diff options
author | Eric Paris <eparis@redhat.com> | 2008-04-21 16:24:11 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-04-21 20:00:09 -0400 |
commit | 0f5e64200f20fc8f5b759c4010082f577ab0af3f (patch) | |
tree | e59565d010a5538910a89f0c44122e802ba011a3 /security/selinux/hooks.c | |
parent | e9b62693ae0a1e13ccc97a6792d9a7770c8d1b5b (diff) |
SELinux: no BUG_ON(!ss_initialized) in selinux_clone_mnt_opts
The Fedora installer actually makes multiple NFS mounts before it loads
selinux policy. The code in selinux_clone_mnt_opts() assumed that the
init process would always be loading policy before NFS was up and
running. It might be possible to hit this in a diskless environment as
well, I'm not sure. There is no need to BUG_ON() in this situation
since we can safely continue given the circumstances.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1bf2543ea942..33af321f647b 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -755,9 +755,18 @@ static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb, | |||
755 | int set_context = (oldsbsec->flags & CONTEXT_MNT); | 755 | int set_context = (oldsbsec->flags & CONTEXT_MNT); |
756 | int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT); | 756 | int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT); |
757 | 757 | ||
758 | /* we can't error, we can't save the info, this shouldn't get called | 758 | /* |
759 | * this early in the boot process. */ | 759 | * if the parent was able to be mounted it clearly had no special lsm |
760 | BUG_ON(!ss_initialized); | 760 | * mount options. thus we can safely put this sb on the list and deal |
761 | * with it later | ||
762 | */ | ||
763 | if (!ss_initialized) { | ||
764 | spin_lock(&sb_security_lock); | ||
765 | if (list_empty(&newsbsec->list)) | ||
766 | list_add(&newsbsec->list, &superblock_security_head); | ||
767 | spin_unlock(&sb_security_lock); | ||
768 | return; | ||
769 | } | ||
761 | 770 | ||
762 | /* how can we clone if the old one wasn't set up?? */ | 771 | /* how can we clone if the old one wasn't set up?? */ |
763 | BUG_ON(!oldsbsec->initialized); | 772 | BUG_ON(!oldsbsec->initialized); |