Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Morton <akpm@osdl.org>2004-02-15 18:04:59 -0800
committerLinus Torvalds <torvalds@home.osdl.org>2004-02-15 18:04:59 -0800
commit86d3ef68854dfa6d537d75916b4a0c9c39f6dcbf (patch)
tree1aa691c5b220dffada2154263993aecd1287846b
parent50d8ab923e9e1a84f35fd6e272d9f24b52fd2547 (diff)
[PATCH] SELinux: context mount support - LSM/FS
From: James Morris <jmorris@redhat.com> This series of patches adds support for SELinux 'context mounts', which allows filesystems to be assigned security context information at mount time. For example, some filesystems do not support extended attributes (e.g. NFS, vfat), and this feature allows security contexts to be assigned to them on a per-mountpoint basis. It is also useful when the existing labeling on a filesystem is untrusted or unwanted for some reason (e.g. removable media), and needs to be overridden with a safe default. The first patch below consists of infrastructure changes to the kernel: - A new LSM hook has been added, sb_copy_data, which allows the security module to copy security-specific mount data once the superblock has been setup by the filesystem. - The sb_kern_mount hook has been modified to take this security data as a parameter, and would typically be used at that point to configure the security parameters of the filesystem being mounted. - Allocation and freeing of the security data has been implemented in the core fs code as it is cleaner than trying to do it purely via LSM hooks, and should make maintenance easier. This code will be compiled away if LSM is not enabled.
-rw-r--r--fs/super.c24
-rw-r--r--include/linux/fs.h20
-rw-r--r--include/linux/security.h29
-rw-r--r--security/dummy.c8
4 files changed, 73 insertions, 8 deletions
diff --git a/fs/super.c b/fs/super.c
index 2117f5c12423..e08d53aab26a 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -708,6 +708,7 @@ do_kern_mount(const char *fstype, int flags, const char *name, void *data)
struct super_block *sb = ERR_PTR(-ENOMEM);
struct vfsmount *mnt;
int error;
+ char *secdata = NULL;
if (!type)
return ERR_PTR(-ENODEV);
@@ -715,11 +716,26 @@ do_kern_mount(const char *fstype, int flags, const char *name, void *data)
mnt = alloc_vfsmnt(name);
if (!mnt)
goto out;
+
+ if (data) {
+ secdata = alloc_secdata();
+ if (!secdata) {
+ sb = ERR_PTR(-ENOMEM);
+ goto out_mnt;
+ }
+
+ error = security_sb_copy_data(fstype, data, secdata);
+ if (error) {
+ sb = ERR_PTR(error);
+ goto out_free_secdata;
+ }
+ }
+
sb = type->get_sb(type, flags, name, data);
if (IS_ERR(sb))
- goto out_mnt;
- error = security_sb_kern_mount(sb);
- if (error)
+ goto out_free_secdata;
+ error = security_sb_kern_mount(sb, secdata);
+ if (error)
goto out_sb;
mnt->mnt_sb = sb;
mnt->mnt_root = dget(sb->s_root);
@@ -732,6 +748,8 @@ out_sb:
up_write(&sb->s_umount);
deactivate_super(sb);
sb = ERR_PTR(error);
+out_free_secdata:
+ free_secdata(secdata);
out_mnt:
free_vfsmnt(mnt);
out:
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 7d9154665d9b..fb2306154b75 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1421,5 +1421,25 @@ static inline ino_t parent_ino(struct dentry *dentry)
/* kernel/fork.c */
extern int unshare_files(void);
+#ifdef CONFIG_SECURITY
+static inline char *alloc_secdata(void)
+{
+ return (char *)get_zeroed_page(GFP_KERNEL);
+}
+
+static inline void free_secdata(void *secdata)
+{
+ free_page((unsigned long)secdata);
+}
+#else
+static inline char *alloc_secdata(void)
+{
+ return (char *)1;
+}
+
+static inline void free_secdata(void *secdata)
+{ }
+#endif /* CONFIG_SECURITY */
+
#endif /* __KERNEL__ */
#endif /* _LINUX_FS_H */
diff --git a/include/linux/security.h b/include/linux/security.h
index 92786e0700c3..10789232ff05 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -171,6 +171,16 @@ struct swap_info_struct;
* @flags contains the mount flags.
* @data contains the filesystem-specific data.
* Return 0 if permission is granted.
+ * @sb_copy_data:
+ * Allow mount option data to be copied prior to parsing by the filesystem,
+ * so that the security module can extract security-specific mount
+ * options cleanly (a filesystem may modify the data e.g. with strsep()).
+ * This also allows the original mount data to be stripped of security-
+ * specific options to avoid having to make filesystems aware of them.
+ * @fstype the type of filesystem being mounted.
+ * @orig the original mount data copied from userspace.
+ * @copy copied data which will be passed to the security module.
+ * Returns 0 if the copy was successful.
* @sb_check_sb:
* Check permission before the device with superblock @mnt->sb is mounted
* on the mount point named by @nd.
@@ -1024,7 +1034,8 @@ struct security_operations {
int (*sb_alloc_security) (struct super_block * sb);
void (*sb_free_security) (struct super_block * sb);
- int (*sb_kern_mount) (struct super_block *sb);
+ int (*sb_copy_data)(const char *fstype, void *orig, void *copy);
+ int (*sb_kern_mount) (struct super_block *sb, void *data);
int (*sb_statfs) (struct super_block * sb);
int (*sb_mount) (char *dev_name, struct nameidata * nd,
char *type, unsigned long flags, void *data);
@@ -1308,9 +1319,14 @@ static inline void security_sb_free (struct super_block *sb)
security_ops->sb_free_security (sb);
}
-static inline int security_sb_kern_mount (struct super_block *sb)
+static inline int security_sb_copy_data (const char *fstype, void *orig, void *copy)
{
- return security_ops->sb_kern_mount (sb);
+ return security_ops->sb_copy_data (fstype, orig, copy);
+}
+
+static inline int security_sb_kern_mount (struct super_block *sb, void *data)
+{
+ return security_ops->sb_kern_mount (sb, data);
}
static inline int security_sb_statfs (struct super_block *sb)
@@ -1973,7 +1989,12 @@ static inline int security_sb_alloc (struct super_block *sb)
static inline void security_sb_free (struct super_block *sb)
{ }
-static inline int security_sb_kern_mount (struct super_block *sb)
+static inline int security_sb_copy_data (const char *fstype, void *orig, void *copy)
+{
+ return 0;
+}
+
+static inline int security_sb_kern_mount (struct super_block *sb, void *data)
{
return 0;
}
diff --git a/security/dummy.c b/security/dummy.c
index b1bb80c45937..bc8e2175083d 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -194,7 +194,12 @@ static void dummy_sb_free_security (struct super_block *sb)
return;
}
-static int dummy_sb_kern_mount (struct super_block *sb)
+static int dummy_sb_copy_data (const char *fstype, void *orig, void *copy)
+{
+ return 0;
+}
+
+static int dummy_sb_kern_mount (struct super_block *sb, void *data)
{
return 0;
}
@@ -877,6 +882,7 @@ void security_fixup_ops (struct security_operations *ops)
set_to_dummy_if_null(ops, bprm_secureexec);
set_to_dummy_if_null(ops, sb_alloc_security);
set_to_dummy_if_null(ops, sb_free_security);
+ set_to_dummy_if_null(ops, sb_copy_data);
set_to_dummy_if_null(ops, sb_kern_mount);
set_to_dummy_if_null(ops, sb_statfs);
set_to_dummy_if_null(ops, sb_mount);