From: James Morris Date: Fri, 19 Dec 2008 00:41:10 +0000 (+1100) Subject: SELinux: don't check permissions for kernel mounts X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=74192246910ff4fb95309ba1a683215644beeb62;p=linux-beck.git SELinux: don't check permissions for kernel mounts Don't bother checking permissions when the kernel performs an internal mount, as this should always be allowed. Signed-off-by: James Morris Acked-by: Stephen Smalley --- diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7465d713b531..853b58c8b2cb 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2484,6 +2484,10 @@ static int selinux_sb_kern_mount(struct super_block *sb, int flags, void *data) if (rc) return rc; + /* Allow all mounts performed by the kernel */ + if (flags & MS_KERNMOUNT) + return 0; + AVC_AUDIT_DATA_INIT(&ad, FS); ad.u.fs.path.dentry = sb->s_root; return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);