1. 25 Jan, 2008 2 commits
    • Eric Paris's avatar
      Security: add get, set, and cloning of superblock security information · c9180a57
      Eric Paris authored
      Adds security_get_sb_mnt_opts, security_set_sb_mnt_opts, and
      security_clont_sb_mnt_opts to the LSM and to SELinux.  This will allow
      filesystems to directly own and control all of their mount options if they
      so choose.  This interface deals only with option identifiers and strings so
      it should generic enough for any LSM which may come in the future.
      
      Filesystems which pass text mount data around in the kernel (almost all of
      them) need not currently make use of this interface when dealing with
      SELinux since it will still parse those strings as it always has.  I assume
      future LSM's would do the same.  NFS is the primary FS which does not use
      text mount data and thus must make use of this interface.
      
      An LSM would need to implement these functions only if they had mount time
      options, such as selinux has context= or fscontext=.  If the LSM has no
      mount time options they could simply not implement and let the dummy ops
      take care of things.
      
      An LSM other than SELinux would need to define new option numbers in
      security.h and any FS which decides to own there own security options would
      need to be patched to use this new interface for every possible LSM.  This
      is because it was stated to me very clearly that LSM's should not attempt to
      understand FS mount data and the burdon to understand security should be in
      the FS which owns the options.
      Signed-off-by: default avatarEric Paris <eparis@redhat.com>
      Acked-by: default avatarStephen D. Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      c9180a57
    • Joe Perches's avatar
      security/selinux: Add missing "space" · 19c5fc19
      Joe Perches authored
      Add missing space.
      Signed-off-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      19c5fc19
  2. 24 Jan, 2008 32 commits
  3. 23 Jan, 2008 6 commits