Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0f5e6420 authored by Eric Paris's avatar Eric Paris Committed by James Morris
Browse files

SELinux: no BUG_ON(!ss_initialized) in selinux_clone_mnt_opts 



The Fedora installer actually makes multiple NFS mounts before it loads
selinux policy.  The code in selinux_clone_mnt_opts() assumed that the
init process would always be loading policy before NFS was up and
running.  It might be possible to hit this in a diskless environment as
well, I'm not sure.  There is no need to BUG_ON() in this situation
since we can safely continue given the circumstances.

Signed-off-by: default avatarEric Paris <eparis@redhat.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent e9b62693

security/selinux/hooks.c

+12 −3
Original line number Diff line number Diff line
@@ -755,9 +755,18 @@ static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb, 
	int set_context =	(oldsbsec->flags & CONTEXT_MNT);

	int set_rootcontext =	(oldsbsec->flags & ROOTCONTEXT_MNT);



	/* we can't error, we can't save the info, this shouldn't get called

	 * this early in the boot process. */

	BUG_ON(!ss_initialized);

	/*

	 * if the parent was able to be mounted it clearly had no special lsm

	 * mount options.  thus we can safely put this sb on the list and deal

	 * with it later

	 */

	if (!ss_initialized) {

		spin_lock(&sb_security_lock);

		if (list_empty(&newsbsec->list))

			list_add(&newsbsec->list, &superblock_security_head);

		spin_unlock(&sb_security_lock);

		return;

	}



	/* how can we clone if the old one wasn't set up?? */

	BUG_ON(!oldsbsec->initialized);