git.baikalelectronics.ru Git - kernel.git/commit

author	Stephen Smalley <sds@tycho.nsa.gov>
	Fri, 17 Jan 2020 20:24:07 +0000 (15:24 -0500)
committer	Paul Moore <paul@paul-moore.com>
	Mon, 20 Jan 2020 12:42:37 +0000 (07:42 -0500)
commit	da932ee198730574a10168d679582ce019656934
tree	eba20964a8d90597697e375aa220b2d0d549c49d	tree \| snapshot
parent	930e35ee6d8b01af0de2ec1feaf55cd2721b11b4	commit \| diff

selinux: fix regression introduced by move_mount(2) syscall

commit 550da31179ed ("vfs: syscall: Add move_mount(2) to move mounts around")
introduced a new move_mount(2) system call and a corresponding new LSM
security_move_mount hook but did not implement this hook for any existing
LSM.  This creates a regression for SELinux with respect to consistent
checking of mounts; the existing selinux_mount hook checks mounton
permission to the mount point path.  Provide a SELinux hook
implementation for move_mount that applies this same check for
consistency.  In the future we may wish to add a new move_mount
filesystem permission and check as well, but this addresses
the immediate regression.

Fixes: 550da31179ed ("vfs: syscall: Add move_mount(2) to move mounts around")
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>