1 files changed, 36 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index ac050830a873..cbd970a735f2 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -34,6 +34,12 @@
 #include <linux/xfrm.h>
 #include <net/flow.h>
+/* only a char in selinux superblock security struct flags */
+#define FSCONTEXT_MNT           0x01
+#define CONTEXT_MNT             0x02
+#define ROOTCONTEXT_MNT         0x04
+#define DEFCONTEXT_MNT          0x08
 /*
 * Bounding set
 */
@@ -261,6 +267,22 @@ struct request_sock;
 *      Update module state after a successful pivot.
 *      @old_nd contains the nameidata structure for the old root.
 *      @new_nd contains the nameidata structure for the new root.
+ * @sb_get_mnt_opts:
+ *      Get the security relevant mount options used for a superblock
+ *      @sb the superblock to get security mount options from
+ *      @mount_options array for pointers to mount options
+ *      @mount_flags array of ints specifying what each mount options is
+ *      @num_opts number of options in the arrays
+ * @sb_set_mnt_opts:
+ *      Set the security relevant mount options used for a superblock
+ *      @sb the superblock to set security mount options for
+ *      @mount_options array for pointers to mount options
+ *      @mount_flags array of ints specifying what each mount options is
+ *      @num_opts number of options in the arrays
+ * @sb_clone_mnt_opts:
+ *      Copy all security options from a given superblock to another
+ *      @oldsb old superblock which contain information to clone
+ *      @newsb new superblock which needs filled in
 *
 * Security hooks for inode operations.
 *
@@ -1242,6 +1264,13 @@ struct security_operations {
                             struct nameidata * new_nd);
        void (*sb_post_pivotroot) (struct nameidata * old_nd,
                                   struct nameidata * new_nd);
+        int (*sb_get_mnt_opts) (const struct super_block *sb,
+                                char ***mount_options, int **flags,
+                                int *num_opts);
+        int (*sb_set_mnt_opts) (struct super_block *sb, char **mount_options,
+                                int *flags, int num_opts);
+        void (*sb_clone_mnt_opts) (const struct super_block *oldsb,
+                                   struct super_block *newsb);
        int (*inode_alloc_security) (struct inode *inode);      
        void (*inode_free_security) (struct inode *inode);
@@ -1499,6 +1528,13 @@ void security_sb_post_mountroot(void);
 void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd);
 int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
 void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
+int security_sb_get_mnt_opts(const struct super_block *sb, char ***mount_options,
+                             int **flags, int *num_opts);
+int security_sb_set_mnt_opts(struct super_block *sb, char **mount_options,
+                             int *flags, int num_opts);
+void security_sb_clone_mnt_opts(const struct super_block *oldsb,
+                                struct super_block *newsb);
 int security_inode_alloc(struct inode *inode);
 void security_inode_free(struct inode *inode);
 int security_inode_init_security(struct inode *inode, struct inode *dir,

diff --git a/include/linux/security.h b/include/linux/security.h index ac050830a873..cbd970a735f2 100644 --- a/include/linux/security.h +++ b/include/linux/security.h
@@ -34,6 +34,12 @@
34	#include <linux/xfrm.h>	34	#include <linux/xfrm.h>
35	#include <net/flow.h>	35	#include <net/flow.h>
36		36
		37	/* only a char in selinux superblock security struct flags */
		38	#define FSCONTEXT_MNT 0x01
		39	#define CONTEXT_MNT 0x02
		40	#define ROOTCONTEXT_MNT 0x04
		41	#define DEFCONTEXT_MNT 0x08
		42
37	/*	43	/*
38	* Bounding set	44	* Bounding set
39	*/	45	*/
@@ -261,6 +267,22 @@ struct request_sock;
261	* Update module state after a successful pivot.	267	* Update module state after a successful pivot.
262	* @old_nd contains the nameidata structure for the old root.	268	* @old_nd contains the nameidata structure for the old root.
263	* @new_nd contains the nameidata structure for the new root.	269	* @new_nd contains the nameidata structure for the new root.
		270	* @sb_get_mnt_opts:
		271	* Get the security relevant mount options used for a superblock
		272	* @sb the superblock to get security mount options from
		273	* @mount_options array for pointers to mount options
		274	* @mount_flags array of ints specifying what each mount options is
		275	* @num_opts number of options in the arrays
		276	* @sb_set_mnt_opts:
		277	* Set the security relevant mount options used for a superblock
		278	* @sb the superblock to set security mount options for
		279	* @mount_options array for pointers to mount options
		280	* @mount_flags array of ints specifying what each mount options is
		281	* @num_opts number of options in the arrays
		282	* @sb_clone_mnt_opts:
		283	* Copy all security options from a given superblock to another
		284	* @oldsb old superblock which contain information to clone
		285	* @newsb new superblock which needs filled in
264	*	286	*
265	* Security hooks for inode operations.	287	* Security hooks for inode operations.
266	*	288	*
@@ -1242,6 +1264,13 @@ struct security_operations {
1242	struct nameidata * new_nd);	1264	struct nameidata * new_nd);
1243	void (sb_post_pivotroot) (struct nameidata old_nd,	1265	void (sb_post_pivotroot) (struct nameidata old_nd,
1244	struct nameidata * new_nd);	1266	struct nameidata * new_nd);
		1267	int (sb_get_mnt_opts) (const struct super_block sb,
		1268	char *mount_options, int flags,
		1269	int *num_opts);
		1270	int (sb_set_mnt_opts) (struct super_block sb, char **mount_options,
		1271	int *flags, int num_opts);
		1272	void (sb_clone_mnt_opts) (const struct super_block oldsb,
		1273	struct super_block *newsb);
1245		1274
1246	int (inode_alloc_security) (struct inode inode);	1275	int (inode_alloc_security) (struct inode inode);
1247	void (inode_free_security) (struct inode inode);	1276	void (inode_free_security) (struct inode inode);
@@ -1499,6 +1528,13 @@ void security_sb_post_mountroot(void);
1499	void security_sb_post_addmount(struct vfsmount mnt, struct nameidata mountpoint_nd);	1528	void security_sb_post_addmount(struct vfsmount mnt, struct nameidata mountpoint_nd);
1500	int security_sb_pivotroot(struct nameidata old_nd, struct nameidata new_nd);	1529	int security_sb_pivotroot(struct nameidata old_nd, struct nameidata new_nd);
1501	void security_sb_post_pivotroot(struct nameidata old_nd, struct nameidata new_nd);	1530	void security_sb_post_pivotroot(struct nameidata old_nd, struct nameidata new_nd);
		1531	int security_sb_get_mnt_opts(const struct super_block sb, char **mount_options,
		1532	int *flags, int num_opts);
		1533	int security_sb_set_mnt_opts(struct super_block sb, char *mount_options,
		1534	int *flags, int num_opts);
		1535	void security_sb_clone_mnt_opts(const struct super_block *oldsb,
		1536	struct super_block *newsb);
		1537
1502	int security_inode_alloc(struct inode *inode);	1538	int security_inode_alloc(struct inode *inode);
1503	void security_inode_free(struct inode *inode);	1539	void security_inode_free(struct inode *inode);
1504	int security_inode_init_security(struct inode inode, struct inode dir,	1540	int security_inode_init_security(struct inode inode, struct inode dir,