- 06 2月, 2020 1 次提交
-
-
由 Casey Schaufler 提交于
I am seeing ping failures to IPv6 linklocal addresses with Debian buster. Easiest example to reproduce is: $ ping -c1 -w1 ff02::1%eth1 connect: Invalid argument $ ping -c1 -w1 ff02::1%eth1 PING ff02::01%eth1(ff02::1%eth1) 56 data bytes 64 bytes from fe80::e0:f9ff:fe0c:37%eth1: icmp_seq=1 ttl=64 time=0.059 ms git bisect traced the failure to commit b9ef5513 ("smack: Check address length before reading address family") Arguably ping is being stupid since the buster version is not setting the address family properly (ping on stretch for example does): $ strace -e connect ping6 -c1 -w1 ff02::1%eth1 connect(5, {sa_family=AF_UNSPEC, sa_data="\4\1\0\0\0\0\377\2\0\0\0\0\0\0\0\0\0\0\0\0\0\1\3\0\0\0"}, 28) = -1 EINVAL (Invalid argument) but the command works fine on kernels prior to this commit, so this is breakage which goes against the Linux paradigm of "don't break userspace" Cc: stable@vger.kernel.org Reported-by: NDavid Ahern <dsahern@gmail.com> Suggested-by: NTetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com> security/smack/smack_lsm.c | 41 +++++++++++++++++++---------------------- 1 file changed, 19 insertions(+), 22 deletions(-)
-
- 24 10月, 2019 1 次提交
-
-
由 David Howells 提交于
Remove some #inclusions of linux/pipe_fs_i.h that don't seem to be necessary any more. Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
- 05 9月, 2019 4 次提交
-
-
由 Eric Biggers 提交于
inode_smack::smk_lock is taken during smack_d_instantiate(), which is called during a filesystem transaction when creating a file on ext4. Therefore to avoid a deadlock, all code that takes this lock must use GFP_NOFS, to prevent memory reclaim from waiting for the filesystem transaction to complete. Reported-by: syzbot+0eefc1e06a77d327a056@syzkaller.appspotmail.com Cc: stable@vger.kernel.org Signed-off-by: NEric Biggers <ebiggers@google.com> Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
-
由 Jia-Ju Bai 提交于
In smack_socket_sock_rcv_skb(), there is an if statement on line 3920 to check whether skb is NULL: if (skb && skb->secmark != 0) This check indicates skb can be NULL in some cases. But on lines 3931 and 3932, skb is used: ad.a.u.net->netif = skb->skb_iif; ipv6_skb_to_auditdata(skb, &ad.a, NULL); Thus, possible null-pointer dereferences may occur when skb is NULL. To fix these possible bugs, an if statement is added to check skb. These bugs are found by a static analysis tool STCheck written by us. Signed-off-by: NJia-Ju Bai <baijiaju1990@gmail.com> Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
-
由 luanshi 提交于
Fix/add kernel-doc notation and fix typos in security/smack/. Signed-off-by: NLiguang Zhang <zhangliguang@linux.alibaba.com> Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
-
由 Jann Horn 提交于
There is a logic bug in the current smack_bprm_set_creds(): If LSM_UNSAFE_PTRACE is set, but the ptrace state is deemed to be acceptable (e.g. because the ptracer detached in the meantime), the other ->unsafe flags aren't checked. As far as I can tell, this means that something like the following could work (but I haven't tested it): - task A: create task B with fork() - task B: set NO_NEW_PRIVS - task B: install a seccomp filter that makes open() return 0 under some conditions - task B: replace fd 0 with a malicious library - task A: attach to task B with PTRACE_ATTACH - task B: execve() a file with an SMACK64EXEC extended attribute - task A: while task B is still in the middle of execve(), exit (which destroys the ptrace relationship) Make sure that if any flags other than LSM_UNSAFE_PTRACE are set in bprm->unsafe, we reject the execve(). Cc: stable@vger.kernel.org Fixes: 5663884c ("Smack: unify all ptrace accesses in the smack") Signed-off-by: NJann Horn <jannh@google.com> Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
-
- 11 7月, 2019 1 次提交
-
-
由 Linus Torvalds 提交于
Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs" This reverts merge 0f75ef6a (and thus effectively commits 7a1ade84 ("keys: Provide KEYCTL_GRANT_PERMISSION") 2e12256b ("keys: Replace uid/gid/perm permissions checking with an ACL") that the merge brought in). It turns out that it breaks booting with an encrypted volume, and Eric biggers reports that it also breaks the fscrypt tests [1] and loading of in-kernel X.509 certificates [2]. The root cause of all the breakage is likely the same, but David Howells is off email so rather than try to work it out it's getting reverted in order to not impact the rest of the merge window. [1] https://lore.kernel.org/lkml/20190710011559.GA7973@sol.localdomain/ [2] https://lore.kernel.org/lkml/20190710013225.GB7973@sol.localdomain/ Link: https://lore.kernel.org/lkml/CAHk-=wjxoeMJfeBahnWH=9zShKp2bsVy527vo3_y8HfOdhwAAw@mail.gmail.com/Reported-by: NEric Biggers <ebiggers@kernel.org> Cc: David Howells <dhowells@redhat.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 28 6月, 2019 1 次提交
