[apparmor] [PATCH 3/6] parser: Fail when a device is present with recursive mount make opts
John Johansen
john.johansen at canonical.com
Fri Dec 12 11:21:17 UTC 2014
On 12/11/2014 04:49 PM, Tyler Hicks wrote:
> The parser correctly rejects mount make-* options (make-shared,
> make-slave, make-private, make-unbindable) when a device is specified
> (the source argument of mount(2)). However, it was not rejecting the
> recursive make-* options (make-rshared, make-rslave, make-rprivate,
> make-runbindable) when a device was specified.
>
> This patch adds the MS_REC bit, which is used to indicate a recursive
> option, to the MS_CMDS macro. Without this change, the recursive options
> are treated as normal mount options.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: John Johansen <john.johansen at canonical.com>
> ---
> parser/mount.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/parser/mount.h b/parser/mount.h
> index 04873cf..fd49ed2 100644
> --- a/parser/mount.h
> +++ b/parser/mount.h
> @@ -95,7 +95,7 @@
> #define MS_MOVE_FLAGS (MS_MOVE)
>
> #define MS_CMDS (MS_MOVE | MS_REMOUNT | MS_BIND | MS_PRIVATE | MS_SLAVE | \
> - MS_SHARED | MS_UNBINDABLE)
> + MS_SHARED | MS_UNBINDABLE | MS_REC)
> #define MS_REMOUNT_FLAGS (MS_ALL_FLAGS & ~(MS_CMDS & ~MS_REMOUNT))
>
> #define MNT_SRC_OPT 1
>
More information about the AppArmor
mailing list