linux-hardened/security
Eric Paris 383795c206 SELinux: /proc/mounts should show what it can
Given a hosed SELinux config in which a system never loads policy or
disables SELinux we currently just return -EINVAL for anyone trying to
read /proc/mounts.  This is a configuration problem but we can certainly
be more graceful.  This patch just ignores -EINVAL when displaying LSM
options and causes /proc/mounts display everything else it can.  If
policy isn't loaded the obviously there are no options, so we aren't
really loosing any information here.

This is safe as the only other return of EINVAL comes from
security_sid_to_context_core() in the case of an invalid sid.  Even if a
FS was mounted with a now invalidated context that sid should have been
remapped to unlabeled and so we won't hit the EINVAL and will work like
we should.  (yes, I tested to make sure it worked like I thought)

Signed-off-by: Eric Paris <eparis@redhat.com>
Tested-by: Marc Dionne <marc.c.dionne@gmail.com>
Signed-off-by: James Morris <jmorris@namei.org>
2008-07-30 08:31:28 +10:00
..
keys keys: remove unused key_alloc_sem 2008-06-06 11:29:11 -07:00
selinux SELinux: /proc/mounts should show what it can 2008-07-30 08:31:28 +10:00
smack [PATCH] pass MAY_OPEN to vfs_permission() explicitly 2008-07-26 20:53:22 -04:00
capability.c [PATCH] pass MAY_OPEN to vfs_permission() explicitly 2008-07-26 20:53:22 -04:00
commoncap.c security: protect legacy applications from executing with insufficient privilege 2008-07-24 10:47:22 -07:00
device_cgroup.c devcgroup: code cleanup 2008-07-25 10:53:37 -07:00
inode.c Kobject: convert remaining kobject_unregister() to kobject_put() 2008-01-24 20:40:40 -08:00
Kconfig security: filesystem capabilities no longer experimental 2008-07-24 10:47:22 -07:00
Makefile security: remove dummy module 2008-07-14 15:03:04 +10:00
root_plug.c security: remove register_security hook 2008-07-14 15:04:06 +10:00
security.c [patch 3/4] fat: dont call notify_change 2008-07-26 20:53:27 -04:00