-
-
由 David Howells 提交于
Replace the uid/gid/perm permissions checking on a key with an ACL to allow the SETATTR and SEARCH permissions to be split. This will also allow a greater range of subjects to represented. ============ WHY DO THIS? ============ The problem is that SETATTR and SEARCH cover a slew of actions, not all of which should be grouped together. For SETATTR, this includes actions that are about controlling access to a key: (1) Changing a key's ownership. (2) Changing a key's security information. (3) Setting a keyring's restriction. And actions that are about managing a key's lifetime: (4) Setting an expiry time. (5) Revoking a key. and (proposed) managing a key as part of a cache: (6) Invalidating a key. Managing a key's lifetime doesn't really have anything to do with controlling access to that key. Expiry time is awkward since it's more about the lifetime of the content and so, in some ways goes better with WRITE permission. It can, however, be set unconditionally by a process with an appropriate authorisation token for instantiating a key, and can also be set by the key type driver when a key is instantiated, so lumping it with the access-controlling actions is probably okay. As for SEARCH permission, that currently covers: (1) Finding keys in a keyring tree during a search. (2) Permitting keyrings to be joined. (3) Invalidation. But these don't really belong together either, since these actions really need to be controlled separately. Finally, there are number of special cases to do with granting the administrator special rights to invalidate or clear keys that I would like to handle with the ACL rather than key flags and special checks. =============== WHAT IS CHANGED =============== The SETATTR permission is split to create two new permissions: (1) SET_SECURITY - which allows the key's owner, group and ACL to be changed and a restriction to be placed on a keyring. (2) REVOKE - which allows a key to be revoked. The SEARCH permission is split to create: (1) SEARCH - which allows a keyring to be search and a key to be found. (2) JOIN - which allows a keyring to be joined as a session keyring. (3) INVAL - which allows a key to be invalidated. The WRITE permission is also split to create: (1) WRITE - which allows a key's content to be altered and links to be added, removed and replaced in a keyring. (2) CLEAR - which allows a keyring to be cleared completely. This is split out to make it possible to give just this to an administrator. (3) REVOKE - see above. Keys acquire ACLs which consist of a series of ACEs, and all that apply are unioned together. An ACE specifies a subject, such as: (*) Possessor - permitted to anyone who 'possesses' a key (*) Owner - permitted to the key owner (*) Group - permitted to the key group (*) Everyone - permitted to everyone Note that 'Other' has been replaced with 'Everyone' on the assumption that you wouldn't grant a permit to 'Other' that you wouldn't also grant to everyone else. Further subjects may be made available by later patches. The ACE also specifies a permissions mask. The set of permissions is now: VIEW Can view the key metadata READ Can read the key content WRITE Can update/modify the key content SEARCH Can find the key by searching/requesting LINK Can make a link to the key SET_SECURITY Can change owner, ACL, expiry INVAL Can invalidate REVOKE Can revoke JOIN Can join this keyring CLEAR Can clear this keyring The KEYCTL_SETPERM function is then deprecated. The KEYCTL_SET_TIMEOUT function then is permitted if SET_SECURITY is set, or if the caller has a valid instantiation auth token. The KEYCTL_INVALIDATE function then requires INVAL. The KEYCTL_REVOKE function then requires REVOKE. The KEYCTL_JOIN_SESSION_KEYRING function then requires JOIN to join an existing keyring. The JOIN permission is enabled by default for session keyrings and manually created keyrings only. ====================== BACKWARD COMPATIBILITY ====================== To maintain backward compatibility, KEYCTL_SETPERM will translate the permissions mask it is given into a new ACL for a key - unless KEYCTL_SET_ACL has been called on that key, in which case an error will be returned. It will convert possessor, owner, group and other permissions into separate ACEs, if each portion of the mask is non-zero. SETATTR permission turns on all of INVAL, REVOKE and SET_SECURITY. WRITE permission turns on WRITE, REVOKE and, if a keyring, CLEAR. JOIN is turned on if a keyring is being altered. The KEYCTL_DESCRIBE function translates the ACL back into a permissions mask to return depending on