summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-04-21 16:24:11 -0400
committerJames Morris <jmorris@namei.org>2008-04-22 10:00:09 +1000
commit0f5e64200f20fc8f5b759c4010082f577ab0af3f (patch)
treee59565d010a5538910a89f0c44122e802ba011a3 /security
parente9b62693ae0a1e13ccc97a6792d9a7770c8d1b5b (diff)
downloadlinux-0f5e64200f20fc8f5b759c4010082f577ab0af3f.tar.gz
linux-0f5e64200f20fc8f5b759c4010082f577ab0af3f.tar.bz2
linux-0f5e64200f20fc8f5b759c4010082f577ab0af3f.zip
SELinux: no BUG_ON(!ss_initialized) in selinux_clone_mnt_opts
The Fedora installer actually makes multiple NFS mounts before it loads selinux policy. The code in selinux_clone_mnt_opts() assumed that the init process would always be loading policy before NFS was up and running. It might be possible to hit this in a diskless environment as well, I'm not sure. There is no need to BUG_ON() in this situation since we can safely continue given the circumstances. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 1bf2543ea942..33af321f647b 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -755,9 +755,18 @@ static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
int set_context = (oldsbsec->flags & CONTEXT_MNT);
int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
- /* we can't error, we can't save the info, this shouldn't get called
- * this early in the boot process. */
- BUG_ON(!ss_initialized);
+ /*
+ * if the parent was able to be mounted it clearly had no special lsm
+ * mount options. thus we can safely put this sb on the list and deal
+ * with it later
+ */
+ if (!ss_initialized) {
+ spin_lock(&sb_security_lock);
+ if (list_empty(&newsbsec->list))
+ list_add(&newsbsec->list, &superblock_security_head);
+ spin_unlock(&sb_security_lock);
+ return;
+ }
/* how can we clone if the old one wasn't set up?? */
BUG_ON(!oldsbsec->initialized);