[PATCH 2/2] SELinux: display SELinux mount options in /proc/mounts

[PATCH 2/2] SELinux: display SELinux mount options in /proc/mounts

[Eric Paris]

This patch causes SELinux mount options to show up in /proc/mounts.  As
with other code in the area seq_put errors are ignored.  Other LSM's
will not have their mount options displayed until they fill in their own
security_sb_show_options() function.

Signed-off-by: Eric Paris <eparis@redhat.com>

---

fs/namespace.c           |    4 +++
 include/linux/security.h |    9 ++++++++
 security/dummy.c         |    6 +++++
 security/security.c      |    5 ++++
 security/selinux/hooks.c |   52 ++++++++++++++++++++++++++++++++++++++++++++-
 5 files changed, 74 insertions(+), 2 deletions(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index 94f026e..a9748d3 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -426,8 +426,12 @@ static int show_vfsmnt(struct seq_file *m, void *v)
 		if (mnt->mnt_flags & fs_infop->flag)
 			seq_puts(m, fs_infop->str);
 	}
+	err = security_sb_show_options(m, mnt->mnt_sb);
+	if (err)
+		goto out;
 	if (mnt->mnt_sb->s_op->show_options)
 		err = mnt->mnt_sb->s_op->show_options(m, mnt);
+out:
 	seq_puts(m, " 0 0\n");
 	return err;
 }
diff --git a/include/linux/security.h b/include/linux/security.h
index c673dfd..bb3c7eb 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -74,6 +74,7 @@ struct xfrm_selector;
 struct xfrm_policy;
 struct xfrm_state;
 struct xfrm_user_sec_ctx;
+struct seq_file;
 
 extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
 extern int cap_netlink_recv(struct sk_buff *skb, int cap);
@@ -1259,6 +1260,7 @@ struct security_operations {
 	void (*sb_free_security) (struct super_block * sb);
 	int (*sb_copy_data)(char *orig, char *copy);
 	int (*sb_kern_mount) (struct super_block *sb, void *data);
+	int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
 	int (*sb_statfs) (struct dentry *dentry);
 	int (*sb_mount) (char *dev_name, struct nameidata * nd,
 			 char *type, unsigned long flags, void *data);
@@ -1527,6 +1529,7 @@ int security_sb_alloc(struct super_block *sb);
 void security_sb_free(struct super_block *sb);
 int security_sb_copy_data(char *orig, char *copy);
 int security_sb_kern_mount(struct super_block *sb, void *data);
+int security_sb_show_options(struct seq_file *m, struct super_block *sb);
 int security_sb_statfs(struct dentry *dentry);
 int security_sb_mount(char *dev_name, struct nameidata *nd,
                        char *type, unsigned long flags, void *data);
@@ -1800,6 +1803,12 @@ static inline int security_sb_kern_mount (struct super_block *sb, void *data)
 	return 0;
 }
 
+static inline int security_sb_show_options(struct seq_file *m,
+					   struct super_block *sb)
+{
+	return 0;
+}
+
 static inline int security_sb_statfs (struct dentry *dentry)
 {
 	return 0;
diff --git a/security/dummy.c b/security/dummy.c
index 78d8f92..3aed4bc 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -191,6 +191,11 @@ static int dummy_sb_kern_mount (struct super_block *sb, void *data)
 	return 0;
 }
 
+static int dummy_sb_show_options(struct seq_file *m, struct super_block *sb)
+{
+	return 0;
+}
+
 static int dummy_sb_statfs (struct dentry *dentry)
 {
 	return 0;
@@ -1017,6 +1022,7 @@ void security_fixup_ops (struct security_operations *ops)
 	set_to_dummy_if_null(ops, sb_free_security);
 	set_to_dummy_if_null(ops, sb_copy_data);
 	set_to_dummy_if_null(ops, sb_kern_mount);
+	set_to_dummy_if_null(ops, sb_show_options);
 	set_to_dummy_if_null(ops, sb_statfs);
 	set_to_dummy_if_null(ops, sb_mount);
 	set_to_dummy_if_null(ops, sb_check_sb);
diff --git a/security/security.c b/security/security.c
index b1387a6..5e3a3bd 100644
--- a/security/security.c
+++ b/security/security.c
@@ -255,6 +255,11 @@ int security_sb_kern_mount(struct super_block *sb, void *data)
 	return security_ops->sb_kern_mount(sb, data);
 }
 
+int security_sb_show_options(struct seq_file *m, struct super_block *sb)
+{
+	return security_ops->sb_show_options(m, sb);
+}
+
 int security_sb_statfs(struct dentry *dentry)
 {
 	return security_ops->sb_statfs(dentry);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d6aa4a6..46b307c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -9,7 +9,8 @@
  *            James Morris <jmorris@redhat.com>
  *
  *  Copyright (C) 2001,2002 Networks Associates Technology, Inc.
- *  Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ *  Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ *					   Eric Paris <eparis@redhat.com>
  *  Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
  *                          <dgoeddel@trustedcs.com>
  *  Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P.
@@ -19,7 +20,7 @@
  *
  *	This program is free software; you can redistribute it and/or modify
  *	it under the terms of the GNU General Public License version 2,
- *      as published by the Free Software Foundation.
+ *	as published by the Free Software Foundation.
  */
 
 #include <linux/init.h>
@@ -947,6 +948,52 @@ out_err:
 	return rc;
 }
 
+void selinux_write_opts(struct seq_file *m, struct security_mnt_opts *opts)
+{
+	int i;
+	char *prefix;
+
+	for (i = 0; i < opts->num_mnt_opts; i++) {
+		/* we need a comma before each option */
+		seq_putc(m, ',');
+
+		switch (opts->mnt_opts_flags[i]) {
+		case CONTEXT_MNT:
+			prefix = CONTEXT_STR;
+			break;
+		case FSCONTEXT_MNT:
+			prefix = FSCONTEXT_STR;
+			break;
+		case ROOTCONTEXT_MNT:
+			prefix = ROOTCONTEXT_STR;
+			break;
+		case DEFCONTEXT_MNT:
+			prefix = DEFCONTEXT_STR;
+			break;
+		default:
+			BUG();
+		};
+		seq_puts(m, prefix);
+		seq_puts(m, opts->mnt_opts[i]);
+	}
+}
+
+static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
+{
+	struct security_mnt_opts opts;
+	int rc;
+
+	rc = selinux_get_mnt_opts(sb, &opts);
+	if (rc)
+		return rc;
+
+	selinux_write_opts(m, &opts);
+
+	security_free_mnt_opts(&opts);
+
+	return rc;
+}
+
 static inline u16 inode_mode_to_security_class(umode_t mode)
 {
 	switch (mode & S_IFMT) {
@@ -5257,6 +5304,7 @@ static struct security_operations selinux_ops = {
 	.sb_free_security =		selinux_sb_free_security,
 	.sb_copy_data =			selinux_sb_copy_data,
 	.sb_kern_mount =	        selinux_sb_kern_mount,
+	.sb_show_options =		selinux_sb_show_options,
 	.sb_statfs =			selinux_sb_statfs,
 	.sb_mount =			selinux_mount,
 	.sb_umount =			selinux_umount,

Re: [PATCH 2/2] SELinux: display SELinux mount options in /proc/mounts

[Miklos Szeredi]

Where's 1/2?  I've ported this to the tip of the vfs-2.6 tree, but
can't compile it without the other half.

Miklos

----
From: Eric Paris <eparis@redhat.com>

This patch causes SELinux mount options to show up in /proc/mounts.  As
with other code in the area seq_put errors are ignored.  Other LSM's
will not have their mount options displayed until they fill in their own
security_sb_show_options() function.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
---
 fs/namespace.c           |   12 ++++++----
 include/linux/security.h |    9 ++++++++
 security/dummy.c         |    6 +++++
 security/security.c      |    5 ++++
 security/selinux/hooks.c |   52 +++++++++++++++++++++++++++++++++++++++++++++--
 5 files changed, 77 insertions(+), 7 deletions(-)

Index: vfs-2.6/include/linux/security.h
===================================================================
--- vfs-2.6.orig/include/linux/security.h	2008-03-31 14:16:24.000000000 +0200
+++ vfs-2.6/include/linux/security.h	2008-04-02 10:59:10.000000000 +0200
@@ -74,6 +74,7 @@ struct xfrm_selector;
 struct xfrm_policy;
 struct xfrm_state;
 struct xfrm_user_sec_ctx;
+struct seq_file;
 
 extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
 extern int cap_netlink_recv(struct sk_buff *skb, int cap);
@@ -1259,6 +1260,7 @@ struct security_operations {
 	void (*sb_free_security) (struct super_block * sb);
 	int (*sb_copy_data)(char *orig, char *copy);
 	int (*sb_kern_mount) (struct super_block *sb, void *data);
+	int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
 	int (*sb_statfs) (struct dentry *dentry);
 	int (*sb_mount) (char *dev_name, struct path *path,
 			 char *type, unsigned long flags, void *data);
@@ -1527,6 +1529,7 @@ int security_sb_alloc(struct super_block
 void security_sb_free(struct super_block *sb);
 int security_sb_copy_data(char *orig, char *copy);
 int security_sb_kern_mount(struct super_block *sb, void *data);
+int security_sb_show_options(struct seq_file *m, struct super_block *sb);
 int security_sb_statfs(struct dentry *dentry);
 int security_sb_mount(char *dev_name, struct path *path,
                        char *type, unsigned long flags, void *data);
@@ -1800,6 +1803,12 @@ static inline int security_sb_kern_mount
 	return 0;
 }
 
