Where's 1/2? I've ported this to the tip of the vfs-2.6 tree, but can't compile it without the other half. Miklos ---- From: Eric Paris <eparis@xxxxxxxxxx> This patch causes SELinux mount options to show up in /proc/mounts. As with other code in the area seq_put errors are ignored. Other LSM's will not have their mount options displayed until they fill in their own security_sb_show_options() function. Signed-off-by: Eric Paris <eparis@xxxxxxxxxx> Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxx> --- fs/namespace.c | 12 ++++++---- include/linux/security.h | 9 ++++++++ security/dummy.c | 6 +++++ security/security.c | 5 ++++ security/selinux/hooks.c | 52 +++++++++++++++++++++++++++++++++++++++++++++-- 5 files changed, 77 insertions(+), 7 deletions(-) Index: vfs-2.6/include/linux/security.h =================================================================== --- vfs-2.6.orig/include/linux/security.h 2008-03-31 14:16:24.000000000 +0200 +++ vfs-2.6/include/linux/security.h 2008-04-02 10:59:10.000000000 +0200 @@ -74,6 +74,7 @@ struct xfrm_selector; struct xfrm_policy; struct xfrm_state; struct xfrm_user_sec_ctx; +struct seq_file; extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); extern int cap_netlink_recv(struct sk_buff *skb, int cap); @@ -1259,6 +1260,7 @@ struct security_operations { void (*sb_free_security) (struct super_block * sb); int (*sb_copy_data)(char *orig, char *copy); int (*sb_kern_mount) (struct super_block *sb, void *data); + int (*sb_show_options) (struct seq_file *m, struct super_block *sb); int (*sb_statfs) (struct dentry *dentry); int (*sb_mount) (char *dev_name, struct path *path, char *type, unsigned long flags, void *data); @@ -1527,6 +1529,7 @@ int security_sb_alloc(struct super_block void security_sb_free(struct super_block *sb); int security_sb_copy_data(char *orig, char *copy); int security_sb_kern_mount(struct super_block *sb, void *data); +int security_sb_show_options(struct seq_file *m, struct super_block *sb); int security_sb_statfs(struct dentry *dentry); int security_sb_mount(char *dev_name, struct path *path, char *type, unsigned long flags, void *data); @@ -1800,6 +1803,12 @@ static inline int security_sb_kern_mount return 0; } +static inline int security_sb_show_options(struct seq_file *m, + struct super_block *sb) +{ + return 0; +} + static inline int security_sb_statfs (struct dentry *dentry) { return 0; Index: vfs-2.6/security/dummy.c =================================================================== --- vfs-2.6.orig/security/dummy.c 2008-03-31 14:16:24.000000000 +0200 +++ vfs-2.6/security/dummy.c 2008-04-02 10:59:10.000000000 +0200 @@ -191,6 +191,11 @@ static int dummy_sb_kern_mount (struct s return 0; } +static int dummy_sb_show_options(struct seq_file *m, struct super_block *sb) +{ + return 0; +} + static int dummy_sb_statfs (struct dentry *dentry) { return 0; @@ -1017,6 +1022,7 @@ void security_fixup_ops (struct security set_to_dummy_if_null(ops, sb_free_security); set_to_dummy_if_null(ops, sb_copy_data); set_to_dummy_if_null(ops, sb_kern_mount); + set_to_dummy_if_null(ops, sb_show_options); set_to_dummy_if_null(ops, sb_statfs); set_to_dummy_if_null(ops, sb_mount); set_to_dummy_if_null(ops, sb_check_sb); Index: vfs-2.6/security/security.c =================================================================== --- vfs-2.6.orig/security/security.c 2008-03-31 14:16:24.000000000 +0200 +++ vfs-2.6/security/security.c 2008-04-02 10:59:10.000000000 +0200 @@ -255,6 +255,11 @@ int security_sb_kern_mount(struct super_ return security_ops->sb_kern_mount(sb, data); } +int security_sb_show_options(struct seq_file *m, struct super_block *sb) +{ + return security_ops->sb_show_options(m, sb); +} + int security_sb_statfs(struct dentry *dentry) { return security_ops->sb_statfs(dentry); Index: vfs-2.6/security/selinux/hooks.c =================================================================== --- vfs-2.6.orig/security/selinux/hooks.c 2008-03-31 14:16:24.000000000 +0200 +++ vfs-2.6/security/selinux/hooks.c 2008-04-02 10:59:10.000000000 +0200 @@ -9,7 +9,8 @@ * James Morris <jmorris@xxxxxxxxxx> * * Copyright (C) 2001,2002 Networks Associates Technology, Inc. - * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@xxxxxxxxxx> + * Copyright (C) 2003-2008 Red Hat, Inc., James Morris <jmorris@xxxxxxxxxx> + * Eric Paris <eparis@xxxxxxxxxx> * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * <dgoeddel@xxxxxxxxxxxxx> * Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P. @@ -19,7 +20,7 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2, - * as published by the Free Software Foundation. + * as published by the Free Software Foundation. */ #include <linux/init.h> @@ -947,6 +948,52 @@ out_err: return rc; } +void selinux_write_opts(struct seq_file *m, struct security_mnt_opts *opts) +{ + int i; + char *prefix; + + for (i = 0; i < opts->num_mnt_opts; i++) { + /* we need a comma before each option */ + seq_putc(m, ','); + + switch (opts->mnt_opts_flags[i]) { + case CONTEXT_MNT: + prefix = CONTEXT_STR; + break; + case FSCONTEXT_MNT: + prefix = FSCONTEXT_STR; + break; + case ROOTCONTEXT_MNT: + prefix = ROOTCONTEXT_STR; + break; + case DEFCONTEXT_MNT: + prefix = DEFCONTEXT_STR; + break; + default: + BUG(); + }; + seq_puts(m, prefix); + seq_puts(m, opts->mnt_opts[i]); + } +} + +static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb) +{ + struct security_mnt_opts opts; + int rc; + + rc = selinux_get_mnt_opts(sb, &opts); + if (rc) + return rc; + + selinux_write_opts(m, &opts); + + security_free_mnt_opts(&opts); + + return rc; +} + static inline u16 inode_mode_to_security_class(umode_t mode) { switch (mode & S_IFMT) { @@ -5257,6 +5304,7 @@ static struct security_operations selinu .sb_free_security = selinux_sb_free_security, .sb_copy_data = selinux_sb_copy_data, .sb_kern_mount = selinux_sb_kern_mount, + .sb_show_options = selinux_sb_show_options, .sb_statfs = selinux_sb_statfs, .sb_mount = selinux_mount, .sb_umount = selinux_umount, Index: vfs-2.6/fs/namespace.c =================================================================== --- vfs-2.6.orig/fs/namespace.c 2008-03-31 14:16:24.000000000 +0200 +++ vfs-2.6/fs/namespace.c 2008-04-02 11:03:18.000000000 +0200 @@ -748,7 +748,7 @@ struct proc_fs_info { const char *str; }; -static void show_sb_opts(struct seq_file *m, struct super_block *sb) +static int show_sb_opts(struct seq_file *m, struct super_block *sb) { static const struct proc_fs_info fs_info[] = { { MS_SYNCHRONOUS, ",sync" }, @@ -762,6 +762,8 @@ static void show_sb_opts(struct seq_file if (sb->s_flags & fs_infop->flag) seq_puts(m, fs_infop->str); } + + return security_sb_show_options(m, sb); } static void show_mnt_opts(struct seq_file *m, struct vfsmount *mnt) @@ -804,9 +806,9 @@ static int show_vfsmnt(struct seq_file * seq_putc(m, ' '); show_type(m, mnt->mnt_sb); seq_puts(m, __mnt_is_readonly(mnt) ? " ro" : " rw"); - show_sb_opts(m, mnt->mnt_sb); + err = show_sb_opts(m, mnt->mnt_sb); show_mnt_opts(m, mnt); - if (mnt->mnt_sb->s_op->show_options) + if (!err && mnt->mnt_sb->s_op->show_options) err = mnt->mnt_sb->s_op->show_options(m, mnt); seq_puts(m, " 0 0\n"); return err; @@ -863,8 +865,8 @@ static int show_mountinfo(struct seq_fil seq_putc(m, ' '); mangle(m, mnt->mnt_devname ? mnt->mnt_devname : "none"); seq_puts(m, sb->s_flags & MS_RDONLY ? " ro" : " rw"); - show_sb_opts(m, sb); - if (sb->s_op->show_options) + err = show_sb_opts(m, sb); + if (!err && sb->s_op->show_options) err = sb->s_op->show_options(m, mnt); seq_putc(m, '\n'); return err; -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html