[E1000-devel] [PATCH 3/3][RFC] SELinux: don't check permissions for kernel mounts

James Morris Thu, 18 Dec 2008 17:09:33 -0800

Don't bother checking permissions when the kernel performs an internal 
mount, as this should always be allowed.


Signed-off-by: James Morris <jmor...@namei.org>
---
 security/selinux/hooks.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3897758..4a44903 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2461,6 +2461,10 @@ static int selinux_sb_kern_mount(struct super_block *sb, 
int flags, void *data)
        if (rc)
                return rc;
 
+       /* Allow all mounts performed by the kernel */
+       if (flags & MS_KERNMOUNT)
+               return 0;
+
        AVC_AUDIT_DATA_INIT(&ad, FS);
        ad.u.fs.path.dentry = sb->s_root;
        return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad);
-- 
1.6.0.4


------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
E1000-devel mailing list
E1000-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/e1000-devel

[E1000-devel] [PATCH 3/3][RFC] SELinux: don't check permissions for kernel mounts

Reply via email to