+static inline int security_sb_show_options(struct seq_file *m,
+					   struct super_block *sb)
+{
+	return 0;
+}
+
 static inline int security_sb_statfs (struct dentry *dentry)
 {
 	return 0;
Index: vfs-2.6/security/dummy.c
===================================================================
--- vfs-2.6.orig/security/dummy.c	2008-03-31 14:16:24.000000000 +0200
+++ vfs-2.6/security/dummy.c	2008-04-02 10:59:10.000000000 +0200
@@ -191,6 +191,11 @@ static int dummy_sb_kern_mount (struct s
 	return 0;
 }
 
+static int dummy_sb_show_options(struct seq_file *m, struct super_block *sb)
+{
+	return 0;
+}
+
 static int dummy_sb_statfs (struct dentry *dentry)
 {
 	return 0;
@@ -1017,6 +1022,7 @@ void security_fixup_ops (struct security
 	set_to_dummy_if_null(ops, sb_free_security);
 	set_to_dummy_if_null(ops, sb_copy_data);
 	set_to_dummy_if_null(ops, sb_kern_mount);
+	set_to_dummy_if_null(ops, sb_show_options);
 	set_to_dummy_if_null(ops, sb_statfs);
 	set_to_dummy_if_null(ops, sb_mount);
 	set_to_dummy_if_null(ops, sb_check_sb);
Index: vfs-2.6/security/security.c
===================================================================
--- vfs-2.6.orig/security/security.c	2008-03-31 14:16:24.000000000 +0200
+++ vfs-2.6/security/security.c	2008-04-02 10:59:10.000000000 +0200
@@ -255,6 +255,11 @@ int security_sb_kern_mount(struct super_
 	return security_ops->sb_kern_mount(sb, data);
 }
 
+int security_sb_show_options(struct seq_file *m, struct super_block *sb)
+{
+	return security_ops->sb_show_options(m, sb);
+}
+
 int security_sb_statfs(struct dentry *dentry)
 {
 	return security_ops->sb_statfs(dentry);
Index: vfs-2.6/security/selinux/hooks.c
===================================================================
--- vfs-2.6.orig/security/selinux/hooks.c	2008-03-31 14:16:24.000000000 +0200
+++ vfs-2.6/security/selinux/hooks.c	2008-04-02 10:59:10.000000000 +0200
@@ -9,7 +9,8 @@
  *            James Morris <jmorris@redhat.com>
  *
  *  Copyright (C) 2001,2002 Networks Associates Technology, Inc.
- *  Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ *  Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ *					   Eric Paris <eparis@redhat.com>
  *  Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
  *                          <dgoeddel@trustedcs.com>
  *  Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P.
@@ -19,7 +20,7 @@
  *
  *	This program is free software; you can redistribute it and/or modify
  *	it under the terms of the GNU General Public License version 2,
- *      as published by the Free Software Foundation.
+ *	as published by the Free Software Foundation.
  */
 
 #include <linux/init.h>
@@ -947,6 +948,52 @@ out_err:
 	return rc;
 }
 
+void selinux_write_opts(struct seq_file *m, struct security_mnt_opts *opts)
+{
+	int i;
+	char *prefix;
+
+	for (i = 0; i < opts->num_mnt_opts; i++) {
+		/* we need a comma before each option */
+		seq_putc(m, ',');
+
+		switch (opts->mnt_opts_flags[i]) {
+		case CONTEXT_MNT:
+			prefix = CONTEXT_STR;
+			break;
+		case FSCONTEXT_MNT:
+			prefix = FSCONTEXT_STR;
+			break;
+		case ROOTCONTEXT_MNT:
+			prefix = ROOTCONTEXT_STR;
+			break;
+		case DEFCONTEXT_MNT:
+			prefix = DEFCONTEXT_STR;
+			break;
+		default:
+			BUG();
+		};
+		seq_puts(m, prefix);
+		seq_puts(m, opts->mnt_opts[i]);
+	}
+}
+
+static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
+{
+	struct security_mnt_opts opts;
+	int rc;
+
+	rc = selinux_get_mnt_opts(sb, &opts);
+	if (rc)
+		return rc;
+
+	selinux_write_opts(m, &opts);
+
+	security_free_mnt_opts(&opts);
+
+	return rc;
+}
+
 static inline u16 inode_mode_to_security_class(umode_t mode)
 {
 	switch (mode & S_IFMT) {
@@ -5257,6 +5304,7 @@ static struct security_operations selinu
 	.sb_free_security =		selinux_sb_free_security,
 	.sb_copy_data =			selinux_sb_copy_data,
 	.sb_kern_mount =	        selinux_sb_kern_mount,
+	.sb_show_options =		selinux_sb_show_options,
 	.sb_statfs =			selinux_sb_statfs,
 	.sb_mount =			selinux_mount,
 	.sb_umount =			selinux_umount,
Index: vfs-2.6/fs/namespace.c
===================================================================
--- vfs-2.6.orig/fs/namespace.c	2008-03-31 14:16:24.000000000 +0200
+++ vfs-2.6/fs/namespace.c	2008-04-02 11:03:18.000000000 +0200
@@ -748,7 +748,7 @@ struct proc_fs_info {
 	const char *str;
 };
 
-static void show_sb_opts(struct seq_file *m, struct super_block *sb)
+static int show_sb_opts(struct seq_file *m, struct super_block *sb)
 {
 	static const struct proc_fs_info fs_info[] = {
 		{ MS_SYNCHRONOUS, ",sync" },
@@ -762,6 +762,8 @@ static void show_sb_opts(struct seq_file
 		if (sb->s_flags & fs_infop->flag)
 			seq_puts(m, fs_infop->str);
 	}
+
+	return security_sb_show_options(m, sb);
 }
 
 static void show_mnt_opts(struct seq_file *m, struct vfsmount *mnt)
@@ -804,9 +806,9 @@ static int show_vfsmnt(struct seq_file *
 	seq_putc(m, ' ');
 	show_type(m, mnt->mnt_sb);
 	seq_puts(m, __mnt_is_readonly(mnt) ? " ro" : " rw");
-	show_sb_opts(m, mnt->mnt_sb);
+	err = show_sb_opts(m, mnt->mnt_sb);
 	show_mnt_opts(m, mnt);
-	if (mnt->mnt_sb->s_op->show_options)
+	if (!err && mnt->mnt_sb->s_op->show_options)
 		err = mnt->mnt_sb->s_op->show_options(m, mnt);
 	seq_puts(m, " 0 0\n");
 	return err;
@@ -863,8 +865,8 @@ static int show_mountinfo(struct seq_fil
 	seq_putc(m, ' ');
 	mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
 	seq_puts(m, sb->s_flags & MS_RDONLY ? " ro" : " rw");
-	show_sb_opts(m, sb);
-	if (sb->s_op->show_options)
+	err = show_sb_opts(m, sb);
+	if (!err && sb->s_op->show_options)
 		err = sb->s_op->show_options(m, mnt);
 	seq_putc(m, '\n');
 	return err;

Re: [PATCH 2/2] SELinux: display SELinux mount options in /proc/mounts

[Eric Paris]

On Wed, 2008-04-02 at 11:16 +0200, Miklos Szeredi wrote:
> Where's 1/2?  I've ported this to the tip of the vfs-2.6 tree, but
> can't compile it without the other half.
> 
> Miklos

Sorry, I forgot to put everyone on cc line of the first patch

http://git.kernel.org/?p=linux/kernel/git/jmorris/selinux-2.6.git;a=commitdiff;h=e99cfab40c09a79c1fab97ef36dfc666810a86b1

