From mboxrd@z Thu Jan  1 00:00:00 1970
From: James Morris <jmorris@namei.org>
Subject: Re: [PATCH -v2] SELinux/LSM: display SELinux mount options in
 /proc/mounts
Date: Wed, 9 Apr 2008 08:36:04 +1000 (EST)
Message-ID: <Xine.LNX.4.64.0804090833250.25920@us.intercode.com.au>
References: <1207070652.3556.16.camel@localhost.localdomain>
 <E1Jgz5W-0005Pk-Tr@pomaz-ex.szeredi.hu> <1207347775.2981.32.camel@localhost.localdomain>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: Miklos Szeredi <miklos@szeredi.hu>, sds@tycho.nsa.gov,
	linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org
To: Eric Paris <eparis@redhat.com>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from namei.org ([69.55.235.186]:45475 "EHLO us.intercode.com.au"
	rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
	id S1752282AbYDHWik (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Tue, 8 Apr 2008 18:38:40 -0400
In-Reply-To: <1207347775.2981.32.camel@localhost.localdomain>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Fri, 4 Apr 2008, Eric Paris wrote:

> This patch causes SELinux mount options to show up in /proc/mounts.  As
> with other code in the area seq_put errors are ignored.  Other LSM's
> will not have their mount options displayed until they fill in their own
> security_sb_show_options() function.
> 
> Signed-off-by: Eric Paris <eparis@redhat.com>
> Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
> 
> ---
> 
> This patch is against a merged vfs-2.6:vfs-2.6.25 and selinux:for-akpm
> repo.  It requires the a6307a583a073f85c38399c1e2c21dfe2d6a3da0
> changeset in jame's repo to compile.  I'll let you and James decide if
> we should push it through the VFS tree or the SELinux tree....

It doesn't apply to my for-akpm branch.

fs/namespace.c.rej:

***************
*** 748,754 ****
  	const char *str;
  };
  
- static void show_sb_opts(struct seq_file *m, struct super_block *sb)
  {
  	static const struct proc_fs_info fs_info[] = {
  		{ MS_SYNCHRONOUS, ",sync" },
--- 748,754 ----
  	const char *str;
  };
  
+ static int show_sb_opts(struct seq_file *m, struct super_block *sb)
  {
  	static const struct proc_fs_info fs_info[] = {
  		{ MS_SYNCHRONOUS, ",sync" },
***************
*** 786,794 ****
  	seq_putc(m, ' ');
  	show_type(m, mnt->mnt_sb);
  	seq_puts(m, __mnt_is_readonly(mnt) ? " ro" : " rw");
- 	show_sb_opts(m, mnt->mnt_sb);
  	show_mnt_opts(m, mnt);
- 	if (mnt->mnt_sb->s_op->show_options)
  		err = mnt->mnt_sb->s_op->show_options(m, mnt);
  	seq_puts(m, " 0 0\n");
  	return err;
--- 788,796 ----
  	seq_putc(m, ' ');
  	show_type(m, mnt->mnt_sb);
  	seq_puts(m, __mnt_is_readonly(mnt) ? " ro" : " rw");
+ 	err = show_sb_opts(m, mnt->mnt_sb);
  	show_mnt_opts(m, mnt);
+ 	if (!err && mnt->mnt_sb->s_op->show_options)
  		err = mnt->mnt_sb->s_op->show_options(m, mnt);
  	seq_puts(m, " 0 0\n");
  	return err;
***************
*** 845,852 ****
  	seq_putc(m, ' ');
  	mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
  	seq_puts(m, sb->s_flags & MS_RDONLY ? " ro" : " rw");
- 	show_sb_opts(m, sb);
- 	if (sb->s_op->show_options)
  		err = sb->s_op->show_options(m, mnt);
  	seq_putc(m, '\n');
  	return err;
--- 847,854 ----
  	seq_putc(m, ' ');
  	mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none");
  	seq_puts(m, sb->s_flags & MS_RDONLY ? " ro" : " rw");
+ 	err = show_sb_opts(m, sb);
+ 	if (!err && sb->s_op->show_options)
  		err = sb->s_op->show_options(m, mnt);
  	seq_putc(m, '\n');
  	return err;


-- 
James Morris
<jmorris@namei.org>