diff options
| author |   Casey Schaufler <casey@schaufler-ca.com> | 2013-12-30 09:38:00 -0800 |
|---|---|---|
| committer | Casey Schaufler <casey@schaufler-ca.com> | 2013-12-31 13:35:16 -0800 |
| commit | 24ea1b6efcd8fc3b465fb74964e1a0cbe9979730 (patch) | |
| tree | bb45d3814997cbfe99a72fa9c874b752fcd6b83a /ipc | |
| parent | Smack: change rule cap check (diff) | |
| download | linux-dev-24ea1b6efcd8fc3b465fb74964e1a0cbe9979730.tar.xz linux-dev-24ea1b6efcd8fc3b465fb74964e1a0cbe9979730.zip | |
Smack: Rationalize mount restrictions
The mount restrictions imposed by Smack rely heavily on the
use of the filesystem "floor", which is the label that all
processes writing to the filesystem must have access to. It
turns out that while the "floor" notion is sound, it has yet
to be fully implemented and has never been used.
The sb_mount and sb_umount hooks only make sense if the
filesystem floor is used actively, and it isn't. They can
be reintroduced if a rational restriction comes up. Until
then, they get removed.
The sb_kern_mount hook is required for the option processing.
It is too permissive in the case of unprivileged mounts,
effectively bypassing the CAP_MAC_ADMIN restrictions if
any of the smack options are specified. Unprivileged mounts
are no longer allowed to set Smack filesystem options.
Additionally, the root and default values are set to the
label of the caller, in keeping with the policy that objects
get the label of their creator.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'ipc')
0 files changed, 0 insertions, 0 deletions