-Eric


> 
> ----
> From: Eric Paris <eparis@redhat.com>
> 
> This patch causes SELinux mount options to show up in /proc/mounts.  As
> with other code in the area seq_put errors are ignored.  Other LSM's
> will not have their mount options displayed until they fill in their own
> security_sb_show_options() function.
> 
> Signed-off-by: Eric Paris <eparis@redhat.com>
> Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
> ---
>  fs/namespace.c           |   12 ++++++----
>  include/linux/security.h |    9 ++++++++
>  security/dummy.c         |    6 +++++
>  security/security.c      |    5 ++++
>  security/selinux/hooks.c |   52 +++++++++++++++++++++++++++++++++++++++++++++--
>  5 files changed, 77 insertions(+), 7 deletions(-)
> 
> Index: vfs-2.6/include/linux/security.h
> ===================================================================
> --- vfs-2.6.orig/include/linux/security.h	2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/include/linux/security.h	2008-04-02 10:59:10.000000000 +0200
> @@ -74,6 +74,7 @@ struct xfrm_selector;
>  struct xfrm_policy;
>  struct xfrm_state;
>  struct xfrm_user_sec_ctx;
> +struct seq_file;
>  
>  extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
>  extern int cap_netlink_recv(struct sk_buff *skb, int cap);
> @@ -1259,6 +1260,7 @@ struct security_operations {
>  	void (*sb_free_security) (struct super_block * sb);
>  	int (*sb_copy_data)(char *orig, char *copy);
>  	int (*sb_kern_mount) (struct super_block *sb, void *data);
> +	int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
>  	int (*sb_statfs) (struct dentry *dentry);
>  	int (*sb_mount) (char *dev_name, struct path *path,
>  			 char *type, unsigned long flags, void *data);
> @@ -1527,6 +1529,7 @@ int security_sb_alloc(struct super_block
>  void security_sb_free(struct super_block *sb);
>  int security_sb_copy_data(char *orig, char *copy);
>  int security_sb_kern_mount(struct super_block *sb, void *data);
> +int security_sb_show_options(struct seq_file *m, struct super_block *sb);
>  int security_sb_statfs(struct dentry *dentry);
>  int security_sb_mount(char *dev_name, struct path *path,
>                         char *type, unsigned long flags, void *data);
> @@ -1800,6 +1803,12 @@ static inline int security_sb_kern_mount
>  	return 0;
>  }
>  
> +static inline int security_sb_show_options(struct seq_file *m,
> +					   struct super_block *sb)
> +{
> +	return 0;
> +}
> +
>  static inline int security_sb_statfs (struct dentry *dentry)
>  {
>  	return 0;
> Index: vfs-2.6/security/dummy.c
> ===================================================================
> --- vfs-2.6.orig/security/dummy.c	2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/security/dummy.c	2008-04-02 10:59:10.000000000 +0200
> @@ -191,6 +191,11 @@ static int dummy_sb_kern_mount (struct s
>  	return 0;
>  }
>  
> +static int dummy_sb_show_options(struct seq_file *m, struct super_block *sb)
> +{
> +	return 0;
> +}
> +
>  static int dummy_sb_statfs (struct dentry *dentry)
>  {
>  	return 0;
> @@ -1017,6 +1022,7 @@ void security_fixup_ops (struct security
>  	set_to_dummy_if_null(ops, sb_free_security);
>  	set_to_dummy_if_null(ops, sb_copy_data);
>  	set_to_dummy_if_null(ops, sb_kern_mount);
> +	set_to_dummy_if_null(ops, sb_show_options);
>  	set_to_dummy_if_null(ops, sb_statfs);
>  	set_to_dummy_if_null(ops, sb_mount);
>  	set_to_dummy_if_null(ops, sb_check_sb);
> Index: vfs-2.6/security/security.c
> ===================================================================
> --- vfs-2.6.orig/security/security.c	2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/security/security.c	2008-04-02 10:59:10.000000000 +0200
> @@ -255,6 +255,11 @@ int security_sb_kern_mount(struct super_
>  	return security_ops->sb_kern_mount(sb, data);
>  }
>  
> +int security_sb_show_options(struct seq_file *m, struct super_block *sb)
> +{
> +	return security_ops->sb_show_options(m, sb);
> +}
> +
>  int security_sb_statfs(struct dentry *dentry)
>  {
>  	return security_ops->sb_statfs(dentry);
> Index: vfs-2.6/security/selinux/hooks.c
> ===================================================================
> --- vfs-2.6.orig/security/selinux/hooks.c	2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/security/selinux/hooks.c	2008-04-02 10:59:10.000000000 +0200
> @@ -9,7 +9,8 @@
>   *            James Morris <jmorris@redhat.com>
>   *
>   *  Copyright (C) 2001,2002 Networks Associates Technology, Inc.
> - *  Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
> + *  Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com>
> + *					   Eric Paris <eparis@redhat.com>
>   *  Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
>   *                          <dgoeddel@trustedcs.com>
>   *  Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P.
> @@ -19,7 +20,7 @@
>   *
>   *	This program is free software; you can redistribute it and/or modify
>   *	it under the terms of the GNU General Public License version 2,
> - *      as published by the Free Software Foundation.
> + *	as published by the Free Software Foundation.
>   */
>  
>  #include <linux/init.h>
> @@ -947,6 +948,52 @@ out_err:
>  	return rc;
>  }
>  
> +void selinux_write_opts(struct seq_file *m, struct security_mnt_opts *opts)
> +{
> +	int i;
> +	char *prefix;
> +
> +	for (i = 0; i < opts->num_mnt_opts; i++) {
> +		/* we need a comma before each option */
> +		seq_putc(m, ',');
> +
> +		switch (opts->mnt_opts_flags[i]) {
> +		case CONTEXT_MNT:
> +			prefix = CONTEXT_STR;
> +			break;
> +		case FSCONTEXT_MNT:
> +			prefix = FSCONTEXT_STR;
> +			break;
> +		case ROOTCONTEXT_MNT:
> +			prefix = ROOTCONTEXT_STR;
> +			break;
> +		case DEFCONTEXT_MNT:
> +			prefix = DEFCONTEXT_STR;
> +			break;
> +		default:
> +			BUG();
> +		};
> +		seq_puts(m, prefix);
> +		seq_puts(m, opts->mnt_opts[i]);
> +	}
> +}
> +
> +static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
> +{
> +	struct security_mnt_opts opts;
> +	int rc;
> +
> +	rc = selinux_get_mnt_opts(sb, &opts);
> +	if (rc)
> +		return rc;
> +
> +	selinux_write_opts(m, &opts);
> +
> +	security_free_mnt_opts(&opts);
> +
> +	return rc;
> +}
> +
>  static inline u16 inode_mode_to_security_class(umode_t mode)
>  {
>  	switch (mode & S_IFMT) {
> @@ -5257,6 +5304,7 @@ static struct security_operations selinu
>  	.sb_free_security =		selinux_sb_free_security,
>  	.sb_copy_data =			selinux_sb_copy_data,
>  	.sb_kern_mount =	        selinux_sb_kern_mount,
> +	.sb_show_options =		selinux_sb_show_options,
>  	.sb_statfs =			selinux_sb_statfs,
>  	.sb_mount =			selinux_mount,
>  	.sb_umount =			selinux_umount,
> Index: vfs-2.6/fs/namespace.c
> ===================================================================
> --- vfs-2.6.orig/fs/namespace.c	2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/fs/namespace.c	2008-04-02 11:03:18.000000000 +0200
> @@ -748,7 +748,7 @@ struct proc_fs_info {
>  	const char *str;
>  };
>  
> -static void show_sb_opts(struct seq_file *m, struct super_block *sb)
> +static int show_sb_opts(struct seq_file *m, struct super_block *sb)
>  {
>  	static const struct proc_fs_info fs_info[] = {
>  		{ MS_SYNCHRONOUS, ",sync" },
> @@ -762,6 +762,8 @@ static void show_sb_opts(struct seq_file
>  		if (sb->s_flags & fs_infop->flag)
>  			seq_puts(m, fs_infop->str);
>  	}
> +
> +	return security_sb_show_options(m, sb);
>  }
>  
>  static void show_mnt_opts(struct seq_file *m, struct vfsmount *mnt)
> @@ -804,9 +806,9 @@ static int show_vfsmnt(struct seq_file *
>  	seq_putc(m, ' ');
>  	show_type(m, mnt->mnt_sb);
>  	seq_puts(m, __mnt_is_readonly(mnt) ? " ro" : " rw");
> -	show_sb_opts(m, mnt->mnt_sb);
> +	err = show_sb_opts(m, mnt->mnt_sb);
>  	show_mnt_opts(m, mnt);
> -	if (mnt->mnt_sb->s_op->show_options)
> +	if (!err && mnt->mnt_sb->s_op->show_options)
>  		err = mnt->mnt_sb->s_op->show_options(m, mnt);
>  	seq_puts(m, " 0 0\n");
>  	return err;
> @@ -863,8 +865,8 @@ static int show_mountinfo(struct seq_fil
>  	seq_putc(m, ' ');
>  	mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
>  	seq_puts(m, sb->s_flags & MS_RDONLY ? " ro" : " rw");
> -	show_sb_opts(m, sb);
> -	if (sb->s_op->show_options)
> +	err = show_sb_opts(m, sb);
> +	if (!err && sb->s_op->show_options)
>  		err = sb->s_op->show_options(m, mnt);
>  	seq_putc(m, '\n');
>  	return err;

Re: [PATCH 2/2] SELinux: display SELinux mount options in /proc/mounts

[Eric Paris]

On Wed, 2008-04-02 at 11:16 +0200, Miklos Szeredi wrote:
> Where's 1/2?  I've ported this to the tip of the vfs-2.6 tree, but
> can't compile it without the other half.

I have a question for everyone though.  How are these options used?
SELinux mount options can contain commas.  When sending such options
from userspace they are inside quotes.  Should I go ahead and quote
selinux options so they can be directly used back into mount commands?
Should I just leave them in there without quotes and let anyone who
tries to feel them back into mount figure it out?

