aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-04-21 16:24:11 -0400
committerGreg Kroah-Hartman <gregkh@suse.de>2008-05-01 14:44:35 -0700
commitbbb3f67ee46679d6b18373b029723aae199ab7e8 (patch)
tree651e4431b9034963cad4ad9879e702b85a23ea22 /security
parent050aa73d317bb6f8182c1ee8d4850c3aee873d7a (diff)
SELinux: no BUG_ON(!ss_initialized) in selinux_clone_mnt_opts
commit 0f5e64200f20fc8f5b759c4010082f577ab0af3f upstream The Fedora installer actually makes multiple NFS mounts before it loads selinux policy. The code in selinux_clone_mnt_opts() assumed that the init process would always be loading policy before NFS was up and running. It might be possible to hit this in a diskless environment as well, I'm not sure. There is no need to BUG_ON() in this situation since we can safely continue given the circumstances. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d39b59cf8a0..f4fa9822b23 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -756,9 +756,18 @@ static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
int set_context = (oldsbsec->flags & CONTEXT_MNT);
int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
- /* we can't error, we can't save the info, this shouldn't get called
- * this early in the boot process. */
- BUG_ON(!ss_initialized);
+ /*
+ * if the parent was able to be mounted it clearly had no special lsm
+ * mount options. thus we can safely put this sb on the list and deal
+ * with it later
+ */
+ if (!ss_initialized) {
+ spin_lock(&sb_security_lock);
+ if (list_empty(&newsbsec->list))
+ list_add(&newsbsec->list, &superblock_security_head);
+ spin_unlock(&sb_security_lock);
+ return;
+ }
/* how can we clone if the old one wasn't set up?? */
BUG_ON(!oldsbsec->initialized);