diff options
| author | Olga Kornievskaia <kolga@netapp.com> | 2021-02-19 17:22:33 -0500 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2021-03-22 15:01:45 -0400 |
| commit | ec1ade6a0448e3bfb07bb905aca1bc18836220c7 (patch) | |
| tree | 306efdd474c9289e61e13483a35c5dc868c74232 /security | |
| parent | 8c6d76a3144154773339be5e29c8bf42586dc3d1 (diff) | |
| download | linux-stable-ec1ade6a0448e3bfb07bb905aca1bc18836220c7.tar.gz linux-stable-ec1ade6a0448e3bfb07bb905aca1bc18836220c7.tar.bz2 linux-stable-ec1ade6a0448e3bfb07bb905aca1bc18836220c7.zip | |
nfs: account for selinux security context when deciding to share superblock
Keep track of whether or not there were LSM security context
options passed during mount (ie creation of the superblock).
Then, while deciding if the superblock can be shared for the new
mount, check if the newly passed in LSM security context options
are compatible with the existing superblock's ones by calling
security_sb_mnt_opts_compat().
Previously, with selinux enabled, NFS wasn't able to do the
following 2mounts:
mount -o vers=4.2,sec=sys,context=system_u:object_r:root_t:s0
<serverip>:/ /mnt
mount -o vers=4.2,sec=sys,context=system_u:object_r:swapfile_t:s0
<serverip>:/scratch /scratch
2nd mount would fail with "mount.nfs: an incorrect mount option was
specified" and var log messages would have:
"SElinux: mount invalid. Same superblock, different security
settings for.."
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
[PM: tweak subject line]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions