linux/security/smack, branch v5.0 Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v5.0 2019-01-05T21:25:58Z Merge branch 'mount.part1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-01-05T21:25:58Z Linus Torvalds torvalds@linux-foundation.org 2019-01-05T21:25:58Z urn:sha1:505b050fdf42097883b2d37b8e796e1f11dbef50 Pull vfs mount API prep from Al Viro: "Mount API prereqs. Mostly that's LSM mount options cleanups. There are several minor fixes in there, but nothing earth-shattering (leaks on failure exits, mostly)" * 'mount.part1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (27 commits) mount_fs: suppress MAC on MS_SUBMOUNT as well as MS_KERNMOUNT smack: rewrite smack_sb_eat_lsm_opts() smack: get rid of match_token() smack: take the guts of smack_parse_opts_str() into a new helper LSM: new method: ->sb_add_mnt_opt() selinux: rewrite selinux_sb_eat_lsm_opts() selinux: regularize Opt_... names a bit selinux: switch away from match_token() selinux: new helper - selinux_add_opt() LSM: bury struct security_mnt_opts smack: switch to private smack_mnt_opts selinux: switch to private struct selinux_mnt_opts LSM: hide struct security_mnt_opts from any generic code selinux: kill selinux_sb_get_mnt_opts() LSM: turn sb_eat_lsm_opts() into a method nfs_remount(): don't leak, don't ignore LSM options quietly btrfs: sanitize security_mnt_opts use selinux; don't open-code a loop in sb_finish_set_opts() LSM: split ->sb_set_mnt_opts() out of ->sb_kern_mount() new helper: security_sb_eat_lsm_opts() ... smack: rewrite smack_sb_eat_lsm_opts() 2018-12-21T16:51:02Z Al Viro viro@zeniv.linux.org.uk 2018-12-16T06:37:06Z urn:sha1:d2497e12e230c3f1be8ca6a0609a98c8c609fb80 make it use smack_add_opt() and avoid separate copies - gather non-LSM options by memmove() in place Reviewed-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> smack: get rid of match_token() 2018-12-21T16:50:51Z Al Viro viro@zeniv.linux.org.uk 2018-12-16T06:52:24Z urn:sha1:c3300aaf95fb4e5be41e731fa6427d0d996d32ac same issue as with selinux... [fix by Andrei Vagin folded in] Reviewed-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> smack: take the guts of smack_parse_opts_str() into a new helper 2018-12-21T16:50:30Z Al Viro viro@zeniv.linux.org.uk 2018-12-16T06:09:45Z urn:sha1:55c0e5bd078eba2d41d76fa25d5d5e55f1ff09ee smack_add_opt() adds an already matched option to growing smack_mnt_options Reviewed-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> LSM: new method: ->sb_add_mnt_opt() 2018-12-21T16:50:02Z Al Viro viro@zeniv.linux.org.uk 2018-12-15T04:42:21Z urn:sha1:757cbe597fe8490c7c0a9650ebe5d60195f151d4 Adding options to growing mnt_opts. NFS kludge with passing context= down into non-text-options mount switched to it, and with that the last use of ->sb_parse_opts_str() is gone. Reviewed-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> smack: switch to private smack_mnt_opts 2018-12-21T16:48:54Z Al Viro viro@zeniv.linux.org.uk 2018-12-13T20:18:05Z urn:sha1:12085b14a4440a6d12ff7966702c010df87caef0 Reviewed-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> LSM: hide struct security_mnt_opts from any generic code 2018-12-21T16:48:34Z Al Viro viro@zeniv.linux.org.uk 2018-12-13T18:41:47Z urn:sha1:204cc0ccf1d49c6292aeef4c8edd1b3d10ff933c Keep void * instead, allocate on demand (in parse_str_opts, at the moment). Eventually both selinux and smack will be better off with private structures with several strings in those, rather than this "counter and two pointers to dynamically allocated arrays" ugliness. This commit allows to do that at leisure, without disrupting anything outside of given module. Changes: * instead of struct security_mnt_opt use an opaque pointer initialized to NULL. * security_sb_eat_lsm_opts(), security_sb_parse_opts_str() and security_free_mnt_opts() take it as var argument (i.e. as void **); call sites are unchanged. * security_sb_set_mnt_opts() and security_sb_remount() take it by value (i.e. as void *). * new method: ->sb_free_mnt_opts(). Takes void *, does whatever freeing that needs to be done. * ->sb_set_mnt_opts() and ->sb_remount() might get NULL as mnt_opts argument, meaning "empty". Reviewed-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> LSM: turn sb_eat_lsm_opts() into a method 2018-12-21T16:47:41Z Al Viro viro@zeniv.linux.org.uk 2018-12-13T01:13:29Z urn:sha1:5b4002391153acebce2557af318bbdc17e235134 Kill ->sb_copy_data() - it's used only in combination with immediately following ->sb_parse_opts_str(). Turn that combination into a new method. This is just a mechanical move - cleanups will be the next step. Reviewed-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> LSM: split ->sb_set_mnt_opts() out of ->sb_kern_mount() 2018-12-21T16:46:42Z Al Viro viro@zeniv.linux.org.uk 2018-12-05T16:58:35Z urn:sha1:a10d7c22b34bcf744679019269bfb33ebf0b75ee ... leaving the "is it kernel-internal" logics in the caller. Reviewed-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> LSM: lift parsing LSM options into the caller of ->sb_kern_mount() 2018-12-21T16:45:30Z Al Viro viro@zeniv.linux.org.uk 2018-12-02T03:42:44Z urn:sha1:6be8750b4cba8c37170f46b29841d112f1be749b This paves the way for retaining the LSM options from a common filesystem mount context during a mount parameter parsing phase to be instituted prior to actual mount/reconfiguration actions. Reviewed-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>