possessor, owner, group and everyone ACEs. It will make the following mappings: (1) INVAL, JOIN -> SEARCH (2) SET_SECURITY -> SETATTR (3) REVOKE -> WRITE if SETATTR isn't already set (4) CLEAR -> WRITE Note that the value subsequently returned by KEYCTL_DESCRIBE may not match the value set with KEYCTL_SETATTR. ======= TESTING ======= This passes the keyutils testsuite for all but a couple of tests: (1) tests/keyctl/dh_compute/badargs: The first wrong-key-type test now returns EOPNOTSUPP rather than ENOKEY as READ permission isn't removed if the type doesn't have ->read(). You still can't actually read the key. (2) tests/keyctl/permitting/valid: The view-other-permissions test doesn't work as Other has been replaced with Everyone in the ACL. Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
- 19 6月, 2019 1 次提交
-
-
由 Thomas Gleixner 提交于
Based on 2 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license version 2 as published by the free software foundation this program is free software you can redistribute it and or modify it under the terms of the gnu general public license version 2 as published by the free software foundation # extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 4122 file(s). Signed-off-by: NThomas Gleixner <tglx@linutronix.de> Reviewed-by: NEnrico Weigelt <info@metux.net> Reviewed-by: NKate Stewart <kstewart@linuxfoundation.org> Reviewed-by: NAllison Randal <allison@lohutok.net> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190604081206.933168790@linutronix.deSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 15 6月, 2019 1 次提交
-
-
由 Casey Schaufler 提交于
The 5.1 mount system rework changed the smackfsdef mount option to smackfsdefault. This fixes the regression by making smackfsdef treated the same way as smackfsdefault. Also fix the smack_param_specs[] to have "smack" prefixes on all the names. This isn't visible to a user unless they either: (a) Try to mount a filesystem that's converted to the internal mount API and that implements the ->parse_monolithic() context operation - and only then if they call security_fs_context_parse_param() rather than security_sb_eat_lsm_opts(). There are no examples of this upstream yet, but nfs will probably want to do this for nfs2 or nfs3. (b) Use fsconfig() to configure the filesystem - in which case security_fs_context_parse_param() will be called. This issue is that smack_sb_eat_lsm_opts() checks for the "smack" prefix on the options, but smack_fs_context_parse_param() does not. Fixes: c3300aaf ("smack: get rid of match_token()") Fixes: 2febd254 ("smack: Implement filesystem context security hooks") Cc: stable@vger.kernel.org Reported-by: NJose Bollo <jose.bollo@iot.bzh> Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com> Signed-off-by: NDavid Howells <dhowells@redhat.com> Tested-by: NCasey Schaufler <casey@schaufler-ca.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 01 5月, 2019 1 次提交
-
-
由 Casey Schaufler 提交于
The variable sap is defined under ifdef, but a recently added use of the variable was not. Put that use under ifdef as well. Reported-by: Nkbuild test robot <lkp@intel.com> Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
-
- 30 4月, 2019 1 次提交
-
-
由 Tetsuo Handa 提交于
KMSAN will complain if valid address length passed to bind()/connect()/ sendmsg() is shorter than sizeof("struct sockaddr"->sa_family) bytes. Also, since smk_ipv6_port_label()/smack_netlabel_send()/ smack_ipv6host_label()/smk_ipv6_check()/smk_ipv6_port_check() are not checking valid address length and/or address family, make sure we check both. The minimal valid length in smack_socket_connect() is changed from sizeof(struct sockaddr_in6) bytes to SIN6_LEN_RFC2133 bytes, for it seems that Smack is not using "struct sockaddr_in6"->sin6_scope_id field. Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
-
- 04 4月, 2019 1 次提交
-
-
由 Casey Schaufler 提交于
Handle the case where the skb for an IPv6 packet contains a 0 in the secmark for a packet generated locally. This can only happen for system packets, so allow the access. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
-
- 03 4月, 2019 1 次提交
-
-
由 Casey Schaufler 提交于
This patch allows for small memory optimization by creating the kmem cache for "struct smack_rule" instead of using kzalloc. For adding new smack rule, kzalloc is used to allocate the memory for "struct smack_rule". kzalloc will always allocate 32 or 64 bytes for 1 structure depending upon the kzalloc cache sizes available in system. Although the size of structure is 20 bytes only, resulting in memory wastage per object in the default pool. For e.g., if there are 20000 rules, then it will save 240KB(20000*12) which is crucial for small memory targets. Signed-off-by: NVishal Goel <vishal.goel@samsung.com> Signed-off-by: NAmit Sahrawat <a.sahrawat@samsung.com> Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
