1 From stable-bounces@linux.kernel.org Mon Apr 21 16:51:14 2008
2 From: Eric Paris <eparis@redhat.com>
3 Date: Mon, 21 Apr 2008 16:24:11 -0400
4 Subject: SELinux: no BUG_ON(!ss_initialized) in selinux_clone_mnt_opts
5 To: selinux@tycho.nsa.gov, stable@kernel.org
6 Cc: sds@tycho.nsa.gov, jmorris@namei.org
7 Message-ID: <1208809451.2985.82.camel@localhost.localdomain>
9 From: Eric Paris <eparis@redhat.com>
11 commit 0f5e64200f20fc8f5b759c4010082f577ab0af3f upstream
13 The Fedora installer actually makes multiple NFS mounts before it loads
14 selinux policy. The code in selinux_clone_mnt_opts() assumed that the
15 init process would always be loading policy before NFS was up and
16 running. It might be possible to hit this in a diskless environment as
17 well, I'm not sure. There is no need to BUG_ON() in this situation
18 since we can safely continue given the circumstances.
20 Signed-off-by: Eric Paris <eparis@redhat.com>
21 Signed-off-by: James Morris <jmorris@namei.org>
22 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
25 security/selinux/hooks.c | 15 ++++++++++++---
26 1 file changed, 12 insertions(+), 3 deletions(-)
28 --- a/security/selinux/hooks.c
29 +++ b/security/selinux/hooks.c
30 @@ -756,9 +756,18 @@ static void selinux_sb_clone_mnt_opts(co
31 int set_context = (oldsbsec->flags & CONTEXT_MNT);
32 int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
34 - /* we can't error, we can't save the info, this shouldn't get called
35 - * this early in the boot process. */
36 - BUG_ON(!ss_initialized);
38 + * if the parent was able to be mounted it clearly had no special lsm
39 + * mount options. thus we can safely put this sb on the list and deal
42 + if (!ss_initialized) {
43 + spin_lock(&sb_security_lock);
44 + if (list_empty(&newsbsec->list))
45 + list_add(&newsbsec->list, &superblock_security_head);
46 + spin_unlock(&sb_security_lock);
50 /* how can we clone if the old one wasn't set up?? */
51 BUG_ON(!oldsbsec->initialized);
projects / thirdparty / kernel / stable-queue.git / blob