Smack: Add smkfstransmute mount option

Suppliment the smkfsroot mount option with another, smkfstransmute, that does the same thing but also marks the root inode as transmutting. This allows a freshly created filesystem to be mounted with a transmutting heirarchy. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
author: Casey Schaufler <casey@schaufler-ca.com> 2013-05-22 21:43:07 -0400
committer: Casey Schaufler <casey@schaufler-ca.com> 2013-05-28 13:08:44 -0400
commit: e830b39412ca2bbedd7508243f21c04d57ad543c (patch)
tree: c5a57f28ee645df5966fc766f77a76d9163039f4 /security
parent: 2f823ff8bec03a1e6f9e11fd0c4d54e4c7d09532 (diff)
2 files changed, 21 insertions, 5 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 159f25bfcf45..339614c76e63 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -143,6 +143,7 @@ struct smk_port_label {
 #define SMK_FSFLOOR     "smackfsfloor="
 #define SMK_FSHAT       "smackfshat="
 #define SMK_FSROOT      "smackfsroot="
+#define SMK_FSTRANS     "smackfstransmute="
 #define SMACK_CIPSO_OPTION      "-CIPSO"
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 3669d9f9824e..6a083303501d 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -261,8 +261,9 @@ static int smack_sb_alloc_security(struct super_block *sb)
        sbsp->smk_default = smack_known_floor.smk_known;
        sbsp->smk_floor = smack_known_floor.smk_known;
        sbsp->smk_hat = smack_known_hat.smk_known;
-        sbsp->smk_initialized = 0;
+        /*
+         * smk_initialized will be zero from kzalloc.
+         */
        sb->s_security = sbsp;
        return 0;
@@ -306,6 +307,8 @@ static int smack_sb_copy_data(char *orig, char *smackopts)
                        dp = smackopts;
                else if (strstr(cp, SMK_FSROOT) == cp)
                        dp = smackopts;
+                else if (strstr(cp, SMK_FSTRANS) == cp)
+                        dp = smackopts;
                else
                        dp = otheropts;
@@ -341,8 +344,9 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
        char *op;
        char *commap;
        char *nsp;
+        int transmute = 0;
-        if (sp->smk_initialized != 0)
+        if (sp->smk_initialized)
                return 0;
        sp->smk_initialized = 1;
@@ -373,6 +377,13 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
                        nsp = smk_import(op, 0);
                        if (nsp != NULL)
                                sp->smk_root = nsp;
+                } else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
+                        op += strlen(SMK_FSTRANS);
+                        nsp = smk_import(op, 0);
+                        if (nsp != NULL) {
+                                sp->smk_root = nsp;
+                                transmute = 1;
+                        }
                }
        }
@@ -380,11 +391,15 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
         * Initialize the root inode.
         */
        isp = inode->i_security;
-        if (isp == NULL)
+        if (inode->i_security == NULL) {
                inode->i_security = new_inode_smack(sp->smk_root);
-        else
+                isp = inode->i_security;
+        } else
                isp->smk_inode = sp->smk_root;
+        if (transmute)
+                isp->smk_flags |= SMK_INODE_TRANSMUTE;
        return 0;
 }
author	Casey Schaufler <casey@schaufler-ca.com>	2013-05-22 21:43:07 -0400
committer	Casey Schaufler <casey@schaufler-ca.com>	2013-05-28 13:08:44 -0400
commit	e830b39412ca2bbedd7508243f21c04d57ad543c (patch)
tree	c5a57f28ee645df5966fc766f77a76d9163039f4 /security
parent	2f823ff8bec03a1e6f9e11fd0c4d54e4c7d09532 (diff)

diff --git a/security/smack/smack.h b/security/smack/smack.h index 159f25bfcf45..339614c76e63 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h
@@ -143,6 +143,7 @@ struct smk_port_label {
143	#define SMK_FSFLOOR "smackfsfloor="	143	#define SMK_FSFLOOR "smackfsfloor="
144	#define SMK_FSHAT "smackfshat="	144	#define SMK_FSHAT "smackfshat="
145	#define SMK_FSROOT "smackfsroot="	145	#define SMK_FSROOT "smackfsroot="
		146	#define SMK_FSTRANS "smackfstransmute="
146		147
147	#define SMACK_CIPSO_OPTION "-CIPSO"	148	#define SMACK_CIPSO_OPTION "-CIPSO"
148		149


diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 3669d9f9824e..6a083303501d 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c
@@ -261,8 +261,9 @@ static int smack_sb_alloc_security(struct super_block *sb)
261	sbsp->smk_default = smack_known_floor.smk_known;	261	sbsp->smk_default = smack_known_floor.smk_known;
262	sbsp->smk_floor = smack_known_floor.smk_known;	262	sbsp->smk_floor = smack_known_floor.smk_known;
263	sbsp->smk_hat = smack_known_hat.smk_known;	263	sbsp->smk_hat = smack_known_hat.smk_known;
264	sbsp->smk_initialized = 0;	264	/*
265		265	* smk_initialized will be zero from kzalloc.
		266	*/
266	sb->s_security = sbsp;	267	sb->s_security = sbsp;
267		268
268	return 0;	269	return 0;
@@ -306,6 +307,8 @@ static int smack_sb_copy_data(char orig, char smackopts)
306	dp = smackopts;	307	dp = smackopts;
307	else if (strstr(cp, SMK_FSROOT) == cp)	308	else if (strstr(cp, SMK_FSROOT) == cp)
308	dp = smackopts;	309	dp = smackopts;
		310	else if (strstr(cp, SMK_FSTRANS) == cp)
		311	dp = smackopts;
309	else	312	else
310	dp = otheropts;	313	dp = otheropts;
311		314
@@ -341,8 +344,9 @@ static int smack_sb_kern_mount(struct super_block sb, int flags, void data)
341	char *op;	344	char *op;
342	char *commap;	345	char *commap;
343	char *nsp;	346	char *nsp;
		347	int transmute = 0;
344		348
345	if (sp->smk_initialized != 0)	349	if (sp->smk_initialized)
346	return 0;	350	return 0;
347		351
348	sp->smk_initialized = 1;	352	sp->smk_initialized = 1;
@@ -373,6 +377,13 @@ static int smack_sb_kern_mount(struct super_block sb, int flags, void data)
373	nsp = smk_import(op, 0);	377	nsp = smk_import(op, 0);
374	if (nsp != NULL)	378	if (nsp != NULL)
375	sp->smk_root = nsp;	379	sp->smk_root = nsp;
		380	} else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
		381	op += strlen(SMK_FSTRANS);
		382	nsp = smk_import(op, 0);
		383	if (nsp != NULL) {
		384	sp->smk_root = nsp;
		385	transmute = 1;
		386	}
376	}	387	}
377	}	388	}
378		389
@@ -380,11 +391,15 @@ static int smack_sb_kern_mount(struct super_block sb, int flags, void data)
380	* Initialize the root inode.	391	* Initialize the root inode.
381	*/	392	*/
382	isp = inode->i_security;	393	isp = inode->i_security;
383	if (isp == NULL)	394	if (inode->i_security == NULL) {
384	inode->i_security = new_inode_smack(sp->smk_root);	395	inode->i_security = new_inode_smack(sp->smk_root);
385	else	396	isp = inode->i_security;
		397	} else
386	isp->smk_inode = sp->smk_root;	398	isp->smk_inode = sp->smk_root;
387		399
		400	if (transmute)
		401	isp->smk_flags \|= SMK_INODE_TRANSMUTE;
		402
388	return 0;	403	return 0;
389	}	404	}
390		405