-
- 28 2月, 2019 2 次提交
-
-
由 Al Viro 提交于
new primitive: vfs_dup_fs_context(). Comes with fs_context method (->dup()) for copying the filesystem-specific parts of fs_context, along with LSM one (->fs_context_dup()) for doing the same to LSM parts. [needs better commit message, and change of Author:, anyway] Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 David Howells 提交于
Implement filesystem context security hooks for the smack LSM. Signed-off-by: NDavid Howells <dhowells@redhat.com> cc: Casey Schaufler <casey@schaufler-ca.com> cc: linux-security-module@vger.kernel.org Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
- 23 2月, 2019 1 次提交
-
-
由 Gustavo A. R. Silva 提交于
In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. This patch fixes the following warnings: security/integrity/ima/ima_template_lib.c:85:10: warning: this statement may fall through [-Wimplicit-fallthrough=] security/integrity/ima/ima_policy.c:940:18: warning: this statement may fall through [-Wimplicit-fallthrough=] security/integrity/ima/ima_policy.c:943:7: warning: this statement may fall through [-Wimplicit-fallthrough=] security/integrity/ima/ima_policy.c:972:21: warning: this statement may fall through [-Wimplicit-fallthrough=] security/integrity/ima/ima_policy.c:974:7: warning: this statement may fall through [-Wimplicit-fallthrough=] security/smack/smack_lsm.c:3391:9: warning: this statement may fall through [-Wimplicit-fallthrough=] security/apparmor/domain.c:569:6: warning: this statement may fall through [-Wimplicit-fallthrough=] Warning level 3 was used: -Wimplicit-fallthrough=3 Also, add a missing break statement to fix the following warning: security/integrity/ima/ima_appraise.c:116:26: warning: this statement may fall through [-Wimplicit-fallthrough=] Acked-by: NJohn Johansen <john.johansen@canonical.com> Acked-by: NCasey Schaufler <casey@schaufler-ca.com> Signed-off-by: NGustavo A. R. Silva <gustavo@embeddedor.com> Acked-by: NMimi Zohar <zohar@linux.ibm.com> Signed-off-by: NJames Morris <james.morris@microsoft.com>
-
- 01 2月, 2019 1 次提交
-
-
由 Richard Guy Briggs 提交于
The audit_rule_match() struct audit_context *actx parameter is not used by any in-tree consumers (selinux, apparmour, integrity, smack). The audit context is an internal audit structure that should only be accessed by audit accessor functions. It was part of commit 03d37d25 ("LSM/Audit: Introduce generic Audit LSM hooks") but appears to have never been used. Remove it. Please see the github issue https://github.com/linux-audit/audit-kernel/issues/107Signed-off-by: NRichard Guy Briggs <rgb@redhat.com> [PM: fixed the referenced commit title] Signed-off-by: NPaul Moore <paul@paul-moore.com>
-
- 19 1月, 2019 1 次提交
-
-
由 Tetsuo Handa 提交于
Since current->cred == current->real_cred when ordered_lsm_init() is called, and lsm_early_cred()/lsm_early_task() need to be called between the amount of required bytes is determined and module specific initialization function is called, we can move these calls from individual modules to ordered_lsm_init(). Signed-off-by: NTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: NCasey Schaufler <casey@schaufler-ca.com> Signed-off-by: NJames Morris <james.morris@microsoft.com>
-
- 09 1月, 2019 11 次提交
-
-
由 Casey Schaufler 提交于
Move management of the kern_ipc_perm->security and msg_msg->security blobs out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com> Reviewed-by: NKees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Casey Schaufler 提交于
Don't use the ipc->security pointer directly. Don't use the msg_msg->security pointer directly. Provide helper functions that provides the security blob pointers. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com> Reviewed-by: NKees Cook <keescook@chromium.org> Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Casey Schaufler 提交于
Move management of the inode->i_security blob out of the individual security modules and into the security infrastructure. Instead of allocating the blobs from within the modules the modules tell the infrastructure how much space is required, and the space is allocated there. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com> Reviewed-by: NKees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Casey Schaufler 提交于
Don't use the inode->i_security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com> Reviewed-by: NKees Cook <keescook@chromium.org> Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Casey Schaufler 提交于
