mirror of
https://github.com/tbsdtv/linux_media.git
synced 2025-07-23 12:43:29 +02:00
Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs mount infrastructure updates from Al Viro: "The rest of core infrastructure; no new syscalls in that pile, but the old parts are switched to new infrastructure. At that point conversions of individual filesystems can happen independently; some are done here (afs, cgroup, procfs, etc.), there's also a large series outside of that pile dealing with NFS (quite a bit of option-parsing stuff is getting used there - it's one of the most convoluted filesystems in terms of mount-related logics), but NFS bits are the next cycle fodder. It got seriously simplified since the last cycle; documentation is probably the weakest bit at the moment - I considered dropping the commit introducing Documentation/filesystems/mount_api.txt (cutting the size increase by quarter ;-), but decided that it would be better to fix it up after -rc1 instead. That pile allows to do followup work in independent branches, which should make life much easier for the next cycle. fs/super.c size increase is unpleasant; there's a followup series that allows to shrink it considerably, but I decided to leave that until the next cycle" * 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (41 commits) afs: Use fs_context to pass parameters over automount afs: Add fs_context support vfs: Add some logging to the core users of the fs_context log vfs: Implement logging through fs_context vfs: Provide documentation for new mount API vfs: Remove kern_mount_data() hugetlbfs: Convert to fs_context cpuset: Use fs_context kernfs, sysfs, cgroup, intel_rdt: Support fs_context cgroup: store a reference to cgroup_ns into cgroup_fs_context cgroup1_get_tree(): separate "get cgroup_root to use" into a separate helper cgroup_do_mount(): massage calling conventions cgroup: stash cgroup_root reference into cgroup_fs_context cgroup2: switch to option-by-option parsing cgroup1: switch to option-by-option parsing cgroup: take options parsing into ->parse_monolithic() cgroup: fold cgroup1_mount() into cgroup1_get_tree() cgroup: start switching to fs_context ipc: Convert mqueue fs to fs_context proc: Add fs_context support to procfs ...
This commit is contained in:
Linus Torvalds
@@ -48,6 +48,8 @@
|
||||
#include <linux/fdtable.h>
|
||||
#include <linux/namei.h>
|
||||
#include <linux/mount.h>
|
||||
#include <linux/fs_context.h>
|
||||
#include <linux/fs_parser.h>
|
||||
#include <linux/netfilter_ipv4.h>
|
||||
#include <linux/netfilter_ipv6.h>
|
||||
#include <linux/tty.h>
|
||||
@@ -410,11 +412,11 @@ static inline int inode_doinit(struct inode *inode)
|
||||
|
||||
enum {
|
||||
Opt_error = -1,
|
||||
Opt_context = 1,
|
||||
Opt_context = 0,
|
||||
Opt_defcontext = 1,
|
||||
Opt_fscontext = 2,
|
||||
Opt_defcontext = 3,
|
||||
Opt_rootcontext = 4,
|
||||
Opt_seclabel = 5,
|
||||
Opt_rootcontext = 3,
|
||||
Opt_seclabel = 4,
|
||||
};
|
||||
|
||||
#define A(s, has_arg) {#s, sizeof(#s) - 1, Opt_##s, has_arg}
|
||||
@@ -1067,6 +1069,7 @@ static int show_sid(struct seq_file *m, u32 sid)
|
||||
if (!rc) {
|
||||
bool has_comma = context && strchr(context, ',');
|
||||
|
||||
seq_putc(m, '=');
|
||||
if (has_comma)
|
||||
seq_putc(m, '\"');
|
||||
seq_escape(m, context, "\"\n\\");
|
||||
@@ -1120,7 +1123,7 @@ static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
|
||||
}
|
||||
if (sbsec->flags & SBLABEL_MNT) {
|
||||
seq_putc(m, ',');
|
||||
seq_puts(m, LABELSUPP_STR);
|
||||
seq_puts(m, SECLABEL_STR);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
@@ -2739,6 +2742,76 @@ static int selinux_umount(struct vfsmount *mnt, int flags)
