rpms/kernel/F-9 linux-2.6-selinux-ssinitialized-bugon.patch, NONE, 1.1 kernel.spec, 1.622, 1.623

Tue Apr 22 15:33:47 UTC 2008

Author: eparis

Update of /cvs/pkgs/rpms/kernel/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7173

Modified Files:
	kernel.spec 
Added Files:
	linux-2.6-selinux-ssinitialized-bugon.patch 
Log Message:
* Mon Apr 21 2008 Eric Paris <eparis at redhat.com>
- Don't BUG_ON() in selinux_clone_mnt_opts inside the installer because its init is wonky


linux-2.6-selinux-ssinitialized-bugon.patch:

--- NEW FILE linux-2.6-selinux-ssinitialized-bugon.patch ---
 security/selinux/hooks.c |   15 ++++++++++++---
 1 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f9927f0..92c8910 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -755,9 +755,18 @@ static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
 	int set_context =	(oldsbsec->flags & CONTEXT_MNT);
 	int set_rootcontext =	(oldsbsec->flags & ROOTCONTEXT_MNT);
 
-	/* we can't error, we can't save the info, this shouldn't get called
-	 * this early in the boot process. */
-	BUG_ON(!ss_initialized);
+	/*
+	 * if the parent was able to be mounted it clearly had no special lsm
+	 * mount options.  thus we can safely put this sb on the list and deal
+	 * with it later
+	 */
+	if (!ss_initialized) {
+		spin_lock(&sb_security_lock);
+		if (list_empty(&newsbsec->list))
+			list_add(&newsbsec->list, &superblock_security_head);
+		spin_unlock(&sb_security_lock);
+		return;
+	}
 
 	/* how can we clone if the old one wasn't set up?? */
 	BUG_ON(!oldsbsec->initialized);


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-9/kernel.spec,v
retrieving revision 1.622
retrieving revision 1.623
diff -u -r1.622 -r1.623
--- kernel.spec	18 Apr 2008 18:59:32 -0000	1.622
+++ kernel.spec	22 Apr 2008 15:33:04 -0000	1.623
@@ -615,6 +615,9 @@
 
 Patch700: linux-2.6-nfs-client-mounts-hang.patch
 
+# SELinux patches, will go upstream in .26
+Patch800: linux-2.6-selinux-ssinitialized-bugon.patch
+
 Patch1101: linux-2.6-default-mmf_dump_elf_headers.patch
 Patch1400: linux-2.6-smarter-relatime.patch
 Patch1515: linux-2.6-lirc.patch
@@ -1172,6 +1175,9 @@
 # get rid of imacfb and make efifb work everywhere it was used
 ApplyPatch linux-2.6-merge-efifb-imacfb.patch
 
+# I better appear in .26 and I was sent to stable....
+ApplyPatch linux-2.6-selinux-ssinitialized-bugon.patch
+
 # ---------- below all scheduled for 2.6.24 -----------------
 
 # END OF PATCH APPLICATIONS
@@ -1765,6 +1771,9 @@
 %kernel_variant_files -a /%{image_install_path}/xen*-%{KVERREL}.xen -e /etc/ld.so.conf.d/kernelcap-%{KVERREL}.xen.conf %{with_xen} xen
 
 %changelog
+* Mon Apr 21 2008 Eric Paris <eparis at redhat.com>
+- Don't BUG_ON() in selinux_clone_mnt_opts inside the installer because its init is wonky
+
 * Fri Apr 18 2008 Kyle McMartin <kmcmartin at redhat.com>
 - Enable CONFIG_RT_GROUP_SCHED (#442959)
 


