1
linux/security
Tetsuo Handa df91e49477 TOMOYO: Fix mount flags checking order.
Userspace can pass in arbitrary combinations of MS_* flags to mount().

If both MS_BIND and one of MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE are
passed, device name which should be checked for MS_BIND was not checked because
MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE had higher priority than MS_BIND.

If both one of MS_BIND/MS_MOVE and MS_REMOUNT are passed, device name which
should not be checked for MS_REMOUNT was checked because MS_BIND/MS_MOVE had
higher priority than MS_REMOUNT.

Fix these bugs by changing priority to MS_REMOUNT -> MS_BIND ->
MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE -> MS_MOVE as with do_mount() does.

Also, unconditionally return -EINVAL if more than one of
MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE is passed so that TOMOYO will not
generate inaccurate audit logs, for commit 7a2e8a8f "VFS: Sanity check mount
flags passed to change_mnt_propagation()" clarified that these flags must be
exclusively passed.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2012-03-01 10:23:19 +11:00
..
apparmor AppArmor: Fix the error case for chroot relative path name lookup 2012-02-27 11:38:23 -08:00
integrity security: fix ima kconfig warning 2012-02-28 11:01:15 +11:00
keys Merge branch 'next-queue' into next 2012-02-09 17:02:34 +11:00
selinux security: trim security.h 2012-02-14 10:45:42 +11:00
smack security: trim security.h 2012-02-14 10:45:42 +11:00
tomoyo TOMOYO: Fix mount flags checking order. 2012-03-01 10:23:19 +11:00
yama Yama: add PR_SET_PTRACER_ANY 2012-02-16 10:25:18 +11:00
capability.c security: create task_free security callback 2012-02-10 09:14:51 +11:00
commoncap.c security: trim security.h 2012-02-14 10:45:42 +11:00
device_cgroup.c cgroup: introduce cgroup_taskset and use it in subsys->can_attach(), cancel_attach() and attach() 2011-12-12 18:12:21 -08:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
Kconfig security: Yama LSM 2012-02-10 09:18:52 +11:00
lsm_audit.c audit: no leading space in audit_log_d_path prefix 2012-01-17 16:17:04 -05:00
Makefile security: Yama LSM 2012-02-10 09:18:52 +11:00
min_addr.c
security.c security: trim security.h 2012-02-14 10:45:42 +11:00