diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/capability.c | 5 | ||||
| -rw-r--r-- | security/security.c | 7 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 12 |
3 files changed, 19 insertions, 5 deletions
diff --git a/security/capability.c b/security/capability.c index 71f9682bfb54..d32e16e3c6ae 100644 --- a/security/capability.c +++ b/security/capability.c | |||
| @@ -91,7 +91,10 @@ static int cap_sb_pivotroot(struct path *old_path, struct path *new_path) | |||
| 91 | } | 91 | } |
| 92 | 92 | ||
| 93 | static int cap_sb_set_mnt_opts(struct super_block *sb, | 93 | static int cap_sb_set_mnt_opts(struct super_block *sb, |
| 94 | struct security_mnt_opts *opts) | 94 | struct security_mnt_opts *opts, |
| 95 | unsigned long kern_flags, | ||
| 96 | unsigned long *set_kern_flags) | ||
| 97 | |||
| 95 | { | 98 | { |
| 96 | if (unlikely(opts->num_mnt_opts)) | 99 | if (unlikely(opts->num_mnt_opts)) |
| 97 | return -EOPNOTSUPP; | 100 | return -EOPNOTSUPP; |
diff --git a/security/security.c b/security/security.c index c3ceb754e705..8d0b9a79611a 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -294,9 +294,12 @@ int security_sb_pivotroot(struct path *old_path, struct path *new_path) | |||
| 294 | } | 294 | } |
| 295 | 295 | ||
| 296 | int security_sb_set_mnt_opts(struct super_block *sb, | 296 | int security_sb_set_mnt_opts(struct super_block *sb, |
| 297 | struct security_mnt_opts *opts) | 297 | struct security_mnt_opts *opts, |
| 298 | unsigned long kern_flags, | ||
| 299 | unsigned long *set_kern_flags) | ||
| 298 | { | 300 | { |
| 299 | return security_ops->sb_set_mnt_opts(sb, opts); | 301 | return security_ops->sb_set_mnt_opts(sb, opts, kern_flags, |
| 302 | set_kern_flags); | ||
| 300 | } | 303 | } |
| 301 | EXPORT_SYMBOL(security_sb_set_mnt_opts); | 304 | EXPORT_SYMBOL(security_sb_set_mnt_opts); |
| 302 | 305 | ||
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index bbf219a494d0..f3b54466a037 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -552,7 +552,9 @@ static int bad_option(struct superblock_security_struct *sbsec, char flag, | |||
| 552 | * labeling information. | 552 | * labeling information. |
| 553 | */ | 553 | */ |
| 554 | static int selinux_set_mnt_opts(struct super_block *sb, | 554 | static int selinux_set_mnt_opts(struct super_block *sb, |
| 555 | struct security_mnt_opts *opts) | 555 | struct security_mnt_opts *opts, |
| 556 | unsigned long kern_flags, | ||
| 557 | unsigned long *set_kern_flags) | ||
| 556 | { | 558 | { |
| 557 | const struct cred *cred = current_cred(); | 559 | const struct cred *cred = current_cred(); |
| 558 | int rc = 0, i; | 560 | int rc = 0, i; |
| @@ -580,6 +582,12 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
| 580 | "before the security server is initialized\n"); | 582 | "before the security server is initialized\n"); |
| 581 | goto out; | 583 | goto out; |
| 582 | } | 584 | } |
| 585 | if (kern_flags && !set_kern_flags) { | ||
| 586 | /* Specifying internal flags without providing a place to | ||
| 587 | * place the results is not allowed */ | ||
| 588 | rc = -EINVAL; | ||
| 589 | goto out; | ||
| 590 | } | ||
| 583 | 591 | ||
| 584 | /* | 592 | /* |
| 585 | * Binary mount data FS will come through this function twice. Once | 593 | * Binary mount data FS will come through this function twice. Once |
| @@ -980,7 +988,7 @@ static int superblock_doinit(struct super_block *sb, void *data) | |||
| 980 | goto out_err; | 988 | goto out_err; |
| 981 | 989 | ||
| 982 | out: | 990 | out: |
| 983 | rc = selinux_set_mnt_opts(sb, &opts); | 991 | rc = selinux_set_mnt_opts(sb, &opts, 0, NULL); |
| 984 | 992 | ||
| 985 | out_err: | 993 | out_err: |
| 986 | security_free_mnt_opts(&opts); | 994 | security_free_mnt_opts(&opts); |