I'm ignoring seq_* failures.  Which kinda scares me since it means i
could get half of one option and half of another and the user would not
realize it.  Maybe I should build a single string for each selinux
option and do a single seq_puts() so seq_* failure only means missing
options, not possibly corrupted options...


> 
> Miklos
> 
> ----
> From: Eric Paris <eparis@redhat.com>
> 
> This patch causes SELinux mount options to show up in /proc/mounts.  As
> with other code in the area seq_put errors are ignored.  Other LSM's
> will not have their mount options displayed until they fill in their own
> security_sb_show_options() function.
> 
> Signed-off-by: Eric Paris <eparis@redhat.com>
> Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
> ---
>  fs/namespace.c           |   12 ++++++----
>  include/linux/security.h |    9 ++++++++
>  security/dummy.c         |    6 +++++
>  security/security.c      |    5 ++++
>  security/selinux/hooks.c |   52 +++++++++++++++++++++++++++++++++++++++++++++--
>  5 files changed, 77 insertions(+), 7 deletions(-)
> 
> Index: vfs-2.6/include/linux/security.h
> ===================================================================
> --- vfs-2.6.orig/include/linux/security.h	2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/include/linux/security.h	2008-04-02 10:59:10.000000000 +0200
> @@ -74,6 +74,7 @@ struct xfrm_selector;
>  struct xfrm_policy;
>  struct xfrm_state;
>  struct xfrm_user_sec_ctx;
> +struct seq_file;
>  
>  extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
>  extern int cap_netlink_recv(struct sk_buff *skb, int cap);
> @@ -1259,6 +1260,7 @@ struct security_operations {
>  	void (*sb_free_security) (struct super_block * sb);
>  	int (*sb_copy_data)(char *orig, char *copy);
>  	int (*sb_kern_mount) (struct super_block *sb, void *data);
> +	int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
>  	int (*sb_statfs) (struct dentry *dentry);
>  	int (*sb_mount) (char *dev_name, struct path *path,
>  			 char *type, unsigned long flags, void *data);
> @@ -1527,6 +1529,7 @@ int security_sb_alloc(struct super_block
>  void security_sb_free(struct super_block *sb);
>  int security_sb_copy_data(char *orig, char *copy);
>  int security_sb_kern_mount(struct super_block *sb, void *data);
> +int security_sb_show_options(struct seq_file *m, struct super_block *sb);
>  int security_sb_statfs(struct dentry *dentry);
>  int security_sb_mount(char *dev_name, struct path *path,
>                         char *type, unsigned long flags, void *data);
> @@ -1800,6 +1803,12 @@ static inline int security_sb_kern_mount
>  	return 0;
>  }
>  
> +static inline int security_sb_show_options(struct seq_file *m,
> +					   struct super_block *sb)
> +{
> +	return 0;
> +}
> +
>  static inline int security_sb_statfs (struct dentry *dentry)
>  {
>  	return 0;
> Index: vfs-2.6/security/dummy.c
> ===================================================================
> --- vfs-2.6.orig/security/dummy.c	2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/security/dummy.c	2008-04-02 10:59:10.000000000 +0200
> @@ -191,6 +191,11 @@ static int dummy_sb_kern_mount (struct s
>  	return 0;
>  }
>  
> +static int dummy_sb_show_options(struct seq_file *m, struct super_block *sb)
> +{
> +	return 0;
> +}
> +
>  static int dummy_sb_statfs (struct dentry *dentry)
>  {
>  	return 0;
> @@ -1017,6 +1022,7 @@ void security_fixup_ops (struct security
>  	set_to_dummy_if_null(ops, sb_free_security);
>  	set_to_dummy_if_null(ops, sb_copy_data);
>  	set_to_dummy_if_null(ops, sb_kern_mount);
> +	set_to_dummy_if_null(ops, sb_show_options);
>  	set_to_dummy_if_null(ops, sb_statfs);
>  	set_to_dummy_if_null(ops, sb_mount);
>  	set_to_dummy_if_null(ops, sb_check_sb);
> Index: vfs-2.6/security/security.c
> ===================================================================
> --- vfs-2.6.orig/security/security.c	2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/security/security.c	2008-04-02 10:59:10.000000000 +0200
> @@ -255,6 +255,11 @@ int security_sb_kern_mount(struct super_
>  	return security_ops->sb_kern_mount(sb, data);
>  }
>  
> +int security_sb_show_options(struct seq_file *m, struct super_block *sb)
> +{
> +	return security_ops->sb_show_options(m, sb);
> +}
> +
>  int security_sb_statfs(struct dentry *dentry)
>  {
>  	return security_ops->sb_statfs(dentry);
> Index: vfs-2.6/security/selinux/hooks.c
> ===================================================================
> --- vfs-2.6.orig/security/selinux/hooks.c	2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/security/selinux/hooks.c	2008-04-02 10:59:10.000000000 +0200
> @@ -9,7 +9,8 @@
>   *            James Morris <jmorris@redhat.com>
>   *
>   *  Copyright (C) 2001,2002 Networks Associates Technology, Inc.
> - *  Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
> + *  Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com>
> + *					   Eric Paris <eparis@redhat.com>
>   *  Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
>   *                          <dgoeddel@trustedcs.com>
>   *  Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P.
> @@ -19,7 +20,7 @@
>   *
>   *	This program is free software; you can redistribute it and/or modify
>   *	it under the terms of the GNU General Public License version 2,
> - *      as published by the Free Software Foundation.
> + *	as published by the Free Software Foundation.
>   */
>  
>  #include <linux/init.h>
> @@ -947,6 +948,52 @@ out_err:
>  	return rc;
>  }
>  
> +void selinux_write_opts(struct seq_file *m, struct security_mnt_opts *opts)
> +{
> +	int i;
> +	char *prefix;
> +
> +	for (i = 0; i < opts->num_mnt_opts; i++) {
> +		/* we need a comma before each option */
> +		seq_putc(m, ',');
> +
> +		switch (opts->mnt_opts_flags[i]) {
> +		case CONTEXT_MNT:
> +			prefix = CONTEXT_STR;
> +			break;
> +		case FSCONTEXT_MNT:
> +			prefix = FSCONTEXT_STR;
> +			break;
> +		case ROOTCONTEXT_MNT:
> +			prefix = ROOTCONTEXT_STR;
> +			break;
> +		case DEFCONTEXT_MNT:
> +			prefix = DEFCONTEXT_STR;
> +			break;
> +		default:
> +			BUG();
> +		};
> +		seq_puts(m, prefix);
> +		seq_puts(m, opts->mnt_opts[i]);
> +	}
> +}
> +
> +static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
> +{
> +	struct security_mnt_opts opts;
> +	int rc;
> +
> +	rc = selinux_get_mnt_opts(sb, &opts);
> +	if (rc)
> +		return rc;
> +
> +	selinux_write_opts(m, &opts);
> +
> +	security_free_mnt_opts(&opts);
> +
> +	return rc;
> +}
> +
>  static inline u16 inode_mode_to_security_class(umode_t mode)
>  {
>  	switch (mode & S_IFMT) {
> @@ -5257,6 +5304,7 @@ static struct security_operations selinu
>  	.sb_free_security =		selinux_sb_free_security,
>  	.sb_copy_data =			selinux_sb_copy_data,
>  	.sb_kern_mount =	        selinux_sb_kern_mount,
> +	.sb_show_options =		selinux_sb_show_options,
>  	.sb_statfs =			selinux_sb_statfs,
>  	.sb_mount =			selinux_mount,
>  	.sb_umount =			selinux_umount,
> Index: vfs-2.6/fs/namespace.c
> ===================================================================
> --- vfs-2.6.orig/fs/namespace.c	2008-03-31 14:16:24.000000000 +0200
> +++ vfs-2.6/fs/namespace.c	2008-04-02 11:03:18.000000000 +0200
> @@ -748,7 +748,7 @@ struct proc_fs_info {
>  	const char *str;
>  };
>  
> -static void show_sb_opts(struct seq_file *m, struct super_block *sb)
> +static int show_sb_opts(struct seq_file *m, struct super_block *sb)
>  {
>  	static const struct proc_fs_info fs_info[] = {
>  		{ MS_SYNCHRONOUS, ",sync" },
> @@ -762,6 +762,8 @@ static void show_sb_opts(struct seq_file
>  		if (sb->s_flags & fs_infop->flag)
>  			seq_puts(m, fs_infop->str);
>  	}
> +
> +	return security_sb_show_options(m, sb);
>  }
>  
>  static void show_mnt_opts(struct seq_file *m, struct vfsmount *mnt)
> @@ -804,9 +806,9 @@ static int show_vfsmnt(struct seq_file *
>  	seq_putc(m, ' ');
>  	show_type(m, mnt->mnt_sb);
>  	seq_puts(m, __mnt_is_readonly(mnt) ? " ro" : " rw");
> -	show_sb_opts(m, mnt->mnt_sb);
> +	err = show_sb_opts(m, mnt->mnt_sb);
>  	show_mnt_opts(m, mnt);
> -	if (mnt->mnt_sb->s_op->show_options)
> +	if (!err && mnt->mnt_sb->s_op->show_options)
>  		err = mnt->mnt_sb->s_op->show_options(m, mnt);
>  	seq_puts(m, " 0 0\n");
>  	return err;
> @@ -863,8 +865,8 @@ static int show_mountinfo(struct seq_fil
>  	seq_putc(m, ' ');
>  	mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
>  	seq_puts(m, sb->s_flags & MS_RDONLY ? " ro" : " rw");
> -	show_sb_opts(m, sb);
> -	if (sb->s_op->show_options)
> +	err = show_sb_opts(m, sb);
> +	if (!err && sb->s_op->show_options)
>  		err = sb->s_op->show_options(m, mnt);
>  	seq_putc(m, '\n');
>  	return err;

Re: [PATCH 2/2] SELinux: display SELinux mount options in /proc/mounts

[Stephen Smalley]

On Wed, 2008-04-02 at 10:43 -0400, Eric Paris wrote:
> On Wed, 2008-04-02 at 11:16 +0200, Miklos Szeredi wrote:
> > Where's 1/2?  I've ported this to the tip of the vfs-2.6 tree, but
> > can't compile it without the other half.
> 
> I have a question for everyone though.  How are these options used?
> SELinux mount options can contain commas.  When sending such options
> from userspace they are inside quotes.  Should I go ahead and quote
> selinux options so they can be directly used back into mount commands?
> Should I just leave them in there without quotes and let anyone who
> tries to feel them back into mount figure it out?

I don't think they can "figure it out" as they can't unambiguously parse
the option string at that point.  So wrapping the SELinux option value
with quotes is required when it contains a comma.  

> I'm ignoring seq_* failures.  Which kinda scares me since it means i
> could get half of one option and half of another and the user would not
> realize it.  Maybe I should build a single string for each selinux
> option and do a single seq_puts() so seq_* failure only means missing
> options, not possibly corrupted options...

And is it even adequate to return an incomplete set of options with no
indication of truncation to userspace?  How do we expect userland to use
the /proc/mounts output?

> 
> > 
> > Miklos
> > 
> > ----
> > From: Eric Paris <eparis@redhat.com>
> > 
> > This patch causes SELinux mount options to show up in /proc/mounts.  As
> > with other code in the area seq_put errors are ignored.  Other LSM's
> > will not have their mount options displayed until they fill in their own
> > security_sb_show_options() function.
> > 
> > Signed-off-by: Eric Paris <eparis@redhat.com>
> > Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
> > ---
> >  fs/namespace.c           |   12 ++++++----
> >  include/linux/security.h |    9 ++++++++
> >  security/dummy.c         |    6 +++++
> >  security/security.c      |    5 ++++
> >  security/selinux/hooks.c |   52 +++++++++++++++++++++++++++++++++++++++++++++--
> >  5 files changed, 77 insertions(+), 7 deletions(-)
> > 
> > Index: vfs-2.6/include/linux/security.h
> > ===================================================================
> > --- vfs-2.6.orig/include/linux/security.h	2008-03-31 14:16:24.000000000 +0200
> > +++ vfs-2.6/include/linux/security.h	2008-04-02 10:59:10.000000000 +0200
> > @@ -74,6 +74,7 @@ struct xfrm_selector;
> >  struct xfrm_policy;
> >  struct xfrm_state;
> >  struct xfrm_user_sec_ctx;
> > +struct seq_file;
> >  
> >  extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
> >  extern int cap_netlink_recv(struct sk_buff *skb, int cap);
> > @@ -1259,6 +1260,7 @@ struct security_operations {
> >  	void (*sb_free_security) (struct super_block * sb);
> >  	int (*sb_copy_data)(char *orig, char *copy);
> >  	int (*sb_kern_mount) (struct super_block *sb, void *data);
> > +	int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
> >  	int (*sb_statfs) (struct dentry *dentry);
> >  	int (*sb_mount) (char *dev_name, struct path *path,
> >  			 char *type, unsigned long flags, void *data);
> > @@ -1527,6 +1529,7 @@ int security_sb_alloc(struct super_block
> >  void security_sb_free(struct super_block *sb);
> >  int security_sb_copy_data(char *orig, char *copy);
> >  int security_sb_kern_mount(struct super_block *sb, void *data);
> > +int security_sb_show_options(struct seq_file *m, struct super_block *sb);
> >  int security_sb_statfs(struct dentry *dentry);
> >  int security_sb_mount(char *dev_name, struct path *path,
> >                         char *type, unsigned long flags, void *data);
> > @@ -1800,6 +1803,12 @@ static inline int security_sb_kern_mount
> >  	return 0;
> >  }
> >  
> > +static inline int security_sb_show_options(struct seq_file *m,
> > +					   struct super_block *sb)
> > +{
> > +	return 0;
> > +}
> > +
> >  static inline int security_sb_statfs (struct dentry *dentry)
> >  {
> >  	return 0;
> > Index: vfs-2.6/security/dummy.c
> > ===================================================================
> > --- vfs-2.6.orig/security/dummy.c	2008-03-31 14:16:24.000000000 +0200
> > +++ vfs-2.6/security/dummy.c	2008-04-02 10:59:10.000000000 +0200
> > @@ -191,6 +191,11 @@ static int dummy_sb_kern_mount (struct s
> >  	return 0;
> >  }
> >  
> > +static int dummy_sb_show_options(struct seq_file *m, struct super_block *sb)
> > +{
> > +	return 0;
> > +}
> > +
> >  static int dummy_sb_statfs (struct dentry *dentry)
> >  {
> >  	return 0;
> > @@ -1017,6 +1022,7 @@ void security_fixup_ops (struct security
> >  	set_to_dummy_if_null(ops, sb_free_security);
> >  	set_to_dummy_if_null(ops, sb_copy_data);
> >  	set_to_dummy_if_null(ops, sb_kern_mount);
> > +	set_to_dummy_if_null(ops, sb_show_options);
> >  	set_to_dummy_if_null(ops, sb_statfs);
> >  	set_to_dummy_if_null(ops, sb_mount);
> >  	set_to_dummy_if_null(ops, sb_check_sb);
> > Index: vfs-2.6/security/security.c
> > ===================================================================
> > --- vfs-2.6.orig/security/security.c	2008-03-31 14:16:24.000000000 +0200
> > +++ vfs-2.6/security/security.c	2008-04-02 10:59:10.000000000 +0200
> > @@ -255,6 +255,11 @@ int security_sb_kern_mount(struct super_
> >  	return security_ops->sb_kern_mount(sb, data);
> >  }
> >  
> > +int security_sb_show_options(struct seq_file *m, struct super_block *sb)
> > +{
> > +	return security_ops->sb_show_options(m, sb);
> > +}
> > +
> >  int security_sb_statfs(struct dentry *dentry)
> >  {
> >  	return security_ops->sb_statfs(dentry);
> > Index: vfs-2.6/security/selinux/hooks.c
> > ===================================================================
> > --- vfs-2.6.orig/security/selinux/hooks.c	2008-03-31 14:16:24.000000000 +0200
> > +++ vfs-2.6/security/selinux/hooks.c	2008-04-02 10:59:10.000000000 +0200
> > @@ -9,7 +9,8 @@
> >   *            James Morris <jmorris@redhat.com>
> >   *
> >   *  Copyright (C) 2001,2002 Networks Associates Technology, Inc.
> > - *  Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
> > + *  Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com>
> > + *					   Eric Paris <eparis@redhat.com>
> >   *  Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
> >   *                          <dgoeddel@trustedcs.com>
> >   *  Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P.
> > @@ -19,7 +20,7 @@
> >   *
> >   *	This program is free software; you can redistribute it and/or modify
> >   *	it under the terms of the GNU General Public License version 2,
> > - *      as published by the Free Software Foundation.
> > + *	as published by the Free Software Foundation.
> >   */
> >  
> >  #include <linux/init.h>
> > @@ -947,6 +948,52 @@ out_err:
> >  	return rc;
> >  }
> >  
> > +void selinux_write_opts(struct seq_file *m, struct security_mnt_opts *opts)
> > +{
> > +	int i;
> > +	char *prefix;
> > +
> > +	for (i = 0; i < opts->num_mnt_opts; i++) {
> > +		/* we need a comma before each option */
> > +		seq_putc(m, ',');
> > +
> > +		switch (opts->mnt_opts_flags[i]) {
> > +		case CONTEXT_MNT:
> > +			prefix = CONTEXT_STR;
> > +			break;
> > +		case FSCONTEXT_MNT:
> > +			prefix = FSCONTEXT_STR;
> > +			break;
> > +		case ROOTCONTEXT_MNT:
> > +			prefix = ROOTCONTEXT_STR;
> > +			break;
> > +		case DEFCONTEXT_MNT:
> > +			prefix = DEFCONTEXT_STR;
> > +			break;
> > +		default:
> > +			BUG();
> > +		};
> > +		seq_puts(m, prefix);
> > +		seq_puts(m, opts->mnt_opts[i]);
> > +	}
> > +}
> > +
> > +static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
> > +{
> > +	struct security_mnt_opts opts;
> > +	int rc;
> > +
> > +	rc = selinux_get_mnt_opts(sb, &opts);
> > +	if (rc)
> > +		return rc;
> > +
> > +	selinux_write_opts(m, &opts);
> > +
> > +	security_free_mnt_opts(&opts);
> > +
> > +	return rc;
> > +}
> > +
> >  static inline u16 inode_mode_to_security_class(umode_t mode)
> >  {
> >  	switch (mode & S_IFMT) {
> > @@ -5257,6 +5304,7 @@ static struct security_operations selinu
> >  	.sb_free_security =		selinux_sb_free_security,
> >  	.sb_copy_data =			selinux_sb_copy_data,
> >  	.sb_kern_mount =	        selinux_sb_kern_mount,
> > +	.sb_show_options =		selinux_sb_show_options,
> >  	.sb_statfs =			selinux_sb_statfs,
> >  	.sb_mount =			selinux_mount,
> >  	.sb_umount =			selinux_umount,
> > Index: vfs-2.6/fs/namespace.c
> > ===================================================================
> > --- vfs-2.6.orig/fs/namespace.c	2008-03-31 14:16:24.000000000 +0200
> > +++ vfs-2.6/fs/namespace.c	2008-04-02 11:03:18.000000000 +0200
> > @@ -748,7 +748,7 @@ struct proc_fs_info {
> >  	const char *str;
> >  };
> >  
> > -static void show_sb_opts(struct seq_file *m, struct super_block *sb)
> > +static int show_sb_opts(struct seq_file *m, struct super_block *sb)
> >  {
> >  	static const struct proc_fs_info fs_info[] = {
> >  		{ MS_SYNCHRONOUS, ",sync" },
> > @@ -762,6 +762,8 @@ static void show_sb_opts(struct seq_file
> >  		if (sb->s_flags & fs_infop->flag)
> >  			seq_puts(m, fs_infop->str);
> >  	}
> > +
> > +	return security_sb_show_options(m, sb);
> >  }
> >  
> >  static void show_mnt_opts(struct seq_file *m, struct vfsmount *mnt)
> > @@ -804,9 +806,9 @@ static int show_vfsmnt(struct seq_file *
> >  	seq_putc(m, ' ');
> >  	show_type(m, mnt->mnt_sb);
> >  	seq_puts(m, __mnt_is_readonly(mnt) ? " ro" : " rw");
> > -	show_sb_opts(m, mnt->mnt_sb);
> > +	err = show_sb_opts(m, mnt->mnt_sb);
> >  	show_mnt_opts(m, mnt);
> > -	if (mnt->mnt_sb->s_op->show_options)
> > +	if (!err && mnt->mnt_sb->s_op->show_options)
> >  		err = mnt->mnt_sb->s_op->show_options(m, mnt);
> >  	seq_puts(m, " 0 0\n");
> >  	return err;
> > @@ -863,8 +865,8 @@ static int show_mountinfo(struct seq_fil
> >  	seq_putc(m, ' ');
> >  	mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
> >  	seq_puts(m, sb->s_flags & MS_RDONLY ? " ro" : " rw");
> > -	show_sb_opts(m, sb);
> > -	if (sb->s_op->show_options)
> > +	err = show_sb_opts(m, sb);
> > +	if (!err && sb->s_op->show_options)
> >  		err = sb->s_op->show_options(m, mnt);
> >  	seq_putc(m, '\n');
> >  	return err;
-- 
Stephen Smalley
National Security Agency

