diff mbox

[03/16] Smack: Add smkfstransmute mount option

Message ID 1406777210-28425-4-git-send-email-dhobsong@igel.co.jp (mailing list archive)
State New, archived
Headers show

Commit Message

Damian Hobson-Garcia July 31, 2014, 3:26 a.m. UTC 
From: Casey Schaufler <casey@schaufler-ca.com>

Suppliment the smkfsroot mount option with another, smkfstransmute,
that does the same thing but also marks the root inode as
transmutting. This allows a freshly created filesystem to
be mounted with a transmutting heirarchy.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
(cherry picked from commit e830b39412ca2bbedd7508243f21c04d57ad543c)

Signed-off-by: Damian Hobson-Garcia <dhobsong@igel.co.jp>
Signed-off-by: Tomohito Esaki <etom@igel.co.jp>
---
 security/smack/smack.h     |    1 +
 security/smack/smack_lsm.c |   25 ++++++++++++++++++++-----
 2 files changed, 21 insertions(+), 5 deletions(-)
diff mbox

Patch

diff --git a/security/smack/smack.h b/security/smack/smack.h
index 159f25b..339614c 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -143,6 +143,7 @@  struct smk_port_label {
 #define SMK_FSFLOOR	"smackfsfloor="
 #define SMK_FSHAT	"smackfshat="
 #define SMK_FSROOT	"smackfsroot="
+#define SMK_FSTRANS	"smackfstransmute="
 
 #define SMACK_CIPSO_OPTION 	"-CIPSO"
 
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 3669d9f..6a08330 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -261,8 +261,9 @@  static int smack_sb_alloc_security(struct super_block *sb)
 	sbsp->smk_default = smack_known_floor.smk_known;
 	sbsp->smk_floor = smack_known_floor.smk_known;
 	sbsp->smk_hat = smack_known_hat.smk_known;
-	sbsp->smk_initialized = 0;
-
+	/*
+	 * smk_initialized will be zero from kzalloc.
+	 */
 	sb->s_security = sbsp;
 
 	return 0;
@@ -306,6 +307,8 @@  static int smack_sb_copy_data(char *orig, char *smackopts)
 			dp = smackopts;
 		else if (strstr(cp, SMK_FSROOT) == cp)
 			dp = smackopts;
+		else if (strstr(cp, SMK_FSTRANS) == cp)
+			dp = smackopts;
 		else
 			dp = otheropts;
 
@@ -341,8 +344,9 @@  static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
 	char *op;
 	char *commap;
 	char *nsp;
+	int transmute = 0;
 
-	if (sp->smk_initialized != 0)
+	if (sp->smk_initialized)
 		return 0;
 
 	sp->smk_initialized = 1;
@@ -373,6 +377,13 @@  static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
 			nsp = smk_import(op, 0);
 			if (nsp != NULL)
 				sp->smk_root = nsp;
+		} else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
+			op += strlen(SMK_FSTRANS);
+			nsp = smk_import(op, 0);
+			if (nsp != NULL) {
+				sp->smk_root = nsp;
+				transmute = 1;
+			}
 		}
 	}
 
@@ -380,11 +391,15 @@  static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
 	 * Initialize the root inode.
 	 */
 	isp = inode->i_security;
-	if (isp == NULL)
+	if (inode->i_security == NULL) {
 		inode->i_security = new_inode_smack(sp->smk_root);
-	else
+		isp = inode->i_security;
+	} else
 		isp->smk_inode = sp->smk_root;
 
+	if (transmute)
+		isp->smk_flags |= SMK_INODE_TRANSMUTE;
+
 	return 0;
 }