diff options
author | Eric Paris <eparis@redhat.com> | 2008-04-21 16:24:11 -0400 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2008-05-01 14:44:35 -0700 |
commit | bbb3f67ee46679d6b18373b029723aae199ab7e8 (patch) | |
tree | 651e4431b9034963cad4ad9879e702b85a23ea22 /security | |
parent | 050aa73d317bb6f8182c1ee8d4850c3aee873d7a (diff) |
SELinux: no BUG_ON(!ss_initialized) in selinux_clone_mnt_opts
commit 0f5e64200f20fc8f5b759c4010082f577ab0af3f upstream
The Fedora installer actually makes multiple NFS mounts before it loads
selinux policy. The code in selinux_clone_mnt_opts() assumed that the
init process would always be loading policy before NFS was up and
running. It might be possible to hit this in a diskless environment as
well, I'm not sure. There is no need to BUG_ON() in this situation
since we can safely continue given the circumstances.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/hooks.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index d39b59cf8a0..f4fa9822b23 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -756,9 +756,18 @@ static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb, int set_context = (oldsbsec->flags & CONTEXT_MNT); int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT); - /* we can't error, we can't save the info, this shouldn't get called - * this early in the boot process. */ - BUG_ON(!ss_initialized); + /* + * if the parent was able to be mounted it clearly had no special lsm + * mount options. thus we can safely put this sb on the list and deal + * with it later + */ + if (!ss_initialized) { + spin_lock(&sb_security_lock); + if (list_empty(&newsbsec->list)) + list_add(&newsbsec->list, &superblock_security_head); + spin_unlock(&sb_security_lock); + return; + } /* how can we clone if the old one wasn't set up?? */ BUG_ON(!oldsbsec->initialized); |