Login
Log in using an SSO provider:
Fedora Account System
Red Hat Associate
Red Hat Customer
Login using a Red Hat Bugzilla account
Forgot Password
Create an Account
Red Hat Bugzilla – Attachment 1084265 Details for
Bug 1272868
RFE: Add support for filesystem subtypes in SELinux
Home
New
Search
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh92 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
[?]
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
sample patch
fs_subtype.patch (text/plain), 4.23 KB, created by
Bipin Kunal
on 2015-10-19 06:14:17 UTC
(
hide
)
Description:
sample patch
Filename:
MIME Type:
Creator:
Bipin Kunal
Created:
2015-10-19 06:14:17 UTC
Size:
4.23 KB
patch
obsolete
>diff --git a/fs/internal.h b/fs/internal.h >index 71859c4d..cba4ebb 100644 >--- a/fs/internal.h >+++ b/fs/internal.h >@@ -85,7 +85,7 @@ extern struct file *get_empty_filp(void); > */ > extern int do_remount_sb(struct super_block *, int, void *, int); > extern bool trylock_super(struct super_block *sb); >-extern struct dentry *mount_fs(struct file_system_type *, >+extern struct dentry *mount_fs(struct file_system_type *, const char *, > int, const char *, void *); > extern struct super_block *user_get_super(dev_t); > >diff --git a/fs/namespace.c b/fs/namespace.c >index 0570729..e416461 100644 >--- a/fs/namespace.c >+++ b/fs/namespace.c >@@ -929,8 +929,9 @@ static struct mount *skip_mnt_tree(struct mount *p) > return p; > } > >-struct vfsmount * >-vfs_kern_mount(struct file_system_type *type, int flags, const char *name, void *data) >+static struct vfsmount * >+vfs_kern_mount_subtype(struct file_system_type *type, const char *subtype, >+ int flags, const char *name, void *data) > { > struct mount *mnt; > struct dentry *root; >@@ -945,7 +946,7 @@ vfs_kern_mount(struct file_system_type *type, int flags, const char *name, void > if (flags & MS_KERNMOUNT) > mnt->mnt.mnt_flags = MNT_INTERNAL; > >- root = mount_fs(type, flags, name, data); >+ root = mount_fs(type, subtype, flags, name, data); > if (IS_ERR(root)) { > mnt_free_id(mnt); > free_vfsmnt(mnt); >@@ -961,6 +962,12 @@ vfs_kern_mount(struct file_system_type *type, int flags, const char *name, void > unlock_mount_hash(); > return &mnt->mnt; > } >+ >+struct vfsmount * >+vfs_kern_mount(struct file_system_type *type, int flags, const char *name, void *data) >+{ >+ return vfs_kern_mount_subtype(type, NULL, flags, name, data); >+} > EXPORT_SYMBOL_GPL(vfs_kern_mount); > > static struct mount *clone_mnt(struct mount *old, struct dentry *root, >@@ -2300,27 +2307,17 @@ out: > return err; > } > >-static struct vfsmount *fs_set_subtype(struct vfsmount *mnt, const char *fstype) >+static const char *fs_get_subtype(const char *fstype) > { >- int err; > const char *subtype = strchr(fstype, '.'); >+ > if (subtype) { > subtype++; >- err = -EINVAL; > if (!subtype[0]) >- goto err; >- } else >- subtype = ""; >- >- mnt->mnt_sb->s_subtype = kstrdup(subtype, GFP_KERNEL); >- err = -ENOMEM; >- if (!mnt->mnt_sb->s_subtype) >- goto err; >- return mnt; >+ return ERR_PTR(-EINVAL); >+ } > >- err: >- mntput(mnt); >- return ERR_PTR(err); >+ return subtype; > } > > /* >@@ -2380,6 +2377,7 @@ static int do_new_mount(struct path *path, const char *fstype, int flags, > struct user_namespace *user_ns = current->nsproxy->mnt_ns->user_ns; > struct vfsmount *mnt; > int err; >+ const char *subtype = NULL; > > if (!fstype) > return -EINVAL; >@@ -2406,10 +2404,16 @@ static int do_new_mount(struct path *path, const char *fstype, int flags, > } > } > >- mnt = vfs_kern_mount(type, flags, name, data); >- if (!IS_ERR(mnt) && (type->fs_flags & FS_HAS_SUBTYPE) && >- !mnt->mnt_sb->s_subtype) >- mnt = fs_set_subtype(mnt, fstype); >+ if (type->fs_flags & FS_HAS_SUBTYPE) { >+ subtype = fs_get_subtype(fstype); >+ if (IS_ERR(subtype)) { >+ put_filesystem(type); >+ return PTR_ERR(subtype); >+ } else if (!subtype) >+ subtype = ""; >+ } >+ >+ mnt = vfs_kern_mount_subtype(type, subtype, flags, name, data); > > put_filesystem(type); > if (IS_ERR(mnt)) >diff --git a/fs/super.c b/fs/super.c >index 954aeb8..c9e9998 100644 >--- a/fs/super.c >+++ b/fs/super.c >@@ -1103,7 +1103,8 @@ struct dentry *mount_single(struct file_system_type *fs_type, > EXPORT_SYMBOL(mount_single); > > struct dentry * >-mount_fs(struct file_system_type *type, int flags, const char *name, void *data) >+mount_fs(struct file_system_type *type, const char *subtype, int flags, >+ const char *name, void *data) > { > struct dentry *root; > struct super_block *sb; >@@ -1130,6 +1131,14 @@ mount_fs(struct file_system_type *type, int flags, const char *name, void *data) > WARN_ON(!sb->s_bdi); > sb->s_flags |= MS_BORN; > >+ /* selinux requires the subtype to make policy decisions */ >+ if (subtype && !sb->s_subtype) { >+ error = -ENOMEM; >+ sb->s_subtype = kstrdup(subtype, GFP_KERNEL); >+ if (!sb->s_subtype) >+ goto out_sb; >+ } >+ > error = security_sb_kern_mount(sb, flags, secdata); > if (error) > goto out_sb;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1084265">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1272868
: 1084265