diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-15 11:16:48 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-15 11:16:48 -0400 |
| commit | 732b72069e77f288efa1d5245cc699d7cb98e528 (patch) | |
| tree | 5f908da2b5b9732a99cf8a8b01a13b3c33cffd5a /security/selinux/hooks.c | |
| parent | 97c7d1ea1f80f457da78b11ca638b7096a4548ee (diff) | |
| parent | 089be43e403a78cd6889cde2fba164fefe9dfd89 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
Revert "SELinux: allow fstype unknown to policy to use xattrs if present"
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 22 |
1 files changed, 5 insertions, 17 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 91200feb3f9c..63f131fc42e4 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -555,15 +555,13 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
| 555 | struct task_security_struct *tsec = current->security; | 555 | struct task_security_struct *tsec = current->security; |
| 556 | struct superblock_security_struct *sbsec = sb->s_security; | 556 | struct superblock_security_struct *sbsec = sb->s_security; |
| 557 | const char *name = sb->s_type->name; | 557 | const char *name = sb->s_type->name; |
| 558 | struct dentry *root = sb->s_root; | 558 | struct inode *inode = sbsec->sb->s_root->d_inode; |
| 559 | struct inode *root_inode = root->d_inode; | 559 | struct inode_security_struct *root_isec = inode->i_security; |
| 560 | struct inode_security_struct *root_isec = root_inode->i_security; | ||
| 561 | u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; | 560 | u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; |
| 562 | u32 defcontext_sid = 0; | 561 | u32 defcontext_sid = 0; |
| 563 | char **mount_options = opts->mnt_opts; | 562 | char **mount_options = opts->mnt_opts; |
| 564 | int *flags = opts->mnt_opts_flags; | 563 | int *flags = opts->mnt_opts_flags; |
| 565 | int num_opts = opts->num_mnt_opts; | 564 | int num_opts = opts->num_mnt_opts; |
| 566 | bool can_xattr = false; | ||
| 567 | 565 | ||
| 568 | mutex_lock(&sbsec->lock); | 566 | mutex_lock(&sbsec->lock); |
| 569 | 567 | ||
| @@ -667,24 +665,14 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
| 667 | goto out; | 665 | goto out; |
| 668 | } | 666 | } |
| 669 | 667 | ||
| 670 | if (strcmp(name, "proc") == 0) | 668 | if (strcmp(sb->s_type->name, "proc") == 0) |
| 671 | sbsec->proc = 1; | 669 | sbsec->proc = 1; |
| 672 | 670 | ||
| 673 | /* | ||
| 674 | * test if the fs supports xattrs, fs_use might make use of this if the | ||
| 675 | * fs has no definition in policy. | ||
| 676 | */ | ||
| 677 | if (root_inode->i_op->getxattr) { | ||
| 678 | rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0); | ||
| 679 | if (rc >= 0 || rc == -ENODATA) | ||
| 680 | can_xattr = true; | ||
| 681 | } | ||
| 682 | |||
| 683 | /* Determine the labeling behavior to use for this filesystem type. */ | 671 | /* Determine the labeling behavior to use for this filesystem type. */ |
| 684 | rc = security_fs_use(name, &sbsec->behavior, &sbsec->sid, can_xattr); | 672 | rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid); |
| 685 | if (rc) { | 673 | if (rc) { |
| 686 | printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n", | 674 | printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n", |
| 687 | __func__, name, rc); | 675 | __func__, sb->s_type->name, rc); |
| 688 | goto out; | 676 | goto out; |
| 689 | } | 677 | } |
| 690 | 678 | ||