From 74192246910ff4fb95309ba1a683215644beeb62 Mon Sep 17 00:00:00 2001 From: James Morris Date: Fri, 19 Dec 2008 11:41:10 +1100 Subject: SELinux: don't check permissions for kernel mounts Don't bother checking permissions when the kernel performs an internal mount, as this should always be allowed. Signed-off-by: James Morris Acked-by: Stephen Smalley --- security/selinux/hooks.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'security/selinux') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7465d713b531..853b58c8b2cb 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2484,6 +2484,10 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) if (rc) return rc; + /* Allow all mounts performed by the kernel */ + if (flags & MS_KERNMOUNT) + return 0; + AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.path.dentry = sb->s_root; return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad); -- cgit v1.2.3