提交 e830b394 编写于 作者: C Casey Schaufler

Smack: Add smkfstransmute mount option

Suppliment the smkfsroot mount option with another, smkfstransmute,
that does the same thing but also marks the root inode as
transmutting. This allows a freshly created filesystem to
be mounted with a transmutting heirarchy.

Targeted for git://git.gitorious.org/smack-next/kernel.gitSigned-off-by: NCasey Schaufler <casey@schaufler-ca.com>
上级 2f823ff8
...@@ -143,6 +143,7 @@ struct smk_port_label { ...@@ -143,6 +143,7 @@ struct smk_port_label {
#define SMK_FSFLOOR "smackfsfloor=" #define SMK_FSFLOOR "smackfsfloor="
#define SMK_FSHAT "smackfshat=" #define SMK_FSHAT "smackfshat="
#define SMK_FSROOT "smackfsroot=" #define SMK_FSROOT "smackfsroot="
#define SMK_FSTRANS "smackfstransmute="
#define SMACK_CIPSO_OPTION "-CIPSO" #define SMACK_CIPSO_OPTION "-CIPSO"
......
...@@ -261,8 +261,9 @@ static int smack_sb_alloc_security(struct super_block *sb) ...@@ -261,8 +261,9 @@ static int smack_sb_alloc_security(struct super_block *sb)
sbsp->smk_default = smack_known_floor.smk_known; sbsp->smk_default = smack_known_floor.smk_known;
sbsp->smk_floor = smack_known_floor.smk_known; sbsp->smk_floor = smack_known_floor.smk_known;
sbsp->smk_hat = smack_known_hat.smk_known; sbsp->smk_hat = smack_known_hat.smk_known;
sbsp->smk_initialized = 0; /*
* smk_initialized will be zero from kzalloc.
*/
sb->s_security = sbsp; sb->s_security = sbsp;
return 0; return 0;
...@@ -306,6 +307,8 @@ static int smack_sb_copy_data(char *orig, char *smackopts) ...@@ -306,6 +307,8 @@ static int smack_sb_copy_data(char *orig, char *smackopts)
dp = smackopts; dp = smackopts;
else if (strstr(cp, SMK_FSROOT) == cp) else if (strstr(cp, SMK_FSROOT) == cp)
dp = smackopts; dp = smackopts;
else if (strstr(cp, SMK_FSTRANS) == cp)
dp = smackopts;
else else
dp = otheropts; dp = otheropts;
...@@ -341,8 +344,9 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) ...@@ -341,8 +344,9 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
char *op; char *op;
char *commap; char *commap;
char *nsp; char *nsp;
int transmute = 0;
if (sp->smk_initialized != 0) if (sp->smk_initialized)
return 0; return 0;
sp->smk_initialized = 1; sp->smk_initialized = 1;
...@@ -373,6 +377,13 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) ...@@ -373,6 +377,13 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
nsp = smk_import(op, 0); nsp = smk_import(op, 0);
if (nsp != NULL) if (nsp != NULL)
sp->smk_root = nsp; sp->smk_root = nsp;
} else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
op += strlen(SMK_FSTRANS);
nsp = smk_import(op, 0);
if (nsp != NULL) {
sp->smk_root = nsp;
transmute = 1;
}
} }
} }
...@@ -380,11 +391,15 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) ...@@ -380,11 +391,15 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
* Initialize the root inode. * Initialize the root inode.
*/ */
isp = inode->i_security; isp = inode->i_security;
if (isp == NULL) if (inode->i_security == NULL) {
inode->i_security = new_inode_smack(sp->smk_root); inode->i_security = new_inode_smack(sp->smk_root);
else isp = inode->i_security;
} else
isp->smk_inode = sp->smk_root; isp->smk_inode = sp->smk_root;
if (transmute)
isp->smk_flags |= SMK_INODE_TRANSMUTE;
return 0; return 0;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册