Skip to content

Commit

Permalink
---
Browse files Browse the repository at this point in the history
yaml
---
r: 76090
b: refs/heads/master
c: c9180a5
h: refs/heads/master
v: v3
  • Loading branch information
Eric Paris authored and James Morris committed Jan 25, 2008
1 parent c332ee9 commit 6a40e14
Show file tree
Hide file tree
Showing 6 changed files with 578 additions and 255 deletions.
2 changes: 1 addition & 1 deletion [refs]
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
refs/heads/master: 19c5fc198c369bb00f3ed9716ef40648865d8d94
refs/heads/master: c9180a57a9ab2d5525faf8815a332364ee9e89b7
36 changes: 36 additions & 0 deletions trunk/include/linux/security.h
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,12 @@
#include <linux/xfrm.h>
#include <net/flow.h>

/* only a char in selinux superblock security struct flags */
#define FSCONTEXT_MNT 0x01
#define CONTEXT_MNT 0x02
#define ROOTCONTEXT_MNT 0x04
#define DEFCONTEXT_MNT 0x08

/*
* Bounding set
*/
Expand Down Expand Up @@ -261,6 +267,22 @@ struct request_sock;
* Update module state after a successful pivot.
* @old_nd contains the nameidata structure for the old root.
* @new_nd contains the nameidata structure for the new root.
* @sb_get_mnt_opts:
* Get the security relevant mount options used for a superblock
* @sb the superblock to get security mount options from
* @mount_options array for pointers to mount options
* @mount_flags array of ints specifying what each mount options is
* @num_opts number of options in the arrays
* @sb_set_mnt_opts:
* Set the security relevant mount options used for a superblock
* @sb the superblock to set security mount options for
* @mount_options array for pointers to mount options
* @mount_flags array of ints specifying what each mount options is
* @num_opts number of options in the arrays
* @sb_clone_mnt_opts:
* Copy all security options from a given superblock to another
* @oldsb old superblock which contain information to clone
* @newsb new superblock which needs filled in
*
* Security hooks for inode operations.
*
Expand Down Expand Up @@ -1242,6 +1264,13 @@ struct security_operations {
struct nameidata * new_nd);
void (*sb_post_pivotroot) (struct nameidata * old_nd,
struct nameidata * new_nd);
int (*sb_get_mnt_opts) (const struct super_block *sb,
char ***mount_options, int **flags,
int *num_opts);
int (*sb_set_mnt_opts) (struct super_block *sb, char **mount_options,
int *flags, int num_opts);
void (*sb_clone_mnt_opts) (const struct super_block *oldsb,
struct super_block *newsb);

int (*inode_alloc_security) (struct inode *inode);
void (*inode_free_security) (struct inode *inode);
Expand Down Expand Up @@ -1499,6 +1528,13 @@ void security_sb_post_mountroot(void);
void security_sb_post_addmount(struct vfsmount *mnt, struct nameidata *mountpoint_nd);
int security_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd);
int security_sb_get_mnt_opts(const struct super_block *sb, char ***mount_options,
int **flags, int *num_opts);
int security_sb_set_mnt_opts(struct super_block *sb, char **mount_options,
int *flags, int num_opts);
void security_sb_clone_mnt_opts(const struct super_block *oldsb,
struct super_block *newsb);

int security_inode_alloc(struct inode *inode);
void security_inode_free(struct inode *inode);
int security_inode_init_security(struct inode *inode, struct inode *dir,
Expand Down
26 changes: 26 additions & 0 deletions trunk/security/dummy.c
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,29 @@ static void dummy_sb_post_pivotroot (struct nameidata *old_nd, struct nameidata
return;
}

static int dummy_sb_get_mnt_opts(const struct super_block *sb, char ***mount_options,
int **flags, int *num_opts)
{
*mount_options = NULL;
*flags = NULL;
*num_opts = 0;
return 0;
}

static int dummy_sb_set_mnt_opts(struct super_block *sb, char **mount_options,
int *flags, int num_opts)
{
if (unlikely(num_opts))
return -EOPNOTSUPP;
return 0;
}

static void dummy_sb_clone_mnt_opts(const struct super_block *oldsb,
struct super_block *newsb)
{
return;
}

static int dummy_inode_alloc_security (struct inode *inode)
{
return 0;
Expand Down Expand Up @@ -998,6 +1021,9 @@ void security_fixup_ops (struct security_operations *ops)
set_to_dummy_if_null(ops, sb_post_addmount);
set_to_dummy_if_null(ops, sb_pivotroot);
set_to_dummy_if_null(ops, sb_post_pivotroot);
set_to_dummy_if_null(ops, sb_get_mnt_opts);
set_to_dummy_if_null(ops, sb_set_mnt_opts);
set_to_dummy_if_null(ops, sb_clone_mnt_opts);
set_to_dummy_if_null(ops, inode_alloc_security);
set_to_dummy_if_null(ops, inode_free_security);
set_to_dummy_if_null(ops, inode_init_security);
Expand Down
20 changes: 20 additions & 0 deletions trunk/security/security.c
Original file line number Diff line number Diff line change
Expand Up @@ -308,6 +308,26 @@ void security_sb_post_pivotroot(struct nameidata *old_nd, struct nameidata *new_
security_ops->sb_post_pivotroot(old_nd, new_nd);
}

int security_sb_get_mnt_opts(const struct super_block *sb,
char ***mount_options,
int **flags, int *num_opts)
{
return security_ops->sb_get_mnt_opts(sb, mount_options, flags, num_opts);
}

int security_sb_set_mnt_opts(struct super_block *sb,
char **mount_options,
int *flags, int num_opts)
{
return security_ops->sb_set_mnt_opts(sb, mount_options, flags, num_opts);
}

void security_sb_clone_mnt_opts(const struct super_block *oldsb,
struct super_block *newsb)
{
security_ops->sb_clone_mnt_opts(oldsb, newsb);
}

int security_inode_alloc(struct inode *inode)
{
inode->i_security = NULL;
Expand Down
Loading

0 comments on commit 6a40e14

Please sign in to comment.