8 100644
--- a/Documentation/security/Smack.txt
+++ b/Documentation/security/Smack.txt
@@ -669,6 +669,9 @@ Smack supports some mount options:
 	smackfsfloor=label: specifies a label to which all labels set on the
 	filesystem must have read access. Not yet enforced.
 
+	smackfstransmute=TRUE: assign a transmute option for the root of the
+	file system if it lacks the Smack extended attribute.
+
 These mount options apply to all file system types.
 
 Smack auditing
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 020307e..d4f75e6 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -146,6 +146,8 @@ struct smk_port_label {
 #define SMK_FSROOT	"smackfsroot="
 #define SMK_FSTRANS	"smackfstransmute="
 
+#define SMK_FSTRANS_ON	"TRUE"
+
 #define SMACK_CIPSO_OPTION 	"-CIPSO"
 
 /*
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index f2c3080..7d3f40d 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -450,9 +450,8 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
 			}
 		} else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
 			op += strlen(SMK_FSTRANS);
-			nsp = smk_import(op, 0);
-			if (nsp != NULL) {
-				sp->smk_root = nsp;
+			if (strncmp(op, SMK_FSTRANS_ON,
+				    strlen(SMK_FSTRANS_ON)) == 0) {
 				transmute = 1;
 				specified = 1;
 			}
-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