Re: [PATCH 2/2] SELinux: display SELinux mount options in /proc/mounts

[Miklos Szeredi]

> On Wed, 2008-04-02 at 11:16 +0200, Miklos Szeredi wrote:
> > Where's 1/2?  I've ported this to the tip of the vfs-2.6 tree, but
> > can't compile it without the other half.
> 
> I have a question for everyone though.  How are these options used?
> SELinux mount options can contain commas.  When sending such options
> from userspace they are inside quotes.  Should I go ahead and quote
> selinux options so they can be directly used back into mount commands?

Yes.

> Should I just leave them in there without quotes and let anyone who
> tries to feel them back into mount figure it out?

Ideally copying the options out of /proc/mounts, then doing a mount
with those options should exactly duplicate the original mount.

> I'm ignoring seq_* failures.  Which kinda scares me since it means i
> could get half of one option and half of another and the user would not
> realize it.  Maybe I should build a single string for each selinux
> option and do a single seq_puts() so seq_* failure only means missing
> options, not possibly corrupted options...

Errors from seq_* can be safely ignored, seq_file remembers that there
was an error.

Miklos

Re: [PATCH 2/2] SELinux: display SELinux mount options in /proc/mounts

[Miklos Szeredi]

> > I'm ignoring seq_* failures.  Which kinda scares me since it means i
> > could get half of one option and half of another and the user would not
> > realize it.  Maybe I should build a single string for each selinux
> > option and do a single seq_puts() so seq_* failure only means missing
> > options, not possibly corrupted options...
> 
> And is it even adequate to return an incomplete set of options with no
> indication of truncation to userspace?  How do we expect userland to use
> the /proc/mounts output?

seq_file deals with all that: retries with bigger buffer, or if
allocation fails return ENOMEM.  So userspace will never see a
truncated output and callers only need to bother with their own
errors.

It's quite clever, really :)

Miklos

Re: [PATCH 2/2] SELinux: display SELinux mount options in /proc/mounts

[Stephen Smalley]

On Wed, 2008-04-02 at 16:50 +0200, Miklos Szeredi wrote:
> > On Wed, 2008-04-02 at 11:16 +0200, Miklos Szeredi wrote:
> > > Where's 1/2?  I've ported this to the tip of the vfs-2.6 tree, but
> > > can't compile it without the other half.
> > 
> > I have a question for everyone though.  How are these options used?
> > SELinux mount options can contain commas.  When sending such options
> > from userspace they are inside quotes.  Should I go ahead and quote
> > selinux options so they can be directly used back into mount commands?
> 
> Yes.
> 
> > Should I just leave them in there without quotes and let anyone who
> > tries to feel them back into mount figure it out?
> 
> Ideally copying the options out of /proc/mounts, then doing a mount
> with those options should exactly duplicate the original mount.
> 
> > I'm ignoring seq_* failures.  Which kinda scares me since it means i
> > could get half of one option and half of another and the user would not
> > realize it.  Maybe I should build a single string for each selinux
> > option and do a single seq_puts() so seq_* failure only means missing
> > options, not possibly corrupted options...
> 
> Errors from seq_* can be safely ignored, seq_file remembers that there
> was an error.

Pardon my ignorance, but can you point to where in the code this is
done?  Offhand, it seems like seq_putc and seq_puts overflow will be
ignored if the caller (in this case, Eric's code - selinux_write_opts)
doesn't propagate the error status back up the call chain, and we'll
just end up with a truncated list of options.

-- 
Stephen Smalley
National Security Agency

Re: [PATCH 2/2] SELinux: display SELinux mount options in /proc/mounts

[Stephen Smalley]

On Wed, 2008-04-02 at 11:06 -0400, Stephen Smalley wrote:
> On Wed, 2008-04-02 at 16:50 +0200, Miklos Szeredi wrote:
> > > On Wed, 2008-04-02 at 11:16 +0200, Miklos Szeredi wrote:
> > > > Where's 1/2?  I've ported this to the tip of the vfs-2.6 tree, but
> > > > can't compile it without the other half.
> > > 
> > > I have a question for everyone though.  How are these options used?
> > > SELinux mount options can contain commas.  When sending such options
> > > from userspace they are inside quotes.  Should I go ahead and quote
> > > selinux options so they can be directly used back into mount commands?
> > 
> > Yes.
> > 
> > > Should I just leave them in there without quotes and let anyone who
> > > tries to feel them back into mount figure it out?
> > 
> > Ideally copying the options out of /proc/mounts, then doing a mount
> > with those options should exactly duplicate the original mount.
> > 
> > > I'm ignoring seq_* failures.  Which kinda scares me since it means i
> > > could get half of one option and half of another and the user would not
> > > realize it.  Maybe I should build a single string for each selinux
> > > option and do a single seq_puts() so seq_* failure only means missing
> > > options, not possibly corrupted options...
> > 
> > Errors from seq_* can be safely ignored, seq_file remembers that there
> > was an error.
> 
> Pardon my ignorance, but can you point to where in the code this is
> done?  Offhand, it seems like seq_putc and seq_puts overflow will be
> ignored if the caller (in this case, Eric's code - selinux_write_opts)
> doesn't propagate the error status back up the call chain, and we'll
> just end up with a truncated list of options.

Ah, I see it now - in seq_read().

-- 
Stephen Smalley
National Security Agency

[PATCH -v2] SELinux/LSM: display SELinux mount options in /proc/mounts

[Eric Paris]

This patch causes SELinux mount options to show up in /proc/mounts.  As
with other code in the area seq_put errors are ignored.  Other LSM's
will not have their mount options displayed until they fill in their own
security_sb_show_options() function.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>

---

This patch is against a merged vfs-2.6:vfs-2.6.25 and selinux:for-akpm
repo.  It requires the a6307a583a073f85c38399c1e2c21dfe2d6a3da0
changeset in jame's repo to compile.  I'll let you and James decide if
we should push it through the VFS tree or the SELinux tree....

