Searched hist:"98 aa00345de54b8340dc2ddcd87f446d33387b5e" (Results 1 – 1 of 1) sorted by relevance
| /openbmc/linux/security/selinux/ |
| H A D | hooks.c | diff 98aa00345de54b8340dc2ddcd87f446d33387b5e Fri Jan 17 14:24:07 CST 2020 Stephen Smalley <sds@tycho.nsa.gov> selinux: fix regression introduced by move_mount(2) syscall
commit 2db154b3ea8e ("vfs: syscall: Add move_mount(2) to move mounts around")
introduced a new move_mount(2) system call and a corresponding new LSM
security_move_mount hook but did not implement this hook for any existing
LSM. This creates a regression for SELinux with respect to consistent
checking of mounts; the existing selinux_mount hook checks mounton
permission to the mount point path. Provide a SELinux hook
implementation for move_mount that applies this same check for
consistency. In the future we may wish to add a new move_mount
filesystem permission and check as well, but this addresses
the immediate regression.
Fixes: 2db154b3ea8e ("vfs: syscall: Add move_mount(2) to move mounts around")
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
|