From: Ondrej Mosnacek <omosnace@redhat.com>
To: linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org,
linux-btrfs@vger.kernel.org, Paul Moore <paul@paul-moore.com>,
Olga Kornievskaia <aglo@umich.edu>,
Al Viro <viro@zeniv.linux.org.uk>,
David Howells <dhowells@redhat.com>,
Stephen Smalley <stephen.smalley.work@gmail.com>
Subject: [PATCH 0/2] vfs/security/NFS/btrfs: clean up and fix LSM option handling
Date: Fri, 9 Apr 2021 13:12:52 +0200 [thread overview]
Message-ID: <20210409111254.271800-1-omosnace@redhat.com> (raw)
This series attempts to clean up part of the mess that has grown around
the LSM mount option handling across different subsystems.
The original motivation was to fix a NFS+SELinux bug that I found while
trying to get the NFS part of the selinux-testsuite [1] to work, which
is fixed by patch 2.
The first patch paves the way for the second one by eliminating the
special case workaround in selinux_set_mnt_opts(), while also
simplifying BTRFS's LSM mount option handling.
I tested the patches by running the NFS part of the SELinux testsuite
(which is now fully passing). I also added the pending patch for
broken BTRFS LSM options support with fsconfig(2) [2] and ran the
proposed BTRFS SELinux tests for selinux-testsuite [3] (still passing
with all patches).
[1] https://github.com/SELinuxProject/selinux-testsuite/
[2] https://lore.kernel.org/selinux/20210401065403.GA1363493@infradead.org/T/
[3] https://lore.kernel.org/selinux/20201103110121.53919-2-richard_c_haines@btinternet.com/
^^ the original patch no longer applies - a rebased version is here:
https://github.com/WOnder93/selinux-testsuite/commit/212e76b5bd0775c7507c1996bd172de3bcbff139.patch
Ondrej Mosnacek (2):
vfs,LSM: introduce the FS_HANDLES_LSM_OPTS flag
selinux: fix SECURITY_LSM_NATIVE_LABELS flag handling on double mount
fs/btrfs/super.c | 35 ++++++-----------------------------
fs/nfs/fs_context.c | 6 ++++--
fs/super.c | 10 ++++++----
include/linux/fs.h | 3 ++-
security/selinux/hooks.c | 32 +++++++++++++++++---------------
5 files changed, 35 insertions(+), 51 deletions(-)
--
2.30.2
next reply other threads:[~2021-04-09 11:13 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-09 11:12 Ondrej Mosnacek [this message]
2021-04-09 11:12 ` [PATCH 1/2] vfs,LSM: introduce the FS_HANDLES_LSM_OPTS flag Ondrej Mosnacek
2021-04-09 11:12 ` [PATCH 2/2] selinux: fix SECURITY_LSM_NATIVE_LABELS flag handling on double mount Ondrej Mosnacek
2021-04-09 12:27 ` [PATCH 0/2] vfs/security/NFS/btrfs: clean up and fix LSM option handling Al Viro
2021-04-09 17:39 ` Ondrej Mosnacek
2021-05-17 13:46 ` Ondrej Mosnacek
2021-04-09 17:00 ` Casey Schaufler
2021-04-09 17:43 ` Ondrej Mosnacek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210409111254.271800-1-omosnace@redhat.com \
--to=omosnace@redhat.com \
--cc=aglo@umich.edu \
--cc=dhowells@redhat.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.