summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-07-29 23:07:26 +0200
committerJames Morris <jmorris@namei.org>2008-07-30 00:31:28 +0200
commit383795c206946777d87ed5f6d61d6659110f9344 (patch)
tree839c3a69e5a8603ce4bc494fc5b7e81c1e02e87b /security
parentLinux 2.6.27-rc1 (diff)
downloadlinux-383795c206946777d87ed5f6d61d6659110f9344.tar.xz
linux-383795c206946777d87ed5f6d61d6659110f9344.zip
SELinux: /proc/mounts should show what it can
Given a hosed SELinux config in which a system never loads policy or disables SELinux we currently just return -EINVAL for anyone trying to read /proc/mounts. This is a configuration problem but we can certainly be more graceful. This patch just ignores -EINVAL when displaying LSM options and causes /proc/mounts display everything else it can. If policy isn't loaded the obviously there are no options, so we aren't really loosing any information here. This is safe as the only other return of EINVAL comes from security_sid_to_context_core() in the case of an invalid sid. Even if a FS was mounted with a now invalidated context that sid should have been remapped to unlabeled and so we won't hit the EINVAL and will work like we should. (yes, I tested to make sure it worked like I thought) Signed-off-by: Eric Paris <eparis@redhat.com> Tested-by: Marc Dionne <marc.c.dionne@gmail.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 40d06c533f89..3ae9bec5a508 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -998,8 +998,12 @@ static int selinux_sb_show_options(struct seq_file *m, struct super_block *sb)
int rc;
rc = selinux_get_mnt_opts(sb, &opts);
- if (rc)
+ if (rc) {
+ /* before policy load we may get EINVAL, don't show anything */
+ if (rc == -EINVAL)
+ rc = 0;
return rc;
+ }
selinux_write_opts(m, &opts);