Smack: Add smkfstransmute mount option

Suppliment the smkfsroot mount option with another, smkfstransmute, that does the same thing but also marks the root inode as transmutting. This allows a freshly created filesystem to be mounted with a transmutting heirarchy. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

Smack: Add smkfstransmute mount option
Suppliment the smkfsroot mount option with another, smkfstransmute, that does the same thing but also marks the root inode as transmutting. This allows a freshly created filesystem to be mounted with a transmutting heirarchy. Targeted for git://git.gitorious.org/smack-next/kernel.git Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler
1 parent 2f823ff8be
Showing 2 changed files with 21 additions and 5 deletions Side-by-side Diff
security/smack/smack.h
security/smack/smack_lsm.c
@@ -143,6 +143,7 @@
 #define SMK_FSFLOOR	"smackfsfloor="
 #define SMK_FSHAT	"smackfshat="
 #define SMK_FSROOT	"smackfsroot="
+#define SMK_FSTRANS	"smackfstransmute="
  
 #define SMACK_CIPSO_OPTION 	"-CIPSO"
  
@@ -261,8 +261,9 @@
 	sbsp->smk_default = smack_known_floor.smk_known;
 	sbsp->smk_floor = smack_known_floor.smk_known;
 	sbsp->smk_hat = smack_known_hat.smk_known;
-	sbsp->smk_initialized = 0;
-
+	/*
+	 * smk_initialized will be zero from kzalloc.
+	 */
 	sb->s_security = sbsp;
  
 	return 0;
@@ -306,6 +307,8 @@
 			dp = smackopts;
 		else if (strstr(cp, SMK_FSROOT) == cp)
 			dp = smackopts;
+		else if (strstr(cp, SMK_FSTRANS) == cp)
+			dp = smackopts;
 		else
 			dp = otheropts;
  
  
@@ -341,8 +344,9 @@
 	char *op;
 	char *commap;
 	char *nsp;
+	int transmute = 0;
  
-	if (sp->smk_initialized != 0)
+	if (sp->smk_initialized)
 		return 0;
  
 	sp->smk_initialized = 1;
@@ -373,6 +377,13 @@
 			nsp = smk_import(op, 0);
 			if (nsp != NULL)
 				sp->smk_root = nsp;
+		} else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
+			op += strlen(SMK_FSTRANS);
+			nsp = smk_import(op, 0);
+			if (nsp != NULL) {
+				sp->smk_root = nsp;
+				transmute = 1;
+			}
 		}
 	}
  
  
  
@@ -380,10 +391,14 @@
 	 * Initialize the root inode.
 	 */
 	isp = inode->i_security;
-	if (isp == NULL)
+	if (inode->i_security == NULL) {
 		inode->i_security = new_inode_smack(sp->smk_root);
-	else
+		isp = inode->i_security;
+	} else
 		isp->smk_inode = sp->smk_root;
+
+	if (transmute)
+		isp->smk_flags |= SMK_INODE_TRANSMUTE;
  
 	return 0;
 }
...	...	@@ -143,6 +143,7 @@
143	143	#define SMK_FSFLOOR "smackfsfloor="
144	144	#define SMK_FSHAT "smackfshat="
145	145	#define SMK_FSROOT "smackfsroot="
	146	+#define SMK_FSTRANS "smackfstransmute="
146	147
147	148	#define SMACK_CIPSO_OPTION "-CIPSO"
148	149
...	...	@@ -261,8 +261,9 @@
261	261	sbsp->smk_default = smack_known_floor.smk_known;
262	262	sbsp->smk_floor = smack_known_floor.smk_known;
263	263	sbsp->smk_hat = smack_known_hat.smk_known;
264		- sbsp->smk_initialized = 0;
265		-
	264	+ /*
	265	+ * smk_initialized will be zero from kzalloc.
	266	+ */
266	267	sb->s_security = sbsp;
267	268
268	269	return 0;
...	...	@@ -306,6 +307,8 @@
306	307	dp = smackopts;
307	308	else if (strstr(cp, SMK_FSROOT) == cp)
308	309	dp = smackopts;
	310	+ else if (strstr(cp, SMK_FSTRANS) == cp)
	311	+ dp = smackopts;
309	312	else
310	313	dp = otheropts;
311	314
312	315
...	...	@@ -341,8 +344,9 @@
341	344	char *op;
342	345	char *commap;
343	346	char *nsp;
	347	+ int transmute = 0;
344	348
345		- if (sp->smk_initialized != 0)
	349	+ if (sp->smk_initialized)
346	350	return 0;
347	351
348	352	sp->smk_initialized = 1;
...	...	@@ -373,6 +377,13 @@
373	377	nsp = smk_import(op, 0);
374	378	if (nsp != NULL)
375	379	sp->smk_root = nsp;
	380	+ } else if (strncmp(op, SMK_FSTRANS, strlen(SMK_FSTRANS)) == 0) {
	381	+ op += strlen(SMK_FSTRANS);
	382	+ nsp = smk_import(op, 0);
	383	+ if (nsp != NULL) {
	384	+ sp->smk_root = nsp;
	385	+ transmute = 1;
	386	+ }
376	387	}
377	388	}
378	389
379	390
380	391
...	...	@@ -380,10 +391,14 @@
380	391	* Initialize the root inode.
381	392	*/
382	393	isp = inode->i_security;
383		- if (isp == NULL)
	394	+ if (inode->i_security == NULL) {
384	395	inode->i_security = new_inode_smack(sp->smk_root);
385		- else
	396	+ isp = inode->i_security;
	397	+ } else
386	398	isp->smk_inode = sp->smk_root;
	399	+
	400	+ if (transmute)
	401	+ isp->smk_flags \|= SMK_INODE_TRANSMUTE;
387	402
388	403	return 0;
389	404	}