Only change from the last patch is the addition of " around mount
options which contain a comma example:
server:/export/ /import nfs rw,context="system_u:object_r:httpd_sys_content_t:s0:c1,c3",vers=3,rsize=32768,wsize=32768,hard,proto=tcp,timeo=600,retrans=2,sec=sys,addr=X.X.X.X 0 0

 fs/namespace.c           |   12 +++++----
 include/linux/security.h |    9 +++++++
 security/dummy.c         |    6 +++++
 security/security.c      |    5 ++++
 security/selinux/hooks.c |   57 ++++++++++++++++++++++++++++++++++++++++++++-
 5 files changed, 82 insertions(+), 7 deletions(-)

diff --git a/fs/namespace.c b/fs/namespace.c
index 5df0ab2..496cfa3 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -748,7 +748,7 @@ struct proc_fs_info {
 	const char *str;
 };
 
-static void show_sb_opts(struct seq_file *m, struct super_block *sb)
+static int show_sb_opts(struct seq_file *m, struct super_block *sb)
 {
 	static const struct proc_fs_info fs_info[] = {
 		{ MS_SYNCHRONOUS, ",sync" },
@@ -762,6 +762,8 @@ static void show_sb_opts(struct seq_file *m, struct super_block *sb)
 		if (sb->s_flags & fs_infop->flag)
 			seq_puts(m, fs_infop->str);
 	}
+
+	return security_sb_show_options(m, sb);
 }
 
 static void show_mnt_opts(struct seq_file *m, struct vfsmount *mnt)
@@ -804,9 +806,9 @@ static int show_vfsmnt(struct seq_file *m, void *v)
 	seq_putc(m, ' ');
 	show_type(m, mnt->mnt_sb);
 	seq_puts(m, __mnt_is_readonly(mnt) ? " ro" : " rw");
-	show_sb_opts(m, mnt->mnt_sb);
+	err = show_sb_opts(m, mnt->mnt_sb);
 	show_mnt_opts(m, mnt);
-	if (mnt->mnt_sb->s_op->show_options)
+	if (!err && mnt->mnt_sb->s_op->show_options)
 		err = mnt->mnt_sb->s_op->show_options(m, mnt);
 	seq_puts(m, " 0 0\n");
 	return err;
@@ -863,8 +865,8 @@ static int show_mountinfo(struct seq_file *m, void *v)
 	seq_putc(m, ' ');
 	mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
 	seq_puts(m, sb->s_flags & MS_RDONLY ? " ro" : " rw");
-	show_sb_opts(m, sb);
-	if (sb->s_op->show_options)
+	err = show_sb_opts(m, sb);
+	if (!err && sb->s_op->show_options)
 		err = sb->s_op->show_options(m, mnt);
 	seq_putc(m, '\n');
 	return err;
diff --git a/include/linux/security.h b/include/linux/security.h
index 0a10329..7a53dc1 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -74,6 +74,7 @@ struct xfrm_selector;
 struct xfrm_policy;
 struct xfrm_state;
 struct xfrm_user_sec_ctx;
+struct seq_file;
 
 extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb);
 extern int cap_netlink_recv(struct sk_buff *skb, int cap);
@@ -1259,6 +1260,7 @@ struct security_operations {
 	void (*sb_free_security) (struct super_block * sb);
 	int (*sb_copy_data)(char *orig, char *copy);
 	int (*sb_kern_mount) (struct super_block *sb, void *data);
+	int (*sb_show_options) (struct seq_file *m, struct super_block *sb);
 	int (*sb_statfs) (struct dentry *dentry);
 	int (*sb_mount) (char *dev_name, struct path *path,
 			 char *type, unsigned long flags, void *data);
@@ -1527,6 +1529,7 @@ int security_sb_alloc(struct super_block *sb);
 void security_sb_free(struct super_block *sb);
 int security_sb_copy_data(char *orig, char *copy);
 int security_sb_kern_mount(struct super_block *sb, void *data);
+int security_sb_show_options(struct seq_file *m, struct super_block *sb);
 int security_sb_statfs(struct dentry *dentry);
 int security_sb_mount(char *dev_name, struct path *path,
                        char *type, unsigned long flags, void *data);
@@ -1800,6 +1803,12 @@ static inline int security_sb_kern_mount (struct super_block *sb, void *data)
 	return 0;
 }
 
+static inline int security_sb_show_options(struct seq_file *m,
+					   struct super_block *sb)
+{
+	return 0;
+}
+
 static inline int security_sb_statfs (struct dentry *dentry)
 {
 	return 0;
diff --git a/security/dummy.c b/security/dummy.c
index 0be900e..a627adc 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -191,6 +191,11 @@ static int dummy_sb_kern_mount (struct super_block *sb, void *data)
 	return 0;
 }
 
+static int dummy_sb_show_options(struct seq_file *m, struct super_block *sb)
+{
+	return 0;
+}
+
 static int dummy_sb_statfs (struct dentry *dentry)
 {
 	return 0;
@@ -1017,6 +1022,7 @@ void security_fixup_ops (struct security_operations *ops)
 	set_to_dummy_if_null(ops, sb_free_security);
 	set_to_dummy_if_null(ops, sb_copy_data);
 	set_to_dummy_if_null(ops, sb_kern_mount);
+	set_to_dummy_if_null(ops, sb_show_options);
 	set_to_dummy_if_null(ops, sb_statfs);
 	set_to_dummy_if_null(ops, sb_mount);
 	set_to_dummy_if_null(ops, sb_check_sb);
diff --git a/security/security.c b/security/security.c
index 805ed1d..7ca04df 100644
--- a/security/security.c
+++ b/security/security.c
@@ -255,6 +255,11 @@ int security_sb_kern_mount(struct super_block *sb, void *data)
 	return security_ops->sb_kern_mount(sb, data);
 }
 
+int security_sb_show_options(struct seq_file *m, struct super_block *sb)
+{
+	return security_ops->sb_show_options(m, sb);
+}
+
 int security_sb_statfs(struct dentry *dentry)
 {
 	return security_ops->sb_statfs(dentry);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index cec42ad..b8b9945 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -9,7 +9,8 @@
  *            James Morris <jmorris@redhat.com>
  *
  *  Copyright (C) 2001,2002 Networks Associates Technology, Inc.
- *  Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ *  Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ *					   Eric Paris <eparis@redhat.com>
  *  Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
  *                          <dgoeddel@trustedcs.com>
  *  Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P.
@@ -19,7 +20,7 @@
  *
  *	This program is free software; you can redistribute it and/or modify
  *	it under the terms of the GNU General Public License version 2,
- *      as published by the Free Software Foundation.
+ *	as published by the Free Software Foundation.
  */
 
 #include <linux/init.h>
@@ -944,6 +945,57 @@ out_err:
 	return rc;
 }
 
+void selinux_write_opts(struct seq_file *m, struct security_mnt_opts *opts)
+{
+	int i;
+	char *prefix;
+
+	for (i = 0; i < opts->num_mnt_opts; i++) {
+		char *has_comma = strchr(opts->mnt_opts[i], ',');
+
+		switch (opts->mnt_opts_flags[i]) {
+		case CONTEXT_MNT:
+			prefix = CONTEXT_STR;
+			break;
+		case FSCONTEXT_MNT:
+			prefix = FSCONTEXT_STR;
+			break;
+		case ROOTCONTEXT_MNT:
+			prefix = ROOTCONTEXT_STR;
+			break;
+		case DEFCONTEXT_MNT:
+			prefix = DEFCONTEXT_STR;
+			break;
+		default:
+			BUG();
+		};
+		/* we need a comma before each option */
+		seq_putc(m, ',');
+		seq_puts(m, prefix);
+		if (has_comma)
+			seq_putc(m, '\"');
+		seq_puts(m, opts->mnt_opts[i]);
+		if (has_comma)
+			seq_putc(m, '\"');
+	}
+}
+
+static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
+{
+	struct security_mnt_opts opts;
+	int rc;
+
+	rc = selinux_get_mnt_opts(sb, &opts);
+	if (rc)
+		return rc;
+
+	selinux_write_opts(m, &opts);
+
+	security_free_mnt_opts(&opts);
+
+	return rc;
+}
+
 static inline u16 inode_mode_to_security_class(umode_t mode)
 {
 	switch (mode & S_IFMT) {
@@ -5310,6 +5362,7 @@ static struct security_operations selinux_ops = {
 	.sb_free_security =		selinux_sb_free_security,
 	.sb_copy_data =			selinux_sb_copy_data,
 	.sb_kern_mount =	        selinux_sb_kern_mount,
+	.sb_show_options =		selinux_sb_show_options,
 	.sb_statfs =			selinux_sb_statfs,
 	.sb_mount =			selinux_mount,
 	.sb_umount =			selinux_umount,

Re: [PATCH -v2] SELinux/LSM: display SELinux mount options in /proc/mounts

[Miklos Szeredi]

> This patch causes SELinux mount options to show up in /proc/mounts.  As
> with other code in the area seq_put errors are ignored.  Other LSM's
> will not have their mount options displayed until they fill in their own
> security_sb_show_options() function.
> 
> Signed-off-by: Eric Paris <eparis@redhat.com>
> Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
> 
> ---
> 
> This patch is against a merged vfs-2.6:vfs-2.6.25 and selinux:for-akpm
> repo.  It requires the a6307a583a073f85c38399c1e2c21dfe2d6a3da0
> changeset in jame's repo to compile.  I'll let you and James decide if
> we should push it through the VFS tree or the SELinux tree....
> 
> Only change from the last patch is the addition of " around mount
> options which contain a comma example:
> server:/export/ /import nfs rw,context="system_u:object_r:httpd_sys_content_t:s0:c1,c3",vers=3,rsize=32768,wsize=32768,hard,proto=tcp,timeo=600,retrans=2,sec=sys,addr=X.X.X.X 0 0

Looks good.

