summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOlga Kornievskaia <kolga@netapp.com>2021-02-19 17:22:33 -0500
committerPaul Moore <paul@paul-moore.com>2021-03-22 15:01:45 -0400
commitec1ade6a0448e3bfb07bb905aca1bc18836220c7 (patch)
tree306efdd474c9289e61e13483a35c5dc868c74232
parent8c6d76a3144154773339be5e29c8bf42586dc3d1 (diff)
downloadlwn-ec1ade6a0448e3bfb07bb905aca1bc18836220c7.tar.gz
lwn-ec1ade6a0448e3bfb07bb905aca1bc18836220c7.zip
nfs: account for selinux security context when deciding to share superblock
Keep track of whether or not there were LSM security context options passed during mount (ie creation of the superblock). Then, while deciding if the superblock can be shared for the new mount, check if the newly passed in LSM security context options are compatible with the existing superblock's ones by calling security_sb_mnt_opts_compat(). Previously, with selinux enabled, NFS wasn't able to do the following 2mounts: mount -o vers=4.2,sec=sys,context=system_u:object_r:root_t:s0 <serverip>:/ /mnt mount -o vers=4.2,sec=sys,context=system_u:object_r:swapfile_t:s0 <serverip>:/scratch /scratch 2nd mount would fail with "mount.nfs: an incorrect mount option was specified" and var log messages would have: "SElinux: mount invalid. Same superblock, different security settings for.." Signed-off-by: Olga Kornievskaia <kolga@netapp.com> [PM: tweak subject line] Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r--fs/nfs/fs_context.c3
-rw-r--r--fs/nfs/internal.h1
-rw-r--r--fs/nfs/super.c4
-rw-r--r--include/linux/nfs_fs_sb.h1
4 files changed, 9 insertions, 0 deletions
diff --git a/fs/nfs/fs_context.c b/fs/nfs/fs_context.c
index 971a9251c1d9..a06d213d7689 100644
--- a/fs/nfs/fs_context.c
+++ b/fs/nfs/fs_context.c
@@ -463,6 +463,9 @@ static int nfs_fs_context_parse_param(struct fs_context *fc,
if (opt < 0)
return ctx->sloppy ? 1 : opt;
+ if (fc->security)
+ ctx->has_sec_mnt_opts = 1;
+
switch (opt) {
case Opt_source:
if (fc->source)
diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h
index 25fb43b69e5a..c3f57b423611 100644
--- a/fs/nfs/internal.h
+++ b/fs/nfs/internal.h
@@ -96,6 +96,7 @@ struct nfs_fs_context {
char *fscache_uniq;
unsigned short protofamily;
unsigned short mountfamily;
+ bool has_sec_mnt_opts;
struct {
union {
diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index de83c61a6733..4aaa1f5dd381 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -1077,6 +1077,7 @@ static void nfs_fill_super(struct super_block *sb, struct nfs_fs_context *ctx)
&sb->s_blocksize_bits);
nfs_super_set_maxbytes(sb, server->maxfilesize);
+ server->has_sec_mnt_opts = ctx->has_sec_mnt_opts;
}
static int nfs_compare_mount_options(const struct super_block *s, const struct nfs_server *b,
@@ -1193,6 +1194,9 @@ static int nfs_compare_super(struct super_block *sb, struct fs_context *fc)
return 0;
if (!nfs_compare_userns(old, server))
return 0;
+ if ((old->has_sec_mnt_opts || fc->security) &&
+ security_sb_mnt_opts_compat(sb, fc->security))
+ return 0;
return nfs_compare_mount_options(sb, server, fc);
}
diff --git a/include/linux/nfs_fs_sb.h b/include/linux/nfs_fs_sb.h
index 6f76b32a0238..a28d71b45b5f 100644
--- a/include/linux/nfs_fs_sb.h
+++ b/include/linux/nfs_fs_sb.h
@@ -256,6 +256,7 @@ struct nfs_server {
/* User namespace info */
const struct cred *cred;
+ bool has_sec_mnt_opts;
};
/* Server capabilities */