• Casey Schaufler's avatar
    Smack: Rationalize mount restrictions · 24ea1b6e
    Casey Schaufler authored
    The mount restrictions imposed by Smack rely heavily on the
    use of the filesystem "floor", which is the label that all
    processes writing to the filesystem must have access to. It
    turns out that while the "floor" notion is sound, it has yet
    to be fully implemented and has never been used.
    
    The sb_mount and sb_umount hooks only make sense if the
    filesystem floor is used actively, and it isn't. They can
    be reintroduced if a rational restriction comes up. Until
    then, they get removed.
    
    The sb_kern_mount hook is required for the option processing.
    It is too permissive in the case of unprivileged mounts,
    effectively bypassing the CAP_MAC_ADMIN restrictions if
    any of the smack options are specified. Unprivileged mounts
    are no longer allowed to set Smack filesystem options.
    Additionally, the root and default values are set to the
    label of the caller, in keeping with the policy that objects
    get the label of their creator.
    
    Targeted for git://git.gitorious.org/smack-next/kernel.gitSigned-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
    24ea1b6e
smack_lsm.c 91.6 KB