diff options
author | Eric Paris <eparis@redhat.com> | 2008-03-05 14:20:18 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-03-06 08:40:59 +1100 |
commit | f9c3a3802119a2d30f3e4a69aef30a81e09d0209 (patch) | |
tree | e777be38afbbec60e3c366169395b9fca7226540 /fs/nfs/internal.h | |
parent | e0007529893c1c064be90bd21422ca0da4a0198e (diff) | |
download | op-kernel-dev-f9c3a3802119a2d30f3e4a69aef30a81e09d0209.zip op-kernel-dev-f9c3a3802119a2d30f3e4a69aef30a81e09d0209.tar.gz |
NFS: use new LSM interfaces to explicitly set mount options
NFS and SELinux worked together previously because SELinux had NFS
specific knowledge built in. This design was approved by both groups
back in 2004 but the recent NFS changes to use nfs_parsed_mount_data and
the usage of nfs_clone_mount_data showed this to be a poor fragile
solution. This patch fixes the NFS functionality regression by making
use of the new LSM interfaces to allow an FS to explicitly set its own
mount options.
The explicit setting of mount options is done in the nfs get_sb
functions which are called before the generic vfs hooks try to set mount
options for filesystems which use text mount data.
This does not currently support NFSv4 as that functionality did not
exist in previous kernels and thus there is no regression. I will be
adding the needed code, which I believe to be the exact same as the v3
code, in nfs4_get_sb for 2.6.26.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/nfs/internal.h')
-rw-r--r-- | fs/nfs/internal.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h index 0f56196..9319927 100644 --- a/fs/nfs/internal.h +++ b/fs/nfs/internal.h @@ -3,6 +3,7 @@ */ #include <linux/mount.h> +#include <linux/security.h> struct nfs_string; @@ -57,6 +58,8 @@ struct nfs_parsed_mount_data { char *export_path; int protocol; } nfs_server; + + struct security_mnt_opts lsm_opts; }; /* client.c */ |