linux-next: manual merge of the selinux tree with Linus' tree

linux-next: manual merge of the selinux tree with Linus' tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 1269 bytes --]

Hi all,

Today's linux-next merge of the selinux tree got a conflict in:

  security/selinux/hooks.c

between commit:

  a20456aef80f ("selinux: fix typo in filesystem name")

from Linus' tree and commit:

  4ca54d3d3022 ("security: selinux: allow per-file labeling for bpffs")

from the selinux tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc security/selinux/hooks.c
index ae891d712800,44f6f4e20cba..000000000000
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@@ -698,7 -701,8 +701,8 @@@ static int selinux_set_mnt_opts(struct 
  
  	if (!strcmp(sb->s_type->name, "debugfs") ||
  	    !strcmp(sb->s_type->name, "tracefs") ||
 -	    !strcmp(sb->s_type->name, "binderfs") ||
 +	    !strcmp(sb->s_type->name, "binder") ||
+ 	    !strcmp(sb->s_type->name, "bpf") ||
  	    !strcmp(sb->s_type->name, "pstore"))
  		sbsec->flags |= SE_SBGENFS;
  

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: linux-next: manual merge of the selinux tree with Linus' tree

[Paul Moore]

On Wed, Feb 12, 2020 at 5:48 PM Stephen Rothwell <sfr@canb.auug.org.au> wrote:
> Hi all,
>
> Today's linux-next merge of the selinux tree got a conflict in:
>
>   security/selinux/hooks.c
>
> between commit:
>
>   a20456aef80f ("selinux: fix typo in filesystem name")
>
> from Linus' tree and commit:
>
>   4ca54d3d3022 ("security: selinux: allow per-file labeling for bpffs")
>
> from the selinux tree.
>
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.

Yes, I ran into the same problem this morning.  That is the correct
fix, thanks Stephen.

> diff --cc security/selinux/hooks.c
> index ae891d712800,44f6f4e20cba..000000000000
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@@ -698,7 -701,8 +701,8 @@@ static int selinux_set_mnt_opts(struct
>
>         if (!strcmp(sb->s_type->name, "debugfs") ||
>             !strcmp(sb->s_type->name, "tracefs") ||
>  -          !strcmp(sb->s_type->name, "binderfs") ||
>  +          !strcmp(sb->s_type->name, "binder") ||
> +           !strcmp(sb->s_type->name, "bpf") ||
>             !strcmp(sb->s_type->name, "pstore"))
>                 sbsec->flags |= SE_SBGENFS;
>

-- 
paul moore
www.paul-moore.com

linux-next: manual merge of the selinux tree with Linus' tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 815 bytes --]

Hi all,

Today's linux-next merge of the selinux tree got a conflict in:

  security/selinux/Makefile

between commit:

  42c4e97e06a8 ("selinux: don't use make's grouped targets feature yet")

from Linus' tree and commits:

  6f933aa7dfd0 ("selinux: more Makefile tweaks")
  ec4a491d180b ("selinux: fix Makefile for versions of make < v4.3")

from the selinux tree.

I fixed it up (I just used the latter version) and can carry the fix as
necessary. This is now fixed as far as linux-next is concerned, but any
non trivial conflicts should be mentioned to your upstream maintainer
when your tree is submitted for merging.  You may also want to consider
cooperating with the maintainer of the conflicting tree to minimise any
particularly complex conflicts.

-- 
Cheers,
Stephen Rothwell

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: linux-next: manual merge of the selinux tree with Linus' tree

[Paul Moore]

On Sun, Jun 4, 2023 at 8:52 PM Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Hi all,
>
> Today's linux-next merge of the selinux tree got a conflict in:
>
>   security/selinux/Makefile
>
> between commit:
>
>   42c4e97e06a8 ("selinux: don't use make's grouped targets feature yet")
>
> from Linus' tree and commits:
>
>   6f933aa7dfd0 ("selinux: more Makefile tweaks")
>   ec4a491d180b ("selinux: fix Makefile for versions of make < v4.3")
>
> from the selinux tree.
>
> I fixed it up (I just used the latter version) and can carry the fix as
> necessary. This is now fixed as far as linux-next is concerned, but any
> non trivial conflicts should be mentioned to your upstream maintainer
> when your tree is submitted for merging.  You may also want to consider
> cooperating with the maintainer of the conflicting tree to minimise any
> particularly complex conflicts.

Hi Stephen,

I had to do pretty much the same thing, and yes, simply taking the
code in the last patch is the right thing to do.

-- 
paul-moore.com

linux-next: manual merge of the selinux tree with Linus' tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 4703 bytes --]

Hi all,

Today's linux-next merge of the selinux tree got conflicts in:

  security/selinux/ss/services.c
  security/selinux/ss/sidtab.c
  security/selinux/ss/sidtab.h

between commit:

  abe3c631447d ("selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()")

from Linus' tree and commit:

  048be156491f ("selinux: remove the sidtab context conversion indirect calls")

from the selinux tree.

I fixed it up (see below) and applied the following merge fix patch
as well and can carry the fix as necessary. This is now fixed as far as
linux-next is concerned, but any non trivial conflicts should be mentioned
to your upstream maintainer when your tree is submitted for merging.
You may also want to consider cooperating with the maintainer of the
conflicting tree to minimise any particularly complex conflicts.

From: Stephen Rothwell <sfr@canb.auug.org.au>
Date: Thu, 10 Nov 2022 12:38:01 +1100
Subject: [PATCH] selinux: fix up for "selinux: enable use