• C
    Smack: Restore the smackfsdef mount option and add missing prefixes · 6e7739fc
    Casey Schaufler 提交于
    The 5.1 mount system rework changed the smackfsdef mount option to
    smackfsdefault.  This fixes the regression by making smackfsdef treated
    the same way as smackfsdefault.
    
    Also fix the smack_param_specs[] to have "smack" prefixes on all the
    names.  This isn't visible to a user unless they either:
    
     (a) Try to mount a filesystem that's converted to the internal mount API
         and that implements the ->parse_monolithic() context operation - and
         only then if they call security_fs_context_parse_param() rather than
         security_sb_eat_lsm_opts().
    
         There are no examples of this upstream yet, but nfs will probably want
         to do this for nfs2 or nfs3.
    
     (b) Use fsconfig() to configure the filesystem - in which case
         security_fs_context_parse_param() will be called.
    
    This issue is that smack_sb_eat_lsm_opts() checks for the "smack" prefix
    on the options, but smack_fs_context_parse_param() does not.
    
    Fixes: c3300aaf ("smack: get rid of match_token()")
    Fixes: 2febd254 ("smack: Implement filesystem context security hooks")
    Cc: stable@vger.kernel.org
    Reported-by: NJose Bollo <jose.bollo@iot.bzh>
    Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
    Signed-off-by: NDavid Howells <dhowells@redhat.com>
    Tested-by: NCasey Schaufler <casey@schaufler-ca.com>
    Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
    6e7739fc
smack_lsm.c 116.6 KB