diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-01-05 16:25:58 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-01-05 16:25:58 -0500 |
| commit | 505b050fdf42097883b2d37b8e796e1f11dbef50 (patch) | |
| tree | 21f5b43505a5771d13533ac675c785a9bf480fdc /security/security.c | |
| parent | 9b286efeb5eb5aaa2712873fc1f928b2f879dbde (diff) | |
| parent | 718c43038f287e843c2f63d946977de90014cb11 (diff) | |
Merge branch 'mount.part1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs mount API prep from Al Viro:
"Mount API prereqs.
Mostly that's LSM mount options cleanups. There are several minor
fixes in there, but nothing earth-shattering (leaks on failure exits,
mostly)"
* 'mount.part1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (27 commits)
mount_fs: suppress MAC on MS_SUBMOUNT as well as MS_KERNMOUNT
smack: rewrite smack_sb_eat_lsm_opts()
smack: get rid of match_token()
smack: take the guts of smack_parse_opts_str() into a new helper
LSM: new method: ->sb_add_mnt_opt()
selinux: rewrite selinux_sb_eat_lsm_opts()
selinux: regularize Opt_... names a bit
selinux: switch away from match_token()
selinux: new helper - selinux_add_opt()
LSM: bury struct security_mnt_opts
smack: switch to private smack_mnt_opts
selinux: switch to private struct selinux_mnt_opts
LSM: hide struct security_mnt_opts from any generic code
selinux: kill selinux_sb_get_mnt_opts()
LSM: turn sb_eat_lsm_opts() into a method
nfs_remount(): don't leak, don't ignore LSM options quietly
btrfs: sanitize security_mnt_opts use
selinux; don't open-code a loop in sb_finish_set_opts()
LSM: split ->sb_set_mnt_opts() out of ->sb_kern_mount()
new helper: security_sb_eat_lsm_opts()
...
Diffstat (limited to 'security/security.c')
| -rw-r--r-- | security/security.c | 39 |
1 files changed, 26 insertions, 13 deletions
diff --git a/security/security.c b/security/security.c index d670136dda2c..f1b8d2587639 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -384,20 +384,31 @@ void security_sb_free(struct super_block *sb) | |||
| 384 | call_void_hook(sb_free_security, sb); | 384 | call_void_hook(sb_free_security, sb); |
| 385 | } | 385 | } |
| 386 | 386 | ||
| 387 | int security_sb_copy_data(char *orig, char *copy) | 387 | void security_free_mnt_opts(void **mnt_opts) |
| 388 | { | 388 | { |
| 389 | return call_int_hook(sb_copy_data, 0, orig, copy); | 389 | if (!*mnt_opts) |
| 390 | return; | ||
| 391 | call_void_hook(sb_free_mnt_opts, *mnt_opts); | ||
| 392 | *mnt_opts = NULL; | ||
| 393 | } | ||
| 394 | EXPORT_SYMBOL(security_free_mnt_opts); | ||
| 395 | |||
| 396 | int security_sb_eat_lsm_opts(char *options, void **mnt_opts) | ||
| 397 | { | ||
| 398 | return call_int_hook(sb_eat_lsm_opts, 0, options, mnt_opts); | ||
| 390 | } | 399 | } |
| 391 | EXPORT_SYMBOL(security_sb_copy_data); | 400 | EXPORT_SYMBOL(security_sb_eat_lsm_opts); |
| 392 | 401 | ||
| 393 | int security_sb_remount(struct super_block *sb, void *data) | 402 | int security_sb_remount(struct super_block *sb, |
| 403 | void *mnt_opts) | ||
| 394 | { | 404 | { |
| 395 | return call_int_hook(sb_remount, 0, sb, data); | 405 | return call_int_hook(sb_remount, 0, sb, mnt_opts); |
| 396 | } | 406 | } |
| 407 | EXPORT_SYMBOL(security_sb_remount); | ||
| 397 | 408 | ||
| 398 | int security_sb_kern_mount(struct super_block *sb, int flags, void *data) | 409 | int security_sb_kern_mount(struct super_block *sb) |
| 399 | { | 410 | { |
| 400 | return call_int_hook(sb_kern_mount, 0, sb, flags, data); | 411 | return call_int_hook(sb_kern_mount, 0, sb); |
| 401 | } | 412 | } |
| 402 | 413 | ||
| 403 | int security_sb_show_options(struct seq_file *m, struct super_block *sb) | 414 | int security_sb_show_options(struct seq_file *m, struct super_block *sb) |
| @@ -427,13 +438,13 @@ int security_sb_pivotroot(const struct path *old_path, const struct path *new_pa | |||
| 427 | } | 438 | } |
| 428 | 439 | ||
| 429 | int security_sb_set_mnt_opts(struct super_block *sb, | 440 | int security_sb_set_mnt_opts(struct super_block *sb, |
| 430 | struct security_mnt_opts *opts, | 441 | void *mnt_opts, |
| 431 | unsigned long kern_flags, | 442 | unsigned long kern_flags, |
| 432 | unsigned long *set_kern_flags) | 443 | unsigned long *set_kern_flags) |
| 433 | { | 444 | { |
| 434 | return call_int_hook(sb_set_mnt_opts, | 445 | return call_int_hook(sb_set_mnt_opts, |
| 435 | opts->num_mnt_opts ? -EOPNOTSUPP : 0, sb, | 446 | mnt_opts ? -EOPNOTSUPP : 0, sb, |
| 436 | opts, kern_flags, set_kern_flags); | 447 | mnt_opts, kern_flags, set_kern_flags); |
| 437 | } | 448 | } |
| 438 | EXPORT_SYMBOL(security_sb_set_mnt_opts); | 449 | EXPORT_SYMBOL(security_sb_set_mnt_opts); |
| 439 | 450 | ||
| @@ -447,11 +458,13 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb, | |||
| 447 | } | 458 | } |
| 448 | EXPORT_SYMBOL(security_sb_clone_mnt_opts); | 459 | EXPORT_SYMBOL(security_sb_clone_mnt_opts); |
| 449 | 460 | ||
| 450 | int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts) | 461 | int security_add_mnt_opt(const char *option, const char *val, int len, |
| 462 | void **mnt_opts) | ||
| 451 | { | 463 | { |
| 452 | return call_int_hook(sb_parse_opts_str, 0, options, opts); | 464 | return call_int_hook(sb_add_mnt_opt, -EINVAL, |
| 465 | option, val, len, mnt_opts); | ||
| 453 | } | 466 | } |
| 454 | EXPORT_SYMBOL(security_sb_parse_opts_str); | 467 | EXPORT_SYMBOL(security_add_mnt_opt); |
| 455 | 468 | ||
| 456 | int security_inode_alloc(struct inode *inode) | 469 | int security_inode_alloc(struct inode *inode) |
| 457 | { | 470 | { |