On Fri, 2008-12-19 at 12:07 +1100, James Morris wrote: > Don't bother checking permissions when the kernel performs an internal > mount, as this should always be allowed. > > Signed-off-by: James Morris <jmor...@namei.org>
Acked-by: Stephen Smalley <s...@tycho.nsa.gov> > --- > security/selinux/hooks.c | 4 ++++ > 1 files changed, 4 insertions(+), 0 deletions(-) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 3897758..4a44903 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -2461,6 +2461,10 @@ static int selinux_sb_kern_mount(struct super_block > *sb, int flags, void *data) > if (rc) > return rc; > > + /* Allow all mounts performed by the kernel */ > + if (flags & MS_KERNMOUNT) > + return 0; > + > AVC_AUDIT_DATA_INIT(&ad, FS); > ad.u.fs.path.dentry = sb->s_root; > return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad); -- Stephen Smalley National Security Agency ------------------------------------------------------------------------------ _______________________________________________ E1000-devel mailing list E1000-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/e1000-devel
