mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/security
History
David Howells 71512d0d79 vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing 
[ Upstream commit d80a8f1b58 ]

When NFS superblocks are created by automounting, their LSM parameters
aren't set in the fs_context struct prior to sget_fc() being called,
leading to failure to match existing superblocks.

This bug leads to messages like the following appearing in dmesg when
fscache is enabled:

    NFS: Cache volume key already in use (nfs,4.2,2,108,106a8c0,1,,,,100000,100000,2ee,3a98,1d4c,3a98,1)

Fix this by adding a new LSM hook to load fc->security for submount
creation.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Link: https://lore.kernel.org/r/165962680944.3334508.6610023900349142034.stgit@warthog.procyon.org.uk/ # v1
Link: https://lore.kernel.org/r/165962729225.3357250.14350728846471527137.stgit@warthog.procyon.org.uk/ # v2
Link: https://lore.kernel.org/r/165970659095.2812394.6868894171102318796.stgit@warthog.procyon.org.uk/ # v3
Link: https://lore.kernel.org/r/166133579016.3678898.6283195019480567275.stgit@warthog.procyon.org.uk/ # v4
Link: https://lore.kernel.org/r/217595.1662033775@warthog.procyon.org.uk/ # v5
Fixes: 9bc61ab18b ("vfs: Introduce fs_context, switch vfs_kern_mount() to it.")
Fixes: 779df6a548 ("NFS: Ensure security label is set for root inode")
Tested-by: Jeff Layton <jlayton@kernel.org>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: "Christian Brauner (Microsoft)" <brauner@kernel.org>
Acked-by: Paul Moore <paul@paul-moore.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Message-Id: <20230808-master-v9-1-e0ecde888221@kernel.org>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-09-13 09:47:57 +02:00
..
apparmor apparmor: fix profile verification and enable it 2023-07-19 16:36:49 +02:00
bpf selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
integrity security/integrity: fix pointer to ESL data and its size on pseries 2023-07-23 13:53:34 +02:00
keys security: keys: perform capable check only on privileged operations 2023-09-13 09:47:53 +02:00
landlock selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
loadpin sysctl-6.4-rc1 2023-04-27 16:52:33 -07:00
lockdown selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
safesetid LSM: SafeSetID: Add setgroups() security policy handling 2022-07-15 18:24:42 +00:00
selinux vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing 2023-09-13 09:47:57 +02:00
smack vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing 2023-09-13 09:47:57 +02:00
tomoyo One cleanup patch from Vlastimil Babka. 2023-04-24 11:33:07 -07:00
yama sysctl-6.4-rc1 2023-04-27 16:52:33 -07:00
Kconfig Commit volume in documentation is relatively low this time, but there is 2023-04-24 12:35:49 -07:00
Kconfig.hardening randstruct: disable Clang 15 support 2023-02-08 15:26:58 -08:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
commoncap.c selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
device_cgroup.c device_cgroup: Fix typo in devcgroup_css_alloc description 2023-03-08 17:06:06 -05:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
lsm_audit.c af_unix: preserve const qualifier in unix_sk() 2023-03-18 12:23:33 +00:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing 2023-09-13 09:47:57 +02:00