diff options
| author | Andrew Morton <akpm@osdl.org> | 2004-02-15 18:04:59 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@home.osdl.org> | 2004-02-15 18:04:59 -0800 |
| commit | 86d3ef68854dfa6d537d75916b4a0c9c39f6dcbf (patch) | |
| tree | 1aa691c5b220dffada2154263993aecd1287846b /security | |
| parent | 50d8ab923e9e1a84f35fd6e272d9f24b52fd2547 (diff) | |
| download | history-86d3ef68854dfa6d537d75916b4a0c9c39f6dcbf.tar.gz | |
[PATCH] SELinux: context mount support - LSM/FS
From: James Morris <jmorris@redhat.com>
This series of patches adds support for SELinux 'context mounts', which
allows filesystems to be assigned security context information at mount time.
For example, some filesystems do not support extended attributes (e.g. NFS,
vfat), and this feature allows security contexts to be assigned to them on a
per-mountpoint basis. It is also useful when the existing labeling on a
filesystem is untrusted or unwanted for some reason (e.g. removable media),
and needs to be overridden with a safe default.
The first patch below consists of infrastructure changes to the kernel:
- A new LSM hook has been added, sb_copy_data, which allows the security
module to copy security-specific mount data once the superblock has been
setup by the filesystem.
- The sb_kern_mount hook has been modified to take this security data as a
parameter, and would typically be used at that point to configure the
security parameters of the filesystem being mounted.
- Allocation and freeing of the security data has been implemented in the
core fs code as it is cleaner than trying to do it purely via LSM hooks,
and should make maintenance easier. This code will be compiled away if LSM
is not enabled.
Diffstat (limited to 'security')
| -rw-r--r-- | security/dummy.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/security/dummy.c b/security/dummy.c index b1bb80c459379f..bc8e2175083dde 100644 --- a/security/dummy.c +++ b/security/dummy.c @@ -194,7 +194,12 @@ static void dummy_sb_free_security (struct super_block *sb) return; } -static int dummy_sb_kern_mount (struct super_block *sb) +static int dummy_sb_copy_data (const char *fstype, void *orig, void *copy) +{ + return 0; +} + +static int dummy_sb_kern_mount (struct super_block *sb, void *data) { return 0; } @@ -877,6 +882,7 @@ void security_fixup_ops (struct security_operations *ops) set_to_dummy_if_null(ops, bprm_secureexec); set_to_dummy_if_null(ops, sb_alloc_security); set_to_dummy_if_null(ops, sb_free_security); + set_to_dummy_if_null(ops, sb_copy_data); set_to_dummy_if_null(ops, sb_kern_mount); set_to_dummy_if_null(ops, sb_statfs); set_to_dummy_if_null(ops, sb_mount); |