CHROMIUM: LSM: Deny mounting filesystems as exec in unprivileged userns

This change makes chromiumos_security_sb_mount() forbid mounting
filesystems without the MS_NOEXEC flag outside of the init namespace.

TEST=Android can still boot
Signed-off-by: Luis Hector Chavez <>

Change-Id: I40d22bdd637b1113bb53db7856bdd06331083cbd
Commit-Ready: Luis Hector Chavez <>
Tested-by: Luis Hector Chavez <>
Reviewed-by: Mike Frysinger <>
1 file changed