lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Dec 2008 07:52:35 -0500 From: Stephen Smalley <sds@...ho.nsa.gov> To: James Morris <jmorris@...ei.org> Cc: linux-security-module@...r.kernel.org, Alexey Dobriyan <adobriyan@...il.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, David Miller <davem@...emloft.net>, auke-jan.h.kok@...el.com, Andrew Morton <akpm@...ux-foundation.org>, e1000-devel@...ts.sourceforge.net, netdev@...r.kernel.org, Eric Paris <eparis@...isplace.org>, Al Viro <viro@....linux.org.uk>, Chris Wright <chrisw@...s-sol.org> Subject: Re: [PATCH 2/3][RFC] security: pass mount flags to security_sb_kern_mount() On Fri, 2008-12-19 at 12:06 +1100, James Morris wrote: > Pass mount flags to security_sb_kern_mount(), so security modules > can determine if a mount operation is being performed by the kernel. > > Signed-off-by: James Morris <jmorris@...ei.org> Acked-by: Stephen Smalley <sds@...ho.nsa.gov> > --- > fs/super.c | 2 +- > include/linux/security.h | 6 +++--- > security/capability.c | 2 +- > security/security.c | 4 ++-- > security/selinux/hooks.c | 2 +- > security/smack/smack_lsm.c | 3 ++- > 6 files changed, 10 insertions(+), 9 deletions(-) > > diff --git a/fs/super.c b/fs/super.c > index 400a760..ddba069 100644 > --- a/fs/super.c > +++ b/fs/super.c > @@ -914,7 +914,7 @@ vfs_kern_mount(struct file_system_type *type, int flags, const char *name, void > goto out_free_secdata; > BUG_ON(!mnt->mnt_sb); > > - error = security_sb_kern_mount(mnt->mnt_sb, secdata); > + error = security_sb_kern_mount(mnt->mnt_sb, flags, secdata); > if (error) > goto out_sb; > > diff --git a/include/linux/security.h b/include/linux/security.h > index c13f1ce..dff563b 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -1327,7 +1327,7 @@ struct security_operations { > int (*sb_alloc_security) (struct super_block *sb); > void (*sb_free_security) (struct super_block *sb); > int (*sb_copy_data) (char *orig, char *copy); > - int (*sb_kern_mount) (struct super_block *sb, void *data); > + int (*sb_kern_mount) (struct super_block *sb, int flags, void *data); > int (*sb_show_options) (struct seq_file *m, struct super_block *sb); > int (*sb_statfs) (struct dentry *dentry); > int (*sb_mount) (char *dev_name, struct path *path, > @@ -1596,7 +1596,7 @@ int security_bprm_secureexec(struct linux_binprm *bprm); > int security_sb_alloc(struct super_block *sb); > void security_sb_free(struct super_block *sb); > int security_sb_copy_data(char *orig, char *copy); > -int security_sb_kern_mount(struct super_block *sb, void *data); > +int security_sb_kern_mount(struct super_block *sb, int flags, void *data); > int security_sb_show_options(struct seq_file *m, struct super_block *sb); > int security_sb_statfs(struct dentry *dentry); > int security_sb_mount(char *dev_name, struct path *path, > @@ -1877,7 +1877,7 @@ static inline int security_sb_copy_data(char *orig, char *copy) > return 0; > } > > -static inline int security_sb_kern_mount(struct super_block *sb, void *data) > +static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data) > { > return 0; > } > diff --git a/security/capability.c b/security/capability.c > index 2458748..0f6612d 100644 > --- a/security/capability.c > +++ b/security/capability.c > @@ -64,7 +64,7 @@ static int cap_sb_copy_data(char *orig, char *copy) > return 0; > } > > -static int cap_sb_kern_mount(struct super_block *sb, void *data) > +static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data) > { > return 0; > } > diff --git a/security/security.c b/security/security.c > index c0acfa7..5a37d79 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -266,9 +266,9 @@ int security_sb_copy_data(char *orig, char *copy) > } > EXPORT_SYMBOL(security_sb_copy_data); > > -int security_sb_kern_mount(struct super_block *sb, void *data) > +int security_sb_kern_mount(struct super_block *sb, int flags, void *data) > { > - return security_ops->sb_kern_mount(sb, data); > + return security_ops->sb_kern_mount(sb, flags, data); > } > > int security_sb_show_options(struct seq_file *m, struct super_block *sb) > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 470763a..3897758 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -2452,7 +2452,7 @@ out: > return rc; > } > > -static int selinux_sb_kern_mount(struct super_block *sb, void *data) > +static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) > { > struct avc_audit_data ad; > int rc; > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index 6e2dc0b..f23e927 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -248,11 +248,12 @@ static int smack_sb_copy_data(char *orig, char *smackopts) > /** > * smack_sb_kern_mount - Smack specific mount processing > * @sb: the file system superblock > + * @flags: the mount flags > * @data: the smack mount options > * > * Returns 0 on success, an error code on failure > */ > -static int smack_sb_kern_mount(struct super_block *sb, void *data) > +static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) > { > struct dentry *root = sb->s_root; > struct inode *inode = root->d_inode; -- Stephen Smalley National Security Agency -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists