tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

LSM: hide struct security_mnt_opts from any generic code

Keep void * instead, allocate on demand (in parse_str_opts, at the
moment). Eventually both selinux and smack will be better off
with private structures with several strings in those, rather than
this "counter and two pointers to dynamically allocated arrays"
ugliness. This commit allows to do that at leisure, without
disrupting anything outside of given module.

Changes:
* instead of struct security_mnt_opt use an opaque pointer
initialized to NULL.
* security_sb_eat_lsm_opts(), security_sb_parse_opts_str() and
security_free_mnt_opts() take it as var argument (i.e. as void **);
call sites are unchanged.
* security_sb_set_mnt_opts() and security_sb_remount() take
it by value (i.e. as void *).
* new method: ->sb_free_mnt_opts(). Takes void *, does
whatever freeing that needs to be done.
* ->sb_set_mnt_opts() and ->sb_remount() might get NULL as
mnt_opts argument, meaning "empty".

Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Al Viro 204cc0cc e3489f89

+118 -92
+4 -6
fs/btrfs/super.c
··· 1472 1472 struct btrfs_device *device = NULL; 1473 1473 struct btrfs_fs_devices *fs_devices = NULL; 1474 1474 struct btrfs_fs_info *fs_info = NULL; 1475 - struct security_mnt_opts new_sec_opts; 1475 + void *new_sec_opts = NULL; 1476 1476 fmode_t mode = FMODE_READ; 1477 1477 int error = 0; 1478 1478 1479 1479 if (!(flags & SB_RDONLY)) 1480 1480 mode |= FMODE_WRITE; 1481 1481 1482 - security_init_mnt_opts(&new_sec_opts); 1483 1482 if (data) { 1484 1483 error = security_sb_eat_lsm_opts(data, &new_sec_opts); 1485 1484 if (error) ··· 1550 1551 error = btrfs_fill_super(s, fs_devices, data); 1551 1552 } 1552 1553 if (!error) 1553 - error = security_sb_set_mnt_opts(s, &new_sec_opts, 0, NULL); 1554 + error = security_sb_set_mnt_opts(s, new_sec_opts, 0, NULL); 1554 1555 security_free_mnt_opts(&new_sec_opts); 1555 1556 if (error) { 1556 1557 deactivate_locked_super(s); ··· 1723 1724 btrfs_remount_prepare(fs_info); 1724 1725 1725 1726 if (data) { 1726 - struct security_mnt_opts new_sec_opts; 1727 + void *new_sec_opts = NULL; 1727 1728 1728 - security_init_mnt_opts(&new_sec_opts); 1729 1729 ret = security_sb_eat_lsm_opts(data, &new_sec_opts); 1730 1730 if (!ret) 1731 - ret = security_sb_remount(sb, &new_sec_opts); 1731 + ret = security_sb_remount(sb, new_sec_opts); 1732 1732 security_free_mnt_opts(&new_sec_opts); 1733 1733 if (ret) 1734 1734 goto restore;
+4 -5
fs/namespace.c
··· 2299 2299 int err; 2300 2300 struct super_block *sb = path->mnt->mnt_sb; 2301 2301 struct mount *mnt = real_mount(path->mnt); 2302 - struct security_mnt_opts opts; 2302 + void *sec_opts = NULL; 2303 2303 2304 2304 if (!check_mnt(mnt)) 2305 2305 return -EINVAL; ··· 2310 2310 if (!can_change_locked_flags(mnt, mnt_flags)) 2311 2311 return -EPERM; 2312 2312 2313 - security_init_mnt_opts(&opts); 2314 2313 if (data && !(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)) { 2315 - err = security_sb_eat_lsm_opts(data, &opts); 2314 + err = security_sb_eat_lsm_opts(data, &sec_opts); 2316 2315 if (err) 2317 2316 return err; 2318 2317 } 2319 - err = security_sb_remount(sb, &opts); 2320 - security_free_mnt_opts(&opts); 2318 + err = security_sb_remount(sb, sec_opts); 2319 + security_free_mnt_opts(&sec_opts); 2321 2320 if (err) 2322 2321 return err; 2323 2322
+1 -1
fs/nfs/internal.h
··· 123 123 unsigned short protocol; 124 124 } nfs_server; 125 125 126 - struct security_mnt_opts lsm_opts; 126 + void *lsm_opts; 127 127 struct net *net; 128 128 }; 129 129
+3 -3
fs/nfs/super.c
··· 929 929 data->minorversion = 0; 930 930 data->need_mount = true; 931 931 data->net = current->nsproxy->net_ns; 932 - security_init_mnt_opts(&data->lsm_opts); 932 + data->lsm_opts = NULL; 933 933 } 934 934 return data; 935 935 } ··· 2294 2294 /* compare new mount options with old ones */ 2295 2295 error = nfs_compare_remount_data(nfss, data); 2296 2296 if (!error) 2297 - error = security_sb_remount(sb, &data->lsm_opts); 2297 + error = security_sb_remount(sb, data->lsm_opts); 2298 2298 out: 2299 2299 nfs_free_parsed_mount_data(data); 2300 2300 return error; ··· 2534 2534 if (NFS_SB(s)->caps & NFS_CAP_SECURITY_LABEL) 2535 2535 kflags |= SECURITY_LSM_NATIVE_LABELS; 2536 2536 2537 - error = security_sb_set_mnt_opts(s, &mount_info->parsed->lsm_opts, 2537 + error = security_sb_set_mnt_opts(s, mount_info->parsed->lsm_opts, 2538 2538 kflags, &kflags_out); 2539 2539 if (error) 2540 2540 goto err;
+5 -7
fs/super.c
··· 1247 1247 struct dentry *root; 1248 1248 struct super_block *sb; 1249 1249 int error = -ENOMEM; 1250 - struct security_mnt_opts opts; 1251 - 1252 - security_init_mnt_opts(&opts); 1250 + void *sec_opts = NULL; 1253 1251 1254 1252 if (data && !(type->fs_flags & FS_BINARY_MOUNTDATA)) { 1255 - error = security_sb_eat_lsm_opts(data, &opts); 1253 + error = security_sb_eat_lsm_opts(data, &sec_opts); 1256 1254 if (error) 1257 1255 return ERR_PTR(error); 1258 1256 } ··· 1273 1275 smp_wmb(); 1274 1276 sb->s_flags |= SB_BORN; 1275 1277 1276 - error = security_sb_set_mnt_opts(sb, &opts, 0, NULL); 1278 + error = security_sb_set_mnt_opts(sb, sec_opts, 0, NULL); 1277 1279 if (error) 1278 1280 goto out_sb; 1279 1281 ··· 1293 1295 "negative value (%lld)\n", type->name, sb->s_maxbytes); 1294 1296 1295 1297 up_write(&sb->s_umount); 1296 - security_free_mnt_opts(&opts); 1298 + security_free_mnt_opts(&sec_opts); 1297 1299 return root; 1298 1300 out_sb: 1299 1301 dput(root); 1300 1302 deactivate_locked_super(sb); 1301 1303 out_free_secdata: 1302 - security_free_mnt_opts(&opts); 1304 + security_free_mnt_opts(&sec_opts); 1303 1305 return ERR_PTR(error); 1304 1306 } 1305 1307
+6 -5
include/linux/lsm_hooks.h
··· 1461 1461 1462 1462 int (*sb_alloc_security)(struct super_block *sb); 1463 1463 void (*sb_free_security)(struct super_block *sb); 1464 - int (*sb_eat_lsm_opts)(char *orig, struct security_mnt_opts *opts); 1465 - int (*sb_remount)(struct super_block *sb, 1466 - struct security_mnt_opts *opts); 1464 + void (*sb_free_mnt_opts)(void *mnt_opts); 1465 + int (*sb_eat_lsm_opts)(char *orig, void **mnt_opts); 1466 + int (*sb_remount)(struct super_block *sb, void *mnt_opts); 1467 1467 int (*sb_kern_mount)(struct super_block *sb); 1468 1468 int (*sb_show_options)(struct seq_file *m, struct super_block *sb); 1469 1469 int (*sb_statfs)(struct dentry *dentry); ··· 1472 1472 int (*sb_umount)(struct vfsmount *mnt, int flags); 1473 1473 int (*sb_pivotroot)(const struct path *old_path, const struct path *new_path); 1474 1474 int (*sb_set_mnt_opts)(struct super_block *sb, 1475 - struct security_mnt_opts *opts, 1475 + void *mnt_opts, 1476 1476 unsigned long kern_flags, 1477 1477 unsigned long *set_kern_flags); 1478 1478 int (*sb_clone_mnt_opts)(const struct super_block *oldsb, 1479 1479 struct super_block *newsb, 1480 1480 unsigned long kern_flags, 1481 1481 unsigned long *set_kern_flags); 1482 - int (*sb_parse_opts_str)(char *options, struct security_mnt_opts *opts); 1482 + int (*sb_parse_opts_str)(char *options, void **mnt_opts); 1483 1483 int (*dentry_init_security)(struct dentry *dentry, int mode, 1484 1484 const struct qstr *name, void **ctx, 1485 1485 u32 *ctxlen); ··· 1801 1801 struct hlist_head bprm_committed_creds; 1802 1802 struct hlist_head sb_alloc_security; 1803 1803 struct hlist_head sb_free_security; 1804 + struct hlist_head sb_free_mnt_opts; 1804 1805 struct hlist_head sb_eat_lsm_opts; 1805 1806 struct hlist_head sb_remount; 1806 1807 struct hlist_head sb_kern_mount;
+10 -33
include/linux/security.h
··· 192 192 int register_lsm_notifier(struct notifier_block *nb); 193 193 int unregister_lsm_notifier(struct notifier_block *nb); 194 194 195 - static inline void security_init_mnt_opts(struct security_mnt_opts *opts) 196 - { 197 - opts->mnt_opts = NULL; 198 - opts->mnt_opts_flags = NULL; 199 - opts->num_mnt_opts = 0; 200 - } 201 - 202 - static inline void security_free_mnt_opts(struct security_mnt_opts *opts) 203 - { 204 - int i; 205 - if (opts->mnt_opts) 206 - for (i = 0; i < opts->num_mnt_opts; i++) 207 - kfree(opts->mnt_opts[i]); 208 - kfree(opts->mnt_opts); 209 - opts->mnt_opts = NULL; 210 - kfree(opts->mnt_opts_flags); 211 - opts->mnt_opts_flags = NULL; 212 - opts->num_mnt_opts = 0; 213 - } 214 - 215 195 /* prototypes */ 216 196 extern int security_init(void); 217 197 ··· 228 248 void security_bprm_committed_creds(struct linux_binprm *bprm); 229 249 int security_sb_alloc(struct super_block *sb); 230 250 void security_sb_free(struct super_block *sb); 231 - int security_sb_eat_lsm_opts(char *options, struct security_mnt_opts *opts); 232 - int security_sb_remount(struct super_block *sb, struct security_mnt_opts *opts); 251 + void security_free_mnt_opts(void **mnt_opts); 252 + int security_sb_eat_lsm_opts(char *options, void **mnt_opts); 253 + int security_sb_remount(struct super_block *sb, void *mnt_opts); 233 254 int security_sb_kern_mount(struct super_block *sb); 234 255 int security_sb_show_options(struct seq_file *m, struct super_block *sb); 235 256 int security_sb_statfs(struct dentry *dentry); ··· 239 258 int security_sb_umount(struct vfsmount *mnt, int flags); 240 259 int security_sb_pivotroot(const struct path *old_path, const struct path *new_path); 241 260 int security_sb_set_mnt_opts(struct super_block *sb, 242 - struct security_mnt_opts *opts, 261 + void *mnt_opts, 243 262 unsigned long kern_flags, 244 263 unsigned long *set_kern_flags); 245 264 int security_sb_clone_mnt_opts(const struct super_block *oldsb, 246 265 struct super_block *newsb, 247 266 unsigned long kern_flags, 248 267 unsigned long *set_kern_flags); 249 - int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts); 268 + int security_sb_parse_opts_str(char *options, void **mnt_opts); 250 269 int security_dentry_init_security(struct dentry *dentry, int mode, 251 270 const struct qstr *name, void **ctx, 252 271 u32 *ctxlen); ··· 402 421 return 0; 403 422 } 404 423 405 - static inline void security_init_mnt_opts(struct security_mnt_opts *opts) 406 - { 407 - } 408 - 409 - static inline void security_free_mnt_opts(struct security_mnt_opts *opts) 424 + static inline void security_free_mnt_opts(void **mnt_opts) 410 425 { 411 426 } 412 427 ··· 533 556 { } 534 557 535 558 static inline int security_sb_eat_lsm_opts(char *options, 536 - struct security_mnt_opts *opts) 559 + void **mnt_opts) 537 560 { 538 561 return 0; 539 562 } 540 563 541 564 static inline int security_sb_remount(struct super_block *sb, 542 - struct security_mnt_opts *opts) 565 + void *mnt_opts) 543 566 { 544 567 return 0; 545 568 } ··· 579 602 } 580 603 581 604 static inline int security_sb_set_mnt_opts(struct super_block *sb, 582 - struct security_mnt_opts *opts, 605 + void *mnt_opts, 583 606 unsigned long kern_flags, 584 607 unsigned long *set_kern_flags) 585 608 { ··· 594 617 return 0; 595 618 } 596 619 597 - static inline int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts) 620 + static inline int security_sb_parse_opts_str(char *options, void **mnt_opts) 598 621 { 599 622 return 0; 600 623 }
+18 -9
security/security.c
··· 384 384 call_void_hook(sb_free_security, sb); 385 385 } 386 386 387 - int security_sb_eat_lsm_opts(char *options, struct security_mnt_opts *opts) 387 + void security_free_mnt_opts(void **mnt_opts) 388 388 { 389 - return call_int_hook(sb_eat_lsm_opts, 0, options, opts); 389 + if (!*mnt_opts) 390 + return; 391 + call_void_hook(sb_free_mnt_opts, *mnt_opts); 392 + *mnt_opts = NULL; 393 + } 394 + EXPORT_SYMBOL(security_free_mnt_opts); 395 + 396 + int security_sb_eat_lsm_opts(char *options, void **mnt_opts) 397 + { 398 + return call_int_hook(sb_eat_lsm_opts, 0, options, mnt_opts); 390 399 } 391 400 EXPORT_SYMBOL(security_sb_eat_lsm_opts); 392 401 393 402 int security_sb_remount(struct super_block *sb, 394 - struct security_mnt_opts *opts) 403 + void *mnt_opts) 395 404 { 396 - return call_int_hook(sb_remount, 0, sb, opts); 405 + return call_int_hook(sb_remount, 0, sb, mnt_opts); 397 406 } 398 407 EXPORT_SYMBOL(security_sb_remount); 399 408 ··· 438 429 } 439 430 440 431 int security_sb_set_mnt_opts(struct super_block *sb, 441 - struct security_mnt_opts *opts, 432 + void *mnt_opts, 442 433 unsigned long kern_flags, 443 434 unsigned long *set_kern_flags) 444 435 { 445 436 return call_int_hook(sb_set_mnt_opts, 446 - opts->num_mnt_opts ? -EOPNOTSUPP : 0, sb, 447 - opts, kern_flags, set_kern_flags); 437 + mnt_opts ? -EOPNOTSUPP : 0, sb, 438 + mnt_opts, kern_flags, set_kern_flags); 448 439 } 449 440 EXPORT_SYMBOL(security_sb_set_mnt_opts); 450 441 ··· 458 449 } 459 450 EXPORT_SYMBOL(security_sb_clone_mnt_opts); 460 451 461 - int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts) 452 + int security_sb_parse_opts_str(char *options, void **mnt_opts) 462 453 { 463 - return call_int_hook(sb_parse_opts_str, 0, options, opts); 454 + return call_int_hook(sb_parse_opts_str, 0, options, mnt_opts); 464 455 } 465 456 EXPORT_SYMBOL(security_sb_parse_opts_str); 466 457
+37 -15
security/selinux/hooks.c
··· 433 433 kfree(sbsec); 434 434 } 435 435 436 + static void selinux_free_mnt_opts(void *mnt_opts) 437 + { 438 + struct security_mnt_opts *opts = mnt_opts; 439 + int i; 440 + 441 + if (opts->mnt_opts) 442 + for (i = 0; i < opts->num_mnt_opts; i++) 443 + kfree(opts->mnt_opts[i]); 444 + kfree(opts->mnt_opts); 445 + kfree(opts->mnt_opts_flags); 446 + kfree(opts); 447 + } 448 + 436 449 static inline int inode_doinit(struct inode *inode) 437 450 { 438 451 return inode_doinit_with_dentry(inode, NULL); ··· 629 616 * labeling information. 630 617 */ 631 618 static int selinux_set_mnt_opts(struct super_block *sb, 632 - struct security_mnt_opts *opts, 619 + void *mnt_opts, 633 620 unsigned long kern_flags, 634 621 unsigned long *set_kern_flags) 635 622 { ··· 641 628 struct inode_security_struct *root_isec; 642 629 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; 643 630 u32 defcontext_sid = 0; 644 - char **mount_options = opts->mnt_opts; 645 - int *flags = opts->mnt_opts_flags; 646 - int num_opts = opts->num_mnt_opts; 631 + struct security_mnt_opts *opts = mnt_opts; 632 + char **mount_options = opts ? opts->mnt_opts : NULL; 633 + int *flags = opts ? opts->mnt_opts_flags : NULL; 634 + int num_opts = opts ? opts->num_mnt_opts : 0; 647 635 648 636 mutex_lock(&sbsec->lock); 649 637 ··· 996 982 } 997 983 998 984 static int selinux_parse_opts_str(char *options, 999 - struct security_mnt_opts *opts) 985 + void **mnt_opts) 1000 986 { 1001 987 char *p; 1002 988 char *context = NULL, *defcontext = NULL; 1003 989 char *fscontext = NULL, *rootcontext = NULL; 1004 990 int rc, num_mnt_opts = 0; 991 + struct security_mnt_opts *opts = *mnt_opts; 992 + 993 + if (!opts) { 994 + opts = kzalloc(sizeof(struct security_mnt_opts), GFP_KERNEL); 995 + *mnt_opts = opts; 996 + if (!opts) 997 + return -ENOMEM; 998 + } 1005 999 1006 1000 opts->num_mnt_opts = 0; 1007 1001 ··· 1116 1094 return 0; 1117 1095 1118 1096 out_err: 1119 - security_free_mnt_opts(opts); 1097 + security_free_mnt_opts(mnt_opts); 1120 1098 kfree(context); 1121 1099 kfree(defcontext); 1122 1100 kfree(fscontext); ··· 2736 2714 return rc; 2737 2715 } 2738 2716 2739 - static int selinux_sb_eat_lsm_opts(char *options, struct security_mnt_opts *opts) 2717 + static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts) 2740 2718 { 2741 2719 char *s = (char *)get_zeroed_page(GFP_KERNEL); 2742 2720 int err; ··· 2745 2723 return -ENOMEM; 2746 2724 err = selinux_sb_copy_data(options, s); 2747 2725 if (!err) 2748 - err = selinux_parse_opts_str(s, opts); 2726 + err = selinux_parse_opts_str(s, mnt_opts); 2749 2727 free_page((unsigned long)s); 2750 2728 return err; 2751 2729 } 2752 2730 2753 - static int selinux_sb_remount(struct super_block *sb, 2754 - struct security_mnt_opts *opts) 2731 + static int selinux_sb_remount(struct super_block *sb, void *mnt_opts) 2755 2732 { 2733 + struct security_mnt_opts *opts = mnt_opts; 2756 2734 int i, *flags; 2757 2735 char **mount_options; 2758 2736 struct superblock_security_struct *sbsec = sb->s_security; 2759 2737 2760 2738 if (!(sbsec->flags & SE_SBINITIALIZED)) 2739 + return 0; 2740 + 2741 + if (!opts) 2761 2742 return 0; 2762 2743 2763 2744 mount_options = opts->mnt_opts; ··· 6807 6782 LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security), 6808 6783 LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security), 6809 6784 LSM_HOOK_INIT(sb_eat_lsm_opts, selinux_sb_eat_lsm_opts), 6785 + LSM_HOOK_INIT(sb_free_mnt_opts, selinux_free_mnt_opts), 6810 6786 LSM_HOOK_INIT(sb_remount, selinux_sb_remount), 6811 6787 LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount), 6812 6788 LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options), ··· 7077 7051 7078 7052 static void delayed_superblock_init(struct super_block *sb, void *unused) 7079 7053 { 7080 - struct security_mnt_opts opts; 7081 - 7082 - security_init_mnt_opts(&opts); 7083 - selinux_set_mnt_opts(sb, &opts, 0, NULL); 7084 - security_free_mnt_opts(&opts); 7054 + selinux_set_mnt_opts(sb, NULL, 0, NULL); 7085 7055 } 7086 7056 7087 7057 void selinux_complete_init(void)
