[apparmor] [PATCH 3/6] parser: Fail when a device is present with recursive mount make opts
Tyler Hicks
tyhicks at canonical.com
Fri Dec 12 00:49:52 UTC 2014
The parser correctly rejects mount make-* options (make-shared,
make-slave, make-private, make-unbindable) when a device is specified
(the source argument of mount(2)). However, it was not rejecting the
recursive make-* options (make-rshared, make-rslave, make-rprivate,
make-runbindable) when a device was specified.
This patch adds the MS_REC bit, which is used to indicate a recursive
option, to the MS_CMDS macro. Without this change, the recursive options
are treated as normal mount options.
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
parser/mount.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/parser/mount.h b/parser/mount.h
index 04873cf..fd49ed2 100644
--- a/parser/mount.h
+++ b/parser/mount.h
@@ -95,7 +95,7 @@
#define MS_MOVE_FLAGS (MS_MOVE)
#define MS_CMDS (MS_MOVE | MS_REMOUNT | MS_BIND | MS_PRIVATE | MS_SLAVE | \
- MS_SHARED | MS_UNBINDABLE)
+ MS_SHARED | MS_UNBINDABLE | MS_REC)
#define MS_REMOUNT_FLAGS (MS_ALL_FLAGS & ~(MS_CMDS & ~MS_REMOUNT))
#define MNT_SRC_OPT 1
--
2.1.0
More information about the AppArmor
mailing list