LSM: Pass -o remount options to the LSM

The VFS mount code passes the mount options to the LSM. The LSM will remove options it understands from the data and the VFS will then pass the remaining options onto the underlying filesystem. This is how options like the SELinux context= work. The problem comes in that -o remount never calls into LSM code. So if you include an LSM specific option it will get passed to the filesystem and will cause the remount to fail. An example of where this is a problem is the 'seclabel' option. The SELinux LSM hook will print this word in /proc/mounts if the filesystem is being labeled using xattrs. If you pass this word on mount it will be silently stripped and ignored. But if you pass this word on remount the LSM never gets called and it will be passed to the FS. The FS doesn't know what seclabel means and thus should fail the mount. For example an ext3 fs mounted over loop # mount -o loop /tmp/fs /mnt/tmp # cat /proc/mounts | grep /mnt/tmp /dev/loop0 /mnt/tmp ext3 rw,seclabel,relatime,errors=continue,barrier=0,data=ordered 0 0 # mount -o remount /mnt/tmp mount: /mnt/tmp not mounted already, or bad option # dmesg EXT3-fs (loop0): error: unrecognized mount option "seclabel" or missing value This patch passes the remount mount options to an new LSM hook. Signed-off-by: Eric Paris <eparis@redhat.com> Reviewed-by: James Morris <jmorris@namei.org>
author: Eric Paris <eparis@redhat.com> 2011-03-03 16:09:14 -0500
committer: Eric Paris <eparis@redhat.com> 2011-03-03 16:12:27 -0500
commit: ff36fe2c845cab2102e4826c1ffa0a6ebf487c65 (patch)
tree: d61f4c65bc51e6455f0cb5a3d03fab41d0f83169 /security
parent: 2ad18bdf3b8f84c85c7da7e4de365f7c5701fb3f (diff)
2 files changed, 11 insertions, 0 deletions
diff --git a/security/capability.c b/security/capability.c
index 85b67c8632df..ab3d807accc3 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -54,6 +54,11 @@ static int cap_sb_copy_data(char *orig, char *copy)
        return 0;
 }
+static int cap_sb_remount(struct super_block *sb, void *data)
+{
+        return 0;
+}
 static int cap_sb_kern_mount(struct super_block *sb, int flags, void *data)
 {
        return 0;
@@ -887,6 +892,7 @@ void __init security_fixup_ops(struct security_operations *ops)
        set_to_cap_if_null(ops, sb_alloc_security);
        set_to_cap_if_null(ops, sb_free_security);
        set_to_cap_if_null(ops, sb_copy_data);
+        set_to_cap_if_null(ops, sb_remount);
        set_to_cap_if_null(ops, sb_kern_mount);
        set_to_cap_if_null(ops, sb_show_options);
        set_to_cap_if_null(ops, sb_statfs);
diff --git a/security/security.c b/security/security.c
index 8f28685ee0d9..b1d6134548bc 100644
--- a/security/security.c
+++ b/security/security.c
@@ -267,6 +267,11 @@ int security_sb_copy_data(char *orig, char *copy)
 }
 EXPORT_SYMBOL(security_sb_copy_data);
+int security_sb_remount(struct super_block *sb, void *data)
+{
+        return security_ops->sb_remount(sb, data);
+}
 int security_sb_kern_mount(struct super_block *sb, int flags, void *data)
 {
        return security_ops->sb_kern_mount(sb, flags, data);
author	Eric Paris <eparis@redhat.com>	2011-03-03 16:09:14 -0500
committer	Eric Paris <eparis@redhat.com>	2011-03-03 16:12:27 -0500
commit	ff36fe2c845cab2102e4826c1ffa0a6ebf487c65 (patch)
tree	d61f4c65bc51e6455f0cb5a3d03fab41d0f83169 /security
parent	2ad18bdf3b8f84c85c7da7e4de365f7c5701fb3f (diff)