diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2020-01-17 15:24:07 -0500 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2020-01-20 07:42:37 -0500 |
| commit | 98aa00345de54b8340dc2ddcd87f446d33387b5e (patch) | |
| tree | eba20964a8d90597697e375aa220b2d0d549c49d /kernel/utsname.c | |
| parent | dd89b9d9f37decab85e000384d229abdcd9944ae (diff) | |
selinux: fix regression introduced by move_mount(2) syscall
commit 2db154b3ea8e ("vfs: syscall: Add move_mount(2) to move mounts around")
introduced a new move_mount(2) system call and a corresponding new LSM
security_move_mount hook but did not implement this hook for any existing
LSM. This creates a regression for SELinux with respect to consistent
checking of mounts; the existing selinux_mount hook checks mounton
permission to the mount point path. Provide a SELinux hook
implementation for move_mount that applies this same check for
consistency. In the future we may wish to add a new move_mount
filesystem permission and check as well, but this addresses
the immediate regression.
Fixes: 2db154b3ea8e ("vfs: syscall: Add move_mount(2) to move mounts around")
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/utsname.c')
0 files changed, 0 insertions, 0 deletions