Since the patch is dependent on stuff in the selinux repo, it should
go via that tree.

Even better would be if the non-selinux part was split off into a
separate patch and gone through -mm, to let the interface changes get
extra review.

Thanks,
Miklos

Re: [PATCH -v2] SELinux/LSM: display SELinux mount options in /proc/mounts

[Casey Schaufler]

--- Miklos Szeredi <miklos@szeredi.hu> wrote:

> > This patch causes SELinux mount options to show up in /proc/mounts.  As
> > with other code in the area seq_put errors are ignored.  Other LSM's
> > will not have their mount options displayed until they fill in their own
> > security_sb_show_options() function.
> > 
> > Signed-off-by: Eric Paris <eparis@redhat.com>
> > Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
> > 
> > ---
> > 
> > This patch is against a merged vfs-2.6:vfs-2.6.25 and selinux:for-akpm
> > repo.  It requires the a6307a583a073f85c38399c1e2c21dfe2d6a3da0
> > changeset in jame's repo to compile.  I'll let you and James decide if
> > we should push it through the VFS tree or the SELinux tree....
> > 
> > Only change from the last patch is the addition of " around mount
> > options which contain a comma example:
> > server:/export/ /import nfs
>
rw,context="system_u:object_r:httpd_sys_content_t:s0:c1,c3",vers=3,rsize=32768,wsize=32768,hard,proto=tcp,timeo=600,retrans=2,sec=sys,addr=X.X.X.X
> 0 0
> 
> Looks good.
> 
> Since the patch is dependent on stuff in the selinux repo, it should
> go via that tree.
> 
> Even better would be if the non-selinux part was split off into a
> separate patch and gone through -mm, to let the interface changes get
> extra review.

I concur. Sorry that I have not been more active on reviewing this.


Casey Schaufler
casey@schaufler-ca.com

Re: [PATCH -v2] SELinux/LSM: display SELinux mount options in /proc/mounts

[James Morris]

On Fri, 4 Apr 2008, Eric Paris wrote:

> This patch causes SELinux mount options to show up in /proc/mounts.  As
> with other code in the area seq_put errors are ignored.  Other LSM's
> will not have their mount options displayed until they fill in their own
> security_sb_show_options() function.
> 
> Signed-off-by: Eric Paris <eparis@redhat.com>
> Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
> 
> ---
> 
> This patch is against a merged vfs-2.6:vfs-2.6.25 and selinux:for-akpm
> repo.  It requires the a6307a583a073f85c38399c1e2c21dfe2d6a3da0
> changeset in jame's repo to compile.  I'll let you and James decide if
> we should push it through the VFS tree or the SELinux tree....

It doesn't apply to my for-akpm branch.

fs/namespace.c.rej:

***************
*** 748,754 ****
  	const char *str;
  };
  
- static void show_sb_opts(struct seq_file *m, struct super_block *sb)
  {
  	static const struct proc_fs_info fs_info[] = {
  		{ MS_SYNCHRONOUS, ",sync" },
--- 748,754 ----
  	const char *str;
  };
  
+ static int show_sb_opts(struct seq_file *m, struct super_block *sb)
  {
  	static const struct proc_fs_info fs_info[] = {
  		{ MS_SYNCHRONOUS, ",sync" },
***************
*** 786,794 ****
  	seq_putc(m, ' ');
  	show_type(m, mnt->mnt_sb);
  	seq_puts(m, __mnt_is_readonly(mnt) ? " ro" : " rw");
- 	show_sb_opts(m, mnt->mnt_sb);
  	show_mnt_opts(m, mnt);
- 	if (mnt->mnt_sb->s_op->show_options)
  		err = mnt->mnt_sb->s_op->show_options(m, mnt);
  	seq_puts(m, " 0 0\n");
  	return err;
--- 788,796 ----
  	seq_putc(m, ' ');
  	show_type(m, mnt->mnt_sb);
  	seq_puts(m, __mnt_is_readonly(mnt) ? " ro" : " rw");
+ 	err = show_sb_opts(m, mnt->mnt_sb);
  	show_mnt_opts(m, mnt);
+ 	if (!err && mnt->mnt_sb->s_op->show_options)
  		err = mnt->mnt_sb->s_op->show_options(m, mnt);
  	seq_puts(m, " 0 0\n");
  	return err;
***************
*** 845,852 ****
  	seq_putc(m, ' ');
  	mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
  	seq_puts(m, sb->s_flags & MS_RDONLY ? " ro" : " rw");
- 	show_sb_opts(m, sb);
- 	if (sb->s_op->show_options)
  		err = sb->s_op->show_options(m, mnt);
  	seq_putc(m, '\n');
  	return err;
--- 847,854 ----
  	seq_putc(m, ' ');
  	mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
  	seq_puts(m, sb->s_flags & MS_RDONLY ? " ro" : " rw");
+ 	err = show_sb_opts(m, sb);
+ 	if (!err && sb->s_op->show_options)
  		err = sb->s_op->show_options(m, mnt);
  	seq_putc(m, '\n');
  	return err;


-- 
James Morris
<jmorris@namei.org>

Re: [PATCH -v2] SELinux/LSM: display SELinux mount options in /proc/mounts

[Eric Paris]

On Wed, 2008-04-09 at 08:36 +1000, James Morris wrote:
> On Fri, 4 Apr 2008, Eric Paris wrote:
> 
> > This patch causes SELinux mount options to show up in /proc/mounts.  As
> > with other code in the area seq_put errors are ignored.  Other LSM's
> > will not have their mount options displayed until they fill in their own
> > security_sb_show_options() function.
> > 
> > Signed-off-by: Eric Paris <eparis@redhat.com>
> > Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
> > 
> > ---
> > 
> > This patch is against a merged vfs-2.6:vfs-2.6.25 and selinux:for-akpm
> > repo.  It requires the a6307a583a073f85c38399c1e2c21dfe2d6a3da0
> > changeset in jame's repo to compile.  I'll let you and James decide if
> > we should push it through the VFS tree or the SELinux tree....
> 
> It doesn't apply to my for-akpm branch.

I said it was against multiple devel trees and I didn't know how it was
going to go in.  It needs:

http://git.kernel.org/?p=linux/kernel/git/viro/vfs-2.6.git;a=commitdiff;h=a0d807802dfe1496a52483cc540b2ab440158f41#patch12

which is in the VFS tree.....

suggestions anyone on the best way to get this merged?

-Eric

Re: [PATCH -v2] SELinux/LSM: display SELinux mount options in /proc/mounts

[James Morris]

On Tue, 8 Apr 2008, Eric Paris wrote:

> http://git.kernel.org/?p=linux/kernel/git/viro/vfs-2.6.git;a=commitdiff;h=a0d807802dfe1496a52483cc540b2ab440158f41#patch12
> 
> which is in the VFS tree.....
> 
> suggestions anyone on the best way to get this merged?

Wait until the VFS stuff is merged upstream and then I'll push it via the 
SELinux tree.

-- 
James Morris
<jmorris@namei.org>

Re: [PATCH -v2] SELinux/LSM: display SELinux mount options in /proc/mounts

[Miklos Szeredi]

> > > 
> > > This patch is against a merged vfs-2.6:vfs-2.6.25 and selinux:for-akpm
> > > repo.  It requires the a6307a583a073f85c38399c1e2c21dfe2d6a3da0
> > > changeset in jame's repo to compile.  I'll let you and James decide if
> > > we should push it through the VFS tree or the SELinux tree....
> > 
> > It doesn't apply to my for-akpm branch.
> 
> I said it was against multiple devel trees and I didn't know how it was
> going to go in.

Ah, sorry.

>  It needs:
> 
> http://git.kernel.org/?p=linux/kernel/git/viro/vfs-2.6.git;a=commitdiff;h=a0d807802dfe1496a52483cc540b2ab440158f41#patch12
> 
> which is in the VFS tree.....
> 
> suggestions anyone on the best way to get this merged?

Either, as James said, wait for the vfs dependency to be merged, or go
through -mm, which pulls from both trees, letting Andrew deal with the
merging order (which isn't all that complicated in this case).

Miklos