| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LRH.1.10.0812191206380.4137@tundra.namei.org> Date: Fri, 19 Dec 2008 12:07:19 +1100 (EST) From: James Morris <jmorris@...ei.org> To: linux-security-module@...r.kernel.org cc: Alexey Dobriyan <adobriyan@...il.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, David Miller <davem@...emloft.net>, auke-jan.h.kok@...el.com, Andrew Morton <akpm@...ux-foundation.org>, e1000-devel@...ts.sourceforge.net, netdev@...r.kernel.org, Eric Paris <eparis@...isplace.org>, Stephen Smalley <sds@...ho.nsa.gov>, Al Viro <viro@....linux.org.uk>, Chris Wright <chrisw@...s-sol.org> Subject: [PATCH 3/3][RFC] SELinux: don't check permissions for kernel mounts Don't bother checking permissions when the kernel performs an internal mount, as this should always be allowed. Signed-off-by: James Morris <jmorris@...ei.org> --- security/selinux/hooks.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3897758..4a44903 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2461,6 +2461,10 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) if (rc) return rc; + /* Allow all mounts performed by the kernel */ + if (flags & MS_KERNMOUNT) + return 0; + AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.path.dentry = sb->s_root; return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad); -- 1.6.0.4 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists