diff mbox series

[dhowells/mount-api] fs: return -ENOPARAM from security_fs_context_parse_param by default

Message ID 20180906184426.32413-1-avagin@openvz.org (mailing list archive)
State New, archived
Headers show
Series [dhowells/mount-api] fs: return -ENOPARAM from security_fs_context_parse_param by default | expand

Commit Message

Andrey Vagin Sept. 6, 2018, 6:44 p.m. UTC 
From: Andrei Vagin <avagin@gmail.com>

It returns 0 to indicate that it processed the argument and that
the argument doesn't belong to the filesystem.  It returns -ENOPARAM to
indicate that the argument should be passed along to the filesystem.  Any
other error is an actual error. // David Howells <dhowells@redhat.com>

Signed-off-by: Andrei Vagin <avagin@gmail.com>
---
 include/linux/lsm_hooks.h | 4 ++++
 include/linux/security.h  | 2 +-
 security/security.c       | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

Comments

David Howells Sept. 11, 2018, 8:15 p.m. UTC | #1 
Andrei Vagin <avagin@openvz.org> wrote:

> It returns 0 to indicate that it processed the argument and that
> the argument doesn't belong to the filesystem.  It returns -ENOPARAM to
> indicate that the argument should be passed along to the filesystem.  Any
> other error is an actual error. // David Howells <dhowells@redhat.com>

I made these changes already, thanks.

David
diff mbox series

Patch

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index ceb487c3fbc7..d333ceebf056 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -103,6 +103,10 @@ 
  *	Validate the filesystem context preparatory to applying it.  This is
  *	done after all the options have been parsed.
  *	@fc indicates the filesystem context.
+ *	Returns 0 to indicate that it processed the argument and that the argument
+ *	doesn't belong to the filesystem. It returns -ENOPARAM to indicate that
+ *	the argument should be passed along to the filesystem. Any other error is
+ *	an actual error.
  * @sb_get_tree:
  *	Assign the security to a newly created superblock.
  *	@fc indicates the filesystem context.
diff --git a/include/linux/security.h b/include/linux/security.h
index dbed5326b45c..bae191a96c73 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -576,7 +576,7 @@  static inline void security_fs_context_free(struct fs_context *fc)
 static inline int security_fs_context_parse_param(struct fs_context *fc,
 						  struct fs_parameter *param)
 {
-	return 0;
+	return -ENOPARAM;
 }
 static inline int security_fs_context_validate(struct fs_context *fc)
 {
diff --git a/security/security.c b/security/security.c
index 94420f3616a7..64304d20aae1 100644
--- a/security/security.c
+++ b/security/security.c
@@ -380,7 +380,7 @@  void security_fs_context_free(struct fs_context *fc)
 
 int security_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *param)
 {
-	return call_int_hook(fs_context_parse_param, 0, fc, param);
+	return call_int_hook(fs_context_parse_param, -ENOPARAM, fc, param);
 }
 
 int security_fs_context_validate(struct fs_context *fc)