Smack: Add smkfstransmute mount option
Suppliment the smkfsroot mount option with another, smkfstransmute, that does the same thing but also marks the root inode as transmutting. This allows a freshly created filesystem to be mounted with a transmutting heirarchy. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
This commit is contained in:
parent
2f823ff8be
commit
e830b39412
|
@ -143,6 +143,7 @@ struct smk_port_label {
|
||||||
#define SMK_FSFLOOR "smackfsfloor="
|
#define SMK_FSFLOOR "smackfsfloor="
|
||||||
#define SMK_FSHAT "smackfshat="
|
#define SMK_FSHAT "smackfshat="
|
||||||
#define SMK_FSROOT "smackfsroot="
|
#define SMK_FSROOT "smackfsroot="
|
||||||
|
#define SMK_FSTRANS "smackfstransmute="
|
||||||
|
|
||||||
#define SMACK_CIPSO_OPTION "-CIPSO"
|
#define SMACK_CIPSO_OPTION "-CIPSO"
|
||||||
|
|
||||||
|
|
|
@ -261,8 +261,9 @@ static int smack_sb_alloc_security(struct super_block *sb)
|
||||||
sbsp->smk_default = smack_known_floor.smk_known;
|
sbsp->smk_default = smack_known_floor.smk_known;
|
||||||
sbsp->smk_floor = smack_known_floor.smk_known;
|
sbsp->smk_floor = smack_known_floor.smk_known;
|
||||||
sbsp->smk_hat = smack_known_hat.smk_known;
|
sbsp->smk_hat = smack_known_hat.smk_known;
|
||||||
sbsp->smk_initialized = 0;
|
/*
|
||||||
|
* smk_initialized will be zero from kzalloc.
|
||||||
|
*/
|
||||||
sb->s_security = sbsp;
|
sb->s_security = sbsp;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -306,6 +307,8 @@ static int smack_sb_copy_data(char *orig, char *smackopts)
|
||||||
dp = smackopts;
|
dp = smackopts;
|
||||||
else if (strstr(cp, SMK_FSROOT) == cp)
|
else if (strstr(cp, SMK_FSROOT) == cp)
|
||||||
dp = smackopts;
|
dp = smackopts;
|
||||||
|
else if (strstr(cp, SMK_FSTRANS) == cp)
|
||||||
|
dp = smackopts;
|
||||||
else
|
else
|
||||||
dp = otheropts;
|
dp = otheropts;
|
||||||
|
|
||||||
|
@ -341,8 +344,9 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
|
||||||
char *op;
|
char *op;
|
||||||
char *commap;
|
char *commap;
|
||||||
char *nsp;
|
char *nsp;
|
||||||
|
int transmute = 0;
|
||||||
|
|
||||||
if (sp->smk_initialized != 0)
|
if (sp->smk_initialized)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
sp->smk_initialized = 1;
|
sp->smk_initialized = 1;
|
||||||
|
@ -373,6 +377,13 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
|
||||||
nsp = smk_import(op, 0);
|
nsp = smk_import(op, 0);
|
||||||
if (nsp != NULL)
|
if (nsp != NULL)
|
||||||
sp->smk_root = nsp;
|
sp->smk_root = nsp;
|
||||||
|
} else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
|
||||||
|
op += strlen(SMK_FSTRANS);
|
||||||
|
nsp = smk_import(op, 0);
|
||||||
|
if (nsp != NULL) {
|
||||||
|
sp->smk_root = nsp;
|
||||||
|
transmute = 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -380,11 +391,15 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
|
||||||
* Initialize the root inode.
|
* Initialize the root inode.
|
||||||
*/
|
*/
|
||||||
isp = inode->i_security;
|
isp = inode->i_security;
|
||||||
if (isp == NULL)
|
if (inode->i_security == NULL) {
|
||||||
inode->i_security = new_inode_smack(sp->smk_root);
|
inode->i_security = new_inode_smack(sp->smk_root);
|
||||||
else
|
isp = inode->i_security;
|
||||||
|
} else
|
||||||
isp->smk_inode = sp->smk_root;
|
isp->smk_inode = sp->smk_root;
|
||||||
|
|
||||||
|
if (transmute)
|
||||||
|
isp->smk_flags |= SMK_INODE_TRANSMUTE;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue