• Eric Paris's avatar
    LSM/SELinux: Interfaces to allow FS to control mount options · e0007529
    Eric Paris authored
    Introduce new LSM interfaces to allow an FS to deal with their own mount
    options.  This includes a new string parsing function exported from the
    LSM that an FS can use to get a security data blob and a new security
    data blob.  This is particularly useful for an FS which uses binary
    mount data, like NFS, which does not pass strings into the vfs to be
    handled by the loaded LSM.  Also fix a BUG() in both SELinux and SMACK
    when dealing with binary mount data.  If the binary mount data is less
    than one page the copy_page() in security_sb_copy_data() can cause an
    illegal page fault and boom.  Remove all NFSisms from the SELinux code
    since they were broken by past NFS changes.
    Signed-off-by: default avatarEric Paris <eparis@redhat.com>
    Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    Acked-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    e0007529
security.c 27.5 KB