summaryrefslogtreecommitdiffstats
path: root/include/linux/security.h
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2011-03-03 16:09:14 -0500
committerEric Paris <eparis@redhat.com>2011-03-03 16:12:27 -0500
commitff36fe2c845cab2102e4826c1ffa0a6ebf487c65 (patch)
treed61f4c65bc51e6455f0cb5a3d03fab41d0f83169 /include/linux/security.h
parent2ad18bdf3b8f84c85c7da7e4de365f7c5701fb3f (diff)
downloadop-kernel-dev-ff36fe2c845cab2102e4826c1ffa0a6ebf487c65.zip
op-kernel-dev-ff36fe2c845cab2102e4826c1ffa0a6ebf487c65.tar.gz
LSM: Pass -o remount options to the LSM
The VFS mount code passes the mount options to the LSM. The LSM will remove options it understands from the data and the VFS will then pass the remaining options onto the underlying filesystem. This is how options like the SELinux context= work. The problem comes in that -o remount never calls into LSM code. So if you include an LSM specific option it will get passed to the filesystem and will cause the remount to fail. An example of where this is a problem is the 'seclabel' option. The SELinux LSM hook will print this word in /proc/mounts if the filesystem is being labeled using xattrs. If you pass this word on mount it will be silently stripped and ignored. But if you pass this word on remount the LSM never gets called and it will be passed to the FS. The FS doesn't know what seclabel means and thus should fail the mount. For example an ext3 fs mounted over loop # mount -o loop /tmp/fs /mnt/tmp # cat /proc/mounts | grep /mnt/tmp /dev/loop0 /mnt/tmp ext3 rw,seclabel,relatime,errors=continue,barrier=0,data=ordered 0 0 # mount -o remount /mnt/tmp mount: /mnt/tmp not mounted already, or bad option # dmesg EXT3-fs (loop0): error: unrecognized mount option "seclabel" or missing value This patch passes the remount mount options to an new LSM hook. Signed-off-by: Eric Paris <eparis@redhat.com> Reviewed-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h13
1 files changed, 13 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 14167f2..d11ac43 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -268,6 +268,12 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* @orig the original mount data copied from userspace.
* @copy copied data which will be passed to the security module.
* Returns 0 if the copy was successful.
+ * @sb_remount:
+ * Extracts security system specifc mount options and verifys no changes
+ * are being made to those options.
+ * @sb superblock being remounted
+ * @data contains the filesystem-specific data.
+ * Return 0 if permission is granted.
* @sb_umount:
* Check permission before the @mnt file system is unmounted.
* @mnt contains the mounted file system.
@@ -1394,6 +1400,7 @@ struct security_operations {
int (*sb_alloc_security) (struct super_block *sb);
void (*sb_free_security) (struct super_block *sb);
int (*sb_copy_data) (char *orig, char *copy);
+ int (*sb_remount) (struct super_block *sb, void *data);
int (*sb_kern_mount) (struct super_block *sb, int flags, void *data);
int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
int (*sb_statfs) (struct dentry *dentry);
@@ -1676,6 +1683,7 @@ int security_bprm_secureexec(struct linux_binprm *bprm);
int security_sb_alloc(struct super_block *sb);
void security_sb_free(struct super_block *sb);
int security_sb_copy_data(char *orig, char *copy);
+int security_sb_remount(struct super_block *sb, void *data);
int security_sb_kern_mount(struct super_block *sb, int flags, void *data);
int security_sb_show_options(struct seq_file *m, struct super_block *sb);
int security_sb_statfs(struct dentry *dentry);
@@ -1955,6 +1963,11 @@ static inline int security_sb_copy_data(char *orig, char *copy)
return 0;
}
+static inline int security_sb_remount(struct super_block *sb, void *data)
+{
+ return 0;
+}
+
static inline int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
{
return 0;
OpenPOWER on IntegriCloud