summaryrefslogtreecommitdiff
path: root/fs/super.c
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2018-12-01 22:42:44 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2018-12-21 11:45:30 -0500
commit6be8750b4cba8c37170f46b29841d112f1be749b (patch)
tree0b3386c080d73fc666afcdcd1db5290b990af349 /fs/super.c
parent6466f3d193a99426db067855345e763de2160f1c (diff)
LSM: lift parsing LSM options into the caller of ->sb_kern_mount()
This paves the way for retaining the LSM options from a common filesystem mount context during a mount parameter parsing phase to be instituted prior to actual mount/reconfiguration actions. Reviewed-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs/super.c')
-rw-r--r--fs/super.c24
1 files changed, 16 insertions, 8 deletions
diff --git a/fs/super.c b/fs/super.c
index 6654de035893..8d9c9199832d 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -1246,17 +1246,26 @@ mount_fs(struct file_system_type *type, int flags, const char *name, void *data)
{
struct dentry *root;
struct super_block *sb;
- char *secdata = NULL;
int error = -ENOMEM;
+ struct security_mnt_opts opts;
+
+ security_init_mnt_opts(&opts);
if (data && !(type->fs_flags & FS_BINARY_MOUNTDATA)) {
- secdata = alloc_secdata();
+ char *secdata = alloc_secdata();
if (!secdata)
- goto out;
+ return ERR_PTR(-ENOMEM);
error = security_sb_copy_data(data, secdata);
+ if (error) {
+ free_secdata(secdata);
+ return ERR_PTR(error);
+ }
+
+ error = security_sb_parse_opts_str(secdata, &opts);
+ free_secdata(secdata);
if (error)
- goto out_free_secdata;
+ return ERR_PTR(error);
}
root = type->mount(type, flags, name, data);
@@ -1277,7 +1286,7 @@ mount_fs(struct file_system_type *type, int flags, const char *name, void *data)
smp_wmb();
sb->s_flags |= SB_BORN;
- error = security_sb_kern_mount(sb, flags, secdata);
+ error = security_sb_kern_mount(sb, flags, &opts);
if (error)
goto out_sb;
@@ -1291,14 +1300,13 @@ mount_fs(struct file_system_type *type, int flags, const char *name, void *data)
"negative value (%lld)\n", type->name, sb->s_maxbytes);
up_write(&sb->s_umount);
- free_secdata(secdata);
+ security_free_mnt_opts(&opts);
return root;
out_sb:
dput(root);
deactivate_locked_super(sb);
out_free_secdata:
- free_secdata(secdata);
-out:
+ security_free_mnt_opts(&opts);
return ERR_PTR(error);
}