kernel_optimize_test/security/selinux
Cory Olmo 3528a95322 [PATCH] SELinux: support mls categories for context mounts
Allows commas to be embedded into context mount options (i.e.  "-o
context=some_selinux_context_t"), to better support multiple categories,
which are separated by commas and confuse mount.

For example, with the current code:

  mount -t iso9660 /dev/cdrom /media/cdrom -o \
  ro,context=system_u:object_r:iso9660_t:s0:c1,c3,c4,exec

The context option that will be interpreted by SELinux is
context=system_u:object_r:iso9660_t:s0:c1

instead of
context=system_u:object_r:iso9660_t:s0:c1,c3,c4

The options that will be passed on to the file system will be
ro,c3,c4,exec.

The proposed solution is to allow/require the SELinux context option
specified to mount to use quotes when the context contains a comma.

This patch modifies the option parsing in parse_opts(), contained in
mount.c, to take options after finding a comma only if it hasn't seen a
quote or if the quotes are matched.  It also introduces a new function that
will strip the quotes from the context option prior to translation.  The
quotes are replaced after the translation is completed to insure that in
the event the raw context contains commas the kernel will be able to
interpret the correct context.

Signed-off-by: Cory Olmo <colmo@TrustedCS.com>
Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-09-29 09:18:03 -07:00
..
include [PATCH] SELinux: convert sbsec semaphore to a mutex 2006-09-26 08:48:53 -07:00
ss [PATCH] SELinux: change isec semaphore to a mutex 2006-09-26 08:48:53 -07:00
avc.c [PATCH] support for context based audit filtering 2006-05-01 06:06:24 -04:00
exports.c [PATCH] selinux: rename selinux_ctxid_to_string 2006-09-26 08:48:52 -07:00
hooks.c [PATCH] SELinux: support mls categories for context mounts 2006-09-29 09:18:03 -07:00
Kconfig [PATCH] selinux: add support for range transitions on object classes 2006-09-26 08:48:52 -07:00
Makefile [PATCH] support for context based audit filtering 2006-05-01 06:06:24 -04:00
netif.c [PATCH] SELinux: convert to kzalloc 2005-10-30 17:37:11 -08:00
netlink.c [NETLINK]: Add "groups" argument to netlink_kernel_create 2005-08-29 16:01:11 -07:00
nlmsgtab.c Merge branch 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current 2006-03-25 09:24:53 -08:00
selinuxfs.c [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
xfrm.c [MLSXFRM]: Auto-labeling of child sockets 2006-09-22 14:53:29 -07:00