CHROMIUM: LSM: Deny mounting filesystems as exec in unprivileged userns

This change makes chromiumos_security_sb_mount() forbid mounting
filesystems without the MS_NOEXEC flag outside of the init namespace.

BUG=chromium:810235
TEST=Android can still boot
Signed-off-by: Luis Hector Chavez <lhchavez@chromium.org>

Change-Id: I40d22bdd637b1113bb53db7856bdd06331083cbd
Reviewed-on: https://chromium-review.googlesource.com/917210
Commit-Ready: Luis Hector Chavez <lhchavez@chromium.org>
Tested-by: Luis Hector Chavez <lhchavez@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
1 file changed