diff options
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4130d64359a3..85f74f665765 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -556,13 +556,15 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
| 556 | struct task_security_struct *tsec = current->security; | 556 | struct task_security_struct *tsec = current->security; |
| 557 | struct superblock_security_struct *sbsec = sb->s_security; | 557 | struct superblock_security_struct *sbsec = sb->s_security; |
| 558 | const char *name = sb->s_type->name; | 558 | const char *name = sb->s_type->name; |
| 559 | struct inode *inode = sbsec->sb->s_root->d_inode; | 559 | struct dentry *root = sb->s_root; |
| 560 | struct inode_security_struct *root_isec = inode->i_security; | 560 | struct inode *root_inode = root->d_inode; |
| 561 | struct inode_security_struct *root_isec = root_inode->i_security; | ||
| 561 | u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; | 562 | u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; |
| 562 | u32 defcontext_sid = 0; | 563 | u32 defcontext_sid = 0; |
| 563 | char **mount_options = opts->mnt_opts; | 564 | char **mount_options = opts->mnt_opts; |
| 564 | int *flags = opts->mnt_opts_flags; | 565 | int *flags = opts->mnt_opts_flags; |
| 565 | int num_opts = opts->num_mnt_opts; | 566 | int num_opts = opts->num_mnt_opts; |
| 567 | bool can_xattr = false; | ||
| 566 | 568 | ||
| 567 | mutex_lock(&sbsec->lock); | 569 | mutex_lock(&sbsec->lock); |
| 568 | 570 | ||
| @@ -666,14 +668,24 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
| 666 | goto out; | 668 | goto out; |
| 667 | } | 669 | } |
| 668 | 670 | ||
| 669 | if (strcmp(sb->s_type->name, "proc") == 0) | 671 | if (strcmp(name, "proc") == 0) |
| 670 | sbsec->proc = 1; | 672 | sbsec->proc = 1; |
| 671 | 673 | ||
| 674 | /* | ||
| 675 | * test if the fs supports xattrs, fs_use might make use of this if the | ||
| 676 | * fs has no definition in policy. | ||
| 677 | */ | ||
| 678 | if (root_inode->i_op->getxattr) { | ||
| 679 | rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0); | ||
| 680 | if (rc >= 0 || rc == -ENODATA) | ||
| 681 | can_xattr = true; | ||
| 682 | } | ||
| 683 | |||
| 672 | /* Determine the labeling behavior to use for this filesystem type. */ | 684 | /* Determine the labeling behavior to use for this filesystem type. */ |
| 673 | rc = security_fs_use(sb->s_type->name, &sbsec->behavior, &sbsec->sid); | 685 | rc = security_fs_use(name, &sbsec->behavior, &sbsec->sid, can_xattr); |
| 674 | if (rc) { | 686 | if (rc) { |
| 675 | printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n", | 687 | printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n", |
| 676 | __func__, sb->s_type->name, rc); | 688 | __func__, name, rc); |
| 677 | goto out; | 689 | goto out; |
| 678 | } | 690 | } |
| 679 | 691 | ||