Commit 02e768c9 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'selinux-pr-20230914' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux fix from Paul Moore:
 "A relatively small SELinux patch to fix an issue with a
  vfs/LSM/SELinux patch that went upstream during the recent merge
  window.

  The short version is that the original patch changed how we
  initialized mount options to resolve a NFS issue and we inadvertently
  broke a use case due to the changed behavior.

  The fix restores this behavior for the cases that require it while
  keeping the original NFS fix in place"

* tag 'selinux-pr-20230914' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: fix handling of empty opts in selinux_fs_context_submount()
parents 82210979 ccf1dab9
...@@ -2775,14 +2775,20 @@ static int selinux_umount(struct vfsmount *mnt, int flags) ...@@ -2775,14 +2775,20 @@ static int selinux_umount(struct vfsmount *mnt, int flags)
static int selinux_fs_context_submount(struct fs_context *fc, static int selinux_fs_context_submount(struct fs_context *fc,
struct super_block *reference) struct super_block *reference)
{ {
const struct superblock_security_struct *sbsec; const struct superblock_security_struct *sbsec = selinux_superblock(reference);
struct selinux_mnt_opts *opts; struct selinux_mnt_opts *opts;
/*
* Ensure that fc->security remains NULL when no options are set
* as expected by selinux_set_mnt_opts().
*/
if (!(sbsec->flags & (FSCONTEXT_MNT|CONTEXT_MNT|DEFCONTEXT_MNT)))
return 0;
opts = kzalloc(sizeof(*opts), GFP_KERNEL); opts = kzalloc(sizeof(*opts), GFP_KERNEL);
if (!opts) if (!opts)
return -ENOMEM; return -ENOMEM;
sbsec = selinux_superblock(reference);
if (sbsec->flags & FSCONTEXT_MNT) if (sbsec->flags & FSCONTEXT_MNT)
opts->fscontext_sid = sbsec->sid; opts->fscontext_sid = sbsec->sid;
if (sbsec->flags & CONTEXT_MNT) if (sbsec->flags & CONTEXT_MNT)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment