aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-04-21 16:24:11 -0400
committerJames Morris <jmorris@namei.org>2008-04-21 20:00:09 -0400
commit0f5e64200f20fc8f5b759c4010082f577ab0af3f (patch)
treee59565d010a5538910a89f0c44122e802ba011a3
parente9b62693ae0a1e13ccc97a6792d9a7770c8d1b5b (diff)
SELinux: no BUG_ON(!ss_initialized) in selinux_clone_mnt_opts
The Fedora installer actually makes multiple NFS mounts before it loads selinux policy. The code in selinux_clone_mnt_opts() assumed that the init process would always be loading policy before NFS was up and running. It might be possible to hit this in a diskless environment as well, I'm not sure. There is no need to BUG_ON() in this situation since we can safely continue given the circumstances. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--security/selinux/hooks.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 1bf2543ea942..33af321f647b 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -755,9 +755,18 @@ static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
755 int set_context = (oldsbsec->flags & CONTEXT_MNT); 755 int set_context = (oldsbsec->flags & CONTEXT_MNT);
756 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT); 756 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
757 757
758 /* we can't error, we can't save the info, this shouldn't get called 758 /*
759 * this early in the boot process. */ 759 * if the parent was able to be mounted it clearly had no special lsm
760 BUG_ON(!ss_initialized); 760 * mount options. thus we can safely put this sb on the list and deal
761 * with it later
762 */
763 if (!ss_initialized) {
764 spin_lock(&sb_security_lock);
765 if (list_empty(&newsbsec->list))
766 list_add(&newsbsec->list, &superblock_security_head);
767 spin_unlock(&sb_security_lock);
768 return;
769 }
761 770
762 /* how can we clone if the old one wasn't set up?? */ 771 /* how can we clone if the old one wasn't set up?? */
763 BUG_ON(!oldsbsec->initialized); 772 BUG_ON(!oldsbsec->initialized);