• Eric Paris's avatar
    LSM: Pass -o remount options to the LSM · ff36fe2c
    Eric Paris authored
    The VFS mount code passes the mount options to the LSM.  The LSM will remove
    options it understands from the data and the VFS will then pass the remaining
    options onto the underlying filesystem.  This is how options like the
    SELinux context= work.  The problem comes in that -o remount never calls
    into LSM code.  So if you include an LSM specific option it will get passed
    to the filesystem and will cause the remount to fail.  An example of where
    this is a problem is the 'seclabel' option.  The SELinux LSM hook will
    print this word in /proc/mounts if the filesystem is being labeled using
    xattrs.  If you pass this word on mount it will be silently stripped and
    ignored.  But if you pass this word on remount the LSM never gets called
    and it will be passed to the FS.  The FS doesn't know what seclabel means
    and thus should fail the mount.  For example an ext3 fs mounted over loop
    # mount -o loop /tmp/fs /mnt/tmp
    # cat /proc/mounts | grep /mnt/tmp
    /dev/loop0 /mnt/tmp ext3 rw,seclabel,relatime,errors=continue,barrier=0,data=ordered 0 0
    # mount -o remount /mnt/tmp
    mount: /mnt/tmp not mounted already, or bad option
    # dmesg
    EXT3-fs (loop0): error: unrecognized mount option "seclabel" or missing value
    This patch passes the remount mount options to an new LSM hook.
    Signed-off-by: default avatarEric Paris <eparis@redhat.com>
    Reviewed-by: default avatarJames Morris <jmorris@namei.org>
security.c 32.4 KB