diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2018-12-01 22:42:44 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2018-12-21 11:45:30 -0500 |
| commit | 6be8750b4cba8c37170f46b29841d112f1be749b (patch) | |
| tree | 0b3386c080d73fc666afcdcd1db5290b990af349 /fs/super.c | |
| parent | 6466f3d193a99426db067855345e763de2160f1c (diff) | |
LSM: lift parsing LSM options into the caller of ->sb_kern_mount()
This paves the way for retaining the LSM options from a common filesystem
mount context during a mount parameter parsing phase to be instituted prior
to actual mount/reconfiguration actions.
Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs/super.c')
| -rw-r--r-- | fs/super.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/fs/super.c b/fs/super.c index 6654de035893..8d9c9199832d 100644 --- a/fs/super.c +++ b/fs/super.c | |||
| @@ -1246,17 +1246,26 @@ mount_fs(struct file_system_type *type, int flags, const char *name, void *data) | |||
| 1246 | { | 1246 | { |
| 1247 | struct dentry *root; | 1247 | struct dentry *root; |
| 1248 | struct super_block *sb; | 1248 | struct super_block *sb; |
| 1249 | char *secdata = NULL; | ||
| 1250 | int error = -ENOMEM; | 1249 | int error = -ENOMEM; |
| 1250 | struct security_mnt_opts opts; | ||
| 1251 | |||
| 1252 | security_init_mnt_opts(&opts); | ||
| 1251 | 1253 | ||
| 1252 | if (data && !(type->fs_flags & FS_BINARY_MOUNTDATA)) { | 1254 | if (data && !(type->fs_flags & FS_BINARY_MOUNTDATA)) { |
| 1253 | secdata = alloc_secdata(); | 1255 | char *secdata = alloc_secdata(); |
| 1254 | if (!secdata) | 1256 | if (!secdata) |
| 1255 | goto out; | 1257 | return ERR_PTR(-ENOMEM); |
| 1256 | 1258 | ||
| 1257 | error = security_sb_copy_data(data, secdata); | 1259 | error = security_sb_copy_data(data, secdata); |
| 1260 | if (error) { | ||
| 1261 | free_secdata(secdata); | ||
| 1262 | return ERR_PTR(error); | ||
| 1263 | } | ||
| 1264 | |||
| 1265 | error = security_sb_parse_opts_str(secdata, &opts); | ||
| 1266 | free_secdata(secdata); | ||
| 1258 | if (error) | 1267 | if (error) |
| 1259 | goto out_free_secdata; | 1268 | return ERR_PTR(error); |
| 1260 | } | 1269 | } |
| 1261 | 1270 | ||
| 1262 | root = type->mount(type, flags, name, data); | 1271 | root = type->mount(type, flags, name, data); |
| @@ -1277,7 +1286,7 @@ mount_fs(struct file_system_type *type, int flags, const char *name, void *data) | |||
| 1277 | smp_wmb(); | 1286 | smp_wmb(); |
| 1278 | sb->s_flags |= SB_BORN; | 1287 | sb->s_flags |= SB_BORN; |
| 1279 | 1288 | ||
| 1280 | error = security_sb_kern_mount(sb, flags, secdata); | 1289 | error = security_sb_kern_mount(sb, flags, &opts); |
| 1281 | if (error) | 1290 | if (error) |
| 1282 | goto out_sb; | 1291 | goto out_sb; |
| 1283 | 1292 | ||
| @@ -1291,14 +1300,13 @@ mount_fs(struct file_system_type *type, int flags, const char *name, void *data) | |||
| 1291 | "negative value (%lld)\n", type->name, sb->s_maxbytes); | 1300 | "negative value (%lld)\n", type->name, sb->s_maxbytes); |
| 1292 | 1301 | ||
| 1293 | up_write(&sb->s_umount); | 1302 | up_write(&sb->s_umount); |
| 1294 | free_secdata(secdata); | 1303 | security_free_mnt_opts(&opts); |
| 1295 | return root; | 1304 | return root; |
| 1296 | out_sb: | 1305 | out_sb: |
| 1297 | dput(root); | 1306 | dput(root); |
| 1298 | deactivate_locked_super(sb); | 1307 | deactivate_locked_super(sb); |
| 1299 | out_free_secdata: | 1308 | out_free_secdata: |
| 1300 | free_secdata(secdata); | 1309 | security_free_mnt_opts(&opts); |
| 1301 | out: | ||
| 1302 | return ERR_PTR(error); | 1310 | return ERR_PTR(error); |
| 1303 | } | 1311 | } |
| 1304 | 1312 | ||