Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e830b394 authored by Casey Schaufler's avatar Casey Schaufler
Browse files

Smack: Add smkfstransmute mount option 

Suppliment the smkfsroot mount option with another, smkfstransmute,
that does the same thing but also marks the root inode as
transmutting. This allows a freshly created filesystem to
be mounted with a transmutting heirarchy.

Targeted for git://git.gitorious.org/smack-next/kernel.git



Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
parent 2f823ff8

security/smack/smack.h

+1 −0
Original line number Diff line number Diff line
@@ -143,6 +143,7 @@ struct smk_port_label { 
#define SMK_FSFLOOR	"smackfsfloor="

#define SMK_FSHAT	"smackfshat="

#define SMK_FSROOT	"smackfsroot="

#define SMK_FSTRANS	"smackfstransmute="



#define SMACK_CIPSO_OPTION 	"-CIPSO"

security/smack/smack_lsm.c

+20 −5
Original line number Diff line number Diff line
@@ -261,8 +261,9 @@ static int smack_sb_alloc_security(struct super_block *sb) 
	sbsp->smk_default = smack_known_floor.smk_known;

	sbsp->smk_floor = smack_known_floor.smk_known;

	sbsp->smk_hat = smack_known_hat.smk_known;

	sbsp->smk_initialized = 0;



	/*

	 * smk_initialized will be zero from kzalloc.

	 */

	sb->s_security = sbsp;



	return 0;
@@ -306,6 +307,8 @@ static int smack_sb_copy_data(char *orig, char *smackopts) 
			dp = smackopts;

		else if (strstr(cp, SMK_FSROOT) == cp)

			dp = smackopts;

		else if (strstr(cp, SMK_FSTRANS) == cp)

			dp = smackopts;

		else

			dp = otheropts;
@@ -341,8 +344,9 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) 
	char *op;

	char *commap;

	char *nsp;

	int transmute = 0;



	if (sp->smk_initialized != 0)

	if (sp->smk_initialized)

		return 0;



	sp->smk_initialized = 1;
@@ -373,6 +377,13 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) 
			nsp = smk_import(op, 0);

			if (nsp != NULL)

				sp->smk_root = nsp;

		} else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {

			op += strlen(SMK_FSTRANS);

			nsp = smk_import(op, 0);

			if (nsp != NULL) {

				sp->smk_root = nsp;

				transmute = 1;

			}

		}

	}
@@ -380,11 +391,15 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) 
	 * Initialize the root inode.

	 */

	isp = inode->i_security;

	if (isp == NULL)

	if (inode->i_security == NULL) {

		inode->i_security = new_inode_smack(sp->smk_root);

	else

		isp = inode->i_security;

	} else

		isp->smk_inode = sp->smk_root;



	if (transmute)

		isp->smk_flags |= SMK_INODE_TRANSMUTE;



	return 0;

}