+30 -8
security/smack/smack_lsm.c
··· 567 567 sb->s_security = NULL; 568 568 } 569 569 570 + static void smack_free_mnt_opts(void *mnt_opts) 571 + { 572 + struct security_mnt_opts *opts = mnt_opts; 573 + int i; 574 + 575 + if (opts->mnt_opts) 576 + for (i = 0; i < opts->num_mnt_opts; i++) 577 + kfree(opts->mnt_opts[i]); 578 + kfree(opts->mnt_opts); 579 + kfree(opts->mnt_opts_flags); 580 + kfree(opts); 581 + } 582 + 570 583 /** 571 584 * smack_sb_copy_data - copy mount options data for processing 572 585 * @orig: where to start ··· 637 624 * converts Smack specific mount options to generic security option format 638 625 */ 639 626 static int smack_parse_opts_str(char *options, 640 - struct security_mnt_opts *opts) 627 + void **mnt_opts) 641 628 { 629 + struct security_mnt_opts *opts = *mnt_opts; 642 630 char *p; 643 631 char *fsdefault = NULL; 644 632 char *fsfloor = NULL; ··· 650 636 int num_mnt_opts = 0; 651 637 int token; 652 638 653 - opts->num_mnt_opts = 0; 654 - 655 639 if (!options) 656 640 return 0; 641 + 642 + if (!opts) { 643 + opts = kzalloc(sizeof(struct security_mnt_opts), GFP_KERNEL); 644 + *mnt_opts = opts; 645 + if (!opts) 646 + return -ENOMEM; 647 + } 648 + opts->num_mnt_opts = 0; 657 649 658 650 while ((p = strsep(&options, ",")) != NULL) { 659 651 substring_t args[MAX_OPT_ARGS]; ··· 755 735 kfree(fshat); 756 736 kfree(fsroot); 757 737 kfree(fstransmute); 758 - security_free_mnt_opts(opts); 738 + security_free_mnt_opts(mnt_opts); 759 739 return rc; 760 740 } 761 741 762 - static int smack_sb_eat_lsm_opts(char *options, struct security_mnt_opts *opts) 742 + static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts) 763 743 { 764 744 char *s = (char *)get_zeroed_page(GFP_KERNEL); 765 745 int err; ··· 768 748 return -ENOMEM; 769 749 err = smack_sb_copy_data(options, s); 770 750 if (!err) 771 - err = smack_parse_opts_str(s, opts); 751 + err = smack_parse_opts_str(s, mnt_opts); 772 752 free_page((unsigned long)s); 773 753 return err; 774 754 } ··· 786 766 * labels. 787 767 */ 788 768 static int smack_set_mnt_opts(struct super_block *sb, 789 - struct security_mnt_opts *opts, 769 + void *mnt_opts, 790 770 unsigned long kern_flags, 791 771 unsigned long *set_kern_flags) 792 772 { ··· 796 776 struct inode_smack *isp; 797 777 struct smack_known *skp; 798 778 int i; 799 - int num_opts = opts->num_mnt_opts; 779 + struct security_mnt_opts *opts = mnt_opts; 780 + int num_opts = opts ? opts->num_mnt_opts : 0; 800 781 int transmute = 0; 801 782 802 783 if (sp->smk_flags & SMK_SB_INITIALIZED) ··· 4672 4651 4673 4652 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security), 4674 4653 LSM_HOOK_INIT(sb_free_security, smack_sb_free_security), 4654 + LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts), 4675 4655 LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts), 4676 4656 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs), 4677 4657 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),