diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2018-12-01 22:42:44 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2018-12-21 11:45:30 -0500 |
| commit | 6be8750b4cba8c37170f46b29841d112f1be749b (patch) | |
| tree | 0b3386c080d73fc666afcdcd1db5290b990af349 /security | |
| parent | 6466f3d193a99426db067855345e763de2160f1c (diff) | |
| download | linux-6be8750b4cba8c37170f46b29841d112f1be749b.tar.bz2 | |
LSM: lift parsing LSM options into the caller of ->sb_kern_mount()
This paves the way for retaining the LSM options from a common filesystem
mount context during a mount parameter parsing phase to be instituted prior
to actual mount/reconfiguration actions.
Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security')
| -rw-r--r-- | security/security.c | 5 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 24 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 23 |
3 files changed, 9 insertions, 43 deletions
diff --git a/security/security.c b/security/security.c index 04d173eb93f6..b5fc8e1e849c 100644 --- a/security/security.c +++ b/security/security.c @@ -395,9 +395,10 @@ int security_sb_remount(struct super_block *sb, void *data) return call_int_hook(sb_remount, 0, sb, data); } -int security_sb_kern_mount(struct super_block *sb, int flags, void *data) +int security_sb_kern_mount(struct super_block *sb, int flags, + struct security_mnt_opts *opts) { - return call_int_hook(sb_kern_mount, 0, sb, flags, data); + return call_int_hook(sb_kern_mount, 0, sb, flags, opts); } int security_sb_show_options(struct seq_file *m, struct super_block *sb) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4bd6f9435e2f..ba229d4a64d3 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2897,30 +2897,12 @@ out_bad_option: goto out_free_opts; } -static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) +static int selinux_sb_kern_mount(struct super_block *sb, int flags, + struct security_mnt_opts *opts) { - char *options = data; const struct cred *cred = current_cred(); struct common_audit_data ad; - int rc = 0; - struct security_mnt_opts opts; - - security_init_mnt_opts(&opts); - - if (!data) - goto out; - - BUG_ON(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA); - - rc = selinux_parse_opts_str(options, &opts); - if (rc) - goto out_err; - -out: - rc = selinux_set_mnt_opts(sb, &opts, 0, NULL); - -out_err: - security_free_mnt_opts(&opts); + int rc = selinux_set_mnt_opts(sb, opts, 0, NULL); if (rc) return rc; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 73e41797960e..1d465ae3d11c 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -859,27 +859,10 @@ static int smack_set_mnt_opts(struct super_block *sb, * * Returns 0 on success, an error code on failure */ -static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) +static int smack_sb_kern_mount(struct super_block *sb, int flags, + struct security_mnt_opts *opts) { - int rc = 0; - char *options = data; - struct security_mnt_opts opts; - - security_init_mnt_opts(&opts); - - if (!options) - goto out; - - rc = smack_parse_opts_str(options, &opts); - if (rc) - goto out_err; - -out: - rc = smack_set_mnt_opts(sb, &opts, 0, NULL); - -out_err: - security_free_mnt_opts(&opts); - return rc; + return smack_set_mnt_opts(sb, opts, 0, NULL); } /** |