|
||||
FILESYSTEM__UNMOUNT, NULL);
|
||||
}
|
||||
|
||||
static int selinux_fs_context_dup(struct fs_context *fc,
|
||||
struct fs_context *src_fc)
|
||||
{
|
||||
const struct selinux_mnt_opts *src = src_fc->security;
|
||||
struct selinux_mnt_opts *opts;
|
||||
|
||||
if (!src)
|
||||
return 0;
|
||||
|
||||
fc->security = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);
|
||||
if (!fc->security)
|
||||
return -ENOMEM;
|
||||
|
||||
opts = fc->security;
|
||||
|
||||
if (src->fscontext) {
|
||||
opts->fscontext = kstrdup(src->fscontext, GFP_KERNEL);
|
||||
if (!opts->fscontext)
|
||||
return -ENOMEM;
|
||||
}
|
||||
if (src->context) {
|
||||
opts->context = kstrdup(src->context, GFP_KERNEL);
|
||||
if (!opts->context)
|
||||
return -ENOMEM;
|
||||
}
|
||||
if (src->rootcontext) {
|
||||
opts->rootcontext = kstrdup(src->rootcontext, GFP_KERNEL);
|
||||
if (!opts->rootcontext)
|
||||
return -ENOMEM;
|
||||
}
|
||||
if (src->defcontext) {
|
||||
opts->defcontext = kstrdup(src->defcontext, GFP_KERNEL);
|
||||
if (!opts->defcontext)
|
||||
return -ENOMEM;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static const struct fs_parameter_spec selinux_param_specs[] = {
|
||||
fsparam_string(CONTEXT_STR, Opt_context),
|
||||
fsparam_string(DEFCONTEXT_STR, Opt_defcontext),
|
||||
fsparam_string(FSCONTEXT_STR, Opt_fscontext),
|
||||
fsparam_string(ROOTCONTEXT_STR, Opt_rootcontext),
|
||||
fsparam_flag (SECLABEL_STR, Opt_seclabel),
|
||||
{}
|
||||
};
|
||||
|
||||
static const struct fs_parameter_description selinux_fs_parameters = {
|
||||
.name = "SELinux",
|
||||
.specs = selinux_param_specs,
|
||||
};
|
||||
|
||||
static int selinux_fs_context_parse_param(struct fs_context *fc,
|
||||
struct fs_parameter *param)
|
||||
{
|
||||
struct fs_parse_result result;
|
||||
int opt, rc;
|
||||
|
||||
opt = fs_parse(fc, &selinux_fs_parameters, param, &result);
|
||||
if (opt < 0)
|
||||
return opt;
|
||||
|
||||
rc = selinux_add_opt(opt, param->string, &fc->security);
|
||||
if (!rc) {
|
||||
param->string = NULL;
|
||||
rc = 1;
|
||||
}
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* inode security operations */
|
||||
|
||||
static int selinux_inode_alloc_security(struct inode *inode)
|
||||
@@ -6592,6 +6665,9 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
|
||||
LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
|
||||
LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
|
||||
|
||||
LSM_HOOK_INIT(fs_context_dup, selinux_fs_context_dup),
|
||||
LSM_HOOK_INIT(fs_context_parse_param, selinux_fs_context_parse_param),
|
||||
|
||||
LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),
|
||||
LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security),
|
||||
LSM_HOOK_INIT(sb_eat_lsm_opts, selinux_sb_eat_lsm_opts),
|
||||
@@ -6837,6 +6913,8 @@ static __init int selinux_init(void)
|
||||
else
|
||||
pr_debug("SELinux: Starting in permissive mode\n");
|
||||
|
||||
fs_validate_description(&selinux_fs_parameters);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@@ -59,11 +59,11 @@
|
||||
#define SE_SBPROC 0x0200
|
||||
#define SE_SBGENFS 0x0400
|
||||
|
||||
#define CONTEXT_STR "context="
|
||||
#define FSCONTEXT_STR "fscontext="
|
||||
#define ROOTCONTEXT_STR "rootcontext="
|
||||
#define DEFCONTEXT_STR "defcontext="
|
||||
#define LABELSUPP_STR "seclabel"
|
||||
#define CONTEXT_STR "context"
|
||||
#define FSCONTEXT_STR "fscontext"
|
||||
#define ROOTCONTEXT_STR "rootcontext"
|
||||
#define DEFCONTEXT_STR "defcontext"
|
||||
#define SECLABEL_STR "seclabel"
|
||||
|
||||
struct netlbl_lsm_secattr;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user