• Eric Paris's avatar
    SELinux: /proc/mounts should show what it can · 383795c2
    Eric Paris authored
    Given a hosed SELinux config in which a system never loads policy or
    disables SELinux we currently just return -EINVAL for anyone trying to
    read /proc/mounts.  This is a configuration problem but we can certainly
    be more graceful.  This patch just ignores -EINVAL when displaying LSM
    options and causes /proc/mounts display everything else it can.  If
    policy isn't loaded the obviously there are no options, so we aren't
    really loosing any information here.
    
    This is safe as the only other return of EINVAL comes from
    security_sid_to_context_core() in the case of an invalid sid.  Even if a
    FS was mounted with a now invalidated context that sid should have been
    remapped to unlabeled and so we won't hit the EINVAL and will work like
    we should.  (yes, I tested to make sure it worked like I thought)
    Signed-off-by: default avatarEric Paris <eparis@redhat.com>
    Tested-by: default avatarMarc Dionne <marc.c.dionne@gmail.com>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    383795c2
Name
Last commit
Last update
..
keys Loading commit data...
selinux Loading commit data...
smack Loading commit data...
Kconfig Loading commit data...
Makefile Loading commit data...
capability.c Loading commit data...
commoncap.c Loading commit data...
device_cgroup.c Loading commit data...
inode.c Loading commit data...
root_plug.c Loading commit data...
security.c Loading commit data...