[PATCH 0/2] vfs/security/NFS/btrfs: clean up and fix LSM option handling
Ondrej Mosnacek
omosnace at redhat.com
Fri Apr 9 11:12:52 UTC 2021
This series attempts to clean up part of the mess that has grown around
the LSM mount option handling across different subsystems.
The original motivation was to fix a NFS+SELinux bug that I found while
trying to get the NFS part of the selinux-testsuite [1] to work, which
is fixed by patch 2.
The first patch paves the way for the second one by eliminating the
special case workaround in selinux_set_mnt_opts(), while also
simplifying BTRFS's LSM mount option handling.
I tested the patches by running the NFS part of the SELinux testsuite
(which is now fully passing). I also added the pending patch for
broken BTRFS LSM options support with fsconfig(2) [2] and ran the
proposed BTRFS SELinux tests for selinux-testsuite [3] (still passing
with all patches).
[1] https://github.com/SELinuxProject/selinux-testsuite/
[2] https://lore.kernel.org/selinux/20210401065403.GA1363493@infradead.org/T/
[3] https://lore.kernel.org/selinux/20201103110121.53919-2-richard_c_haines@btinternet.com/
^^ the original patch no longer applies - a rebased version is here:
https://github.com/WOnder93/selinux-testsuite/commit/212e76b5bd0775c7507c1996bd172de3bcbff139.patch
Ondrej Mosnacek (2):
vfs,LSM: introduce the FS_HANDLES_LSM_OPTS flag
selinux: fix SECURITY_LSM_NATIVE_LABELS flag handling on double mount
fs/btrfs/super.c | 35 ++++++-----------------------------
fs/nfs/fs_context.c | 6 ++++--
fs/super.c | 10 ++++++----
include/linux/fs.h | 3 ++-
security/selinux/hooks.c | 32 +++++++++++++++++---------------
5 files changed, 35 insertions(+), 51 deletions(-)
--
2.30.2
More information about the Linux-security-module-archive
mailing list