git.alex.org.uk - linux-flexiantxendom0.git/commit

author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
	Wed, 29 Feb 2012 12:53:22 +0000 (21:53 +0900)
committer	Luis Henriques <luis.henriques@canonical.com>
	Mon, 30 Apr 2012 18:15:03 +0000 (19:15 +0100)
commit	820cbc0699cb341d7c4d70b6319762cbfc7a469a
tree	638569c36e0952810313d5e25dad0a41ff851926	tree \| snapshot
parent	d8dd0641c06d39b87970650d7f9a0c8c8c395511	commit \| diff

TOMOYO: Fix mount flags checking order.

BugLink: http://bugs.launchpad.net/bugs/981162

commit df91e49477a9be15921cb2854e1d12a3bdb5e425 upstream.

Userspace can pass in arbitrary combinations of MS_* flags to mount().

If both MS_BIND and one of MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE are
passed, device name which should be checked for MS_BIND was not checked because
MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE had higher priority than MS_BIND.

If both one of MS_BIND/MS_MOVE and MS_REMOUNT are passed, device name which
should not be checked for MS_REMOUNT was checked because MS_BIND/MS_MOVE had
higher priority than MS_REMOUNT.

Fix these bugs by changing priority to MS_REMOUNT -> MS_BIND ->
MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE -> MS_MOVE as with do_mount() does.

Also, unconditionally return -EINVAL if more than one of
MS_SHARED/MS_PRIVATE/MS_SLAVE/MS_UNBINDABLE is passed so that TOMOYO will not
generate inaccurate audit logs, for commit 7a2e8a8f "VFS: Sanity check mount
flags passed to change_mnt_propagation()" clarified that these flags must be
exclusively passed.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>