[apparmor] [PATCH 4/6] Fix mnt_flags passed for remount
John Johansen
john.johansen at canonical.com
Wed Mar 21 13:02:23 UTC 2012
Remount should not be screening off the set of flags it is. They are
the set of flags that the kernel is masking out for make_type and
should not be used on remount. Instead just screen off the other cmds
that can have their own rules generated.
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
parser/mount.h | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/parser/mount.h b/parser/mount.h
index ebadfdd..166e672 100644
--- a/parser/mount.h
+++ b/parser/mount.h
@@ -85,7 +85,6 @@
MS_BORN | MS_NOATIME | MS_NODIRATIME | MS_RELATIME| \
MS_KERNMOUNT | MS_STRICTATIME)
-#define MS_REMOUNT_FLAGS (MS_REMOUNT | MNT_FLAGS)
#define MS_BIND_FLAGS (MS_BIND | MS_REC)
#define MS_MAKE_FLAGS ((MS_UNBINDABLE | MS_PRIVATE | MS_SLAVE | MS_SHARED | \
MS_REC) | (MS_ALL_FLAGS & ~(MNT_FLAGS)))
@@ -93,6 +92,7 @@
#define MS_CMDS (MS_MOVE | MS_REMOUNT | MS_BIND | MS_PRIVATE | MS_SLAVE | \
MS_SHARED | MS_UNBINDABLE)
+#define MS_REMOUNT_FLAGS (MS_ALL_FLAGS & ~(MS_CMDS & ~MS_REMOUNT))
#define MNT_SRC_OPT 1
#define MNT_DST_OPT 2
--
1.7.9.1
More information about the AppArmor
mailing list