Skip to content

Commit

Permalink
SELinux: don't check permissions for kernel mounts
Browse files Browse the repository at this point in the history 
Don't bother checking permissions when the kernel performs an
internal mount, as this should always be allowed.

Signed-off-by: James Morris <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
  • Loading branch information
James Morris committed Dec 19, 2008
1 parent 12204e2 commit 7419224
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions security/selinux/hooks.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2484,6 +2484,10 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data)
if (rc)
return rc;

/* Allow all mounts performed by the kernel */
if (flags & MS_KERNMOUNT)
return 0;

AVC_AUDIT_DATA_INIT(&ad, FS);
ad.u.fs.path.dentry = sb->s_root;
return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
Expand Down

0 comments on commit 7419224

Please sign in to comment.