Move management of the file->f_security blob out of the individual security modules and into the infrastructure. The modules no longer allocate or free the data, instead they tell the infrastructure how much space they require. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com> Reviewed-by: NKees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Casey Schaufler 提交于
Don't use the file->f_security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com> Reviewed-by: NKees Cook <keescook@chromium.org> Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Casey Schaufler 提交于
Move management of the cred security blob out of the security modules and into the security infrastructre. Instead of allocating and freeing space the security modules tell the infrastructure how much space they require. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com> Reviewed-by: NKees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Casey Schaufler 提交于
Don't use the cred->security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com> Reviewed-by: NKees Cook <keescook@chromium.org> [kees: adjusted for ordered init series] Signed-off-by: NKees Cook <keescook@chromium.org>
-
由 Kees Cook 提交于
In order to both support old "security=" Legacy Major LSM selection, and handling real exclusivity, this creates LSM_FLAG_EXCLUSIVE and updates the selection logic to handle them. Signed-off-by: NKees Cook <keescook@chromium.org> Reviewed-by: NCasey Schaufler <casey@schaufler-ca.com>
-
由 Kees Cook 提交于
As a prerequisite to adjusting LSM selection logic in the future, this moves the selection logic up out of the individual major LSMs, making their init functions only run when actually enabled. This considers all LSMs enabled by default unless they specified an external "enable" variable. Signed-off-by: NKees Cook <keescook@chromium.org> Reviewed-by: NCasey Schaufler <casey@schaufler-ca.com> Reviewed-by: NJohn Johansen <john.johansen@canonical.com>
-
由 Kees Cook 提交于
This adds a flag for the current "major" LSMs to distinguish them when we have a universal method for ordering all LSMs. It's called "legacy" since the distinction of "major" will go away in the blob-sharing world. Signed-off-by: NKees Cook <keescook@chromium.org> Reviewed-by: NCasey Schaufler <casey@schaufler-ca.com> Reviewed-by: NJohn Johansen <john.johansen@canonical.com>
-
- 22 12月, 2018 10 次提交
-
-
由 Al Viro 提交于
make it use smack_add_opt() and avoid separate copies - gather non-LSM options by memmove() in place Reviewed-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Al Viro 提交于
same issue as with selinux... [fix by Andrei Vagin folded in] Reviewed-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Al Viro 提交于
smack_add_opt() adds an already matched option to growing smack_mnt_options Reviewed-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Al Viro 提交于
Adding options to growing mnt_opts. NFS kludge with passing context= down into non-text-options mount switched to it, and with that the last use of ->sb_parse_opts_str() is gone. Reviewed-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Al Viro 提交于
Reviewed-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Al Viro 提交于
Keep void * instead, allocate on demand (in parse_str_opts, at the moment). Eventually both selinux and smack will be better off with private structures with several strings in those, rather than this "counter and two pointers to dynamically allocated arrays" ugliness. This commit allows to do that at leisure, without disrupting anything outside of given module. Changes: * instead of struct security_mnt_opt use an opaque pointer initialized to NULL. * security_sb_eat_lsm_opts(), security_sb_parse_opts_str() and security_free_mnt_opts() take it as var argument (i.e. as void **); call sites are unchanged. * security_sb_set_mnt_opts() and security_sb_remount() take it by value (i.e. as void *). * new method: ->sb_free_mnt_opts(). Takes void *, does whatever freeing that needs to be done. * ->sb_set_mnt_opts() and ->sb_remount() might get NULL as mnt_opts argument, meaning "empty". Reviewed-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Al Viro 提交于
Kill ->sb_copy_data() - it's used only in combination with immediately following ->sb_parse_opts_str(). Turn that combination into a new method. This is just a mechanical move - cleanups will be the next step. Reviewed-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Al Viro 提交于
... leaving the "is it kernel-internal" logics in the caller. Reviewed-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Al Viro 提交于
This paves the way for retaining the LSM options from a common filesystem mount context during a mount parameter parsing phase to be instituted prior to actual mount/reconfiguration actions. Reviewed-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-
由 Al Viro 提交于
fixes e.g. a btrfs leak... Reviewed-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
-