diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2012-02-29 21:53:22 +0900 |
|---|---|---|
| committer | James Morris <james.l.morris@oracle.com> | 2012-03-01 10:23:19 +1100 |
| commit | df91e49477a9be15921cb2854e1d12a3bdb5e425 (patch) | |
| tree | 8408a7d2a432a206070ac01b2939fefcdce9ca13 /security/keys | |
| parent | a69f15890292b5449f9056b4bb322b044e6ce0c6 (diff) | |
| download | op-kernel-dev-df91e49477a9be15921cb2854e1d12a3bdb5e425.zip op-kernel-dev-df91e49477a9be15921cb2854e1d12a3bdb5e425.tar.gz | |
TOMOYO: Fix mount flags checking order.
Userspace can pass in arbitrary combinations of MS_* flags to mount().
If both MS_BIND and one of MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE are
passed, device name which should be checked for MS_BIND was not checked because
MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE had higher priority than MS_BIND.
If both one of MS_BIND/MS_MOVE and MS_REMOUNT are passed, device name which
should not be checked for MS_REMOUNT was checked because MS_BIND/MS_MOVE had
higher priority than MS_REMOUNT.
Fix these bugs by changing priority to MS_REMOUNT -> MS_BIND ->
MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE -> MS_MOVE as with do_mount() does.
Also, unconditionally return -EINVAL if more than one of
MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE is passed so that TOMOYO will not
generate inaccurate audit logs, for commit 7a2e8a8f "VFS: Sanity check mount
flags passed to change_mnt_propagation()" clarified that these flags must be
exclusively passed.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security/keys')
0 files changed, 0 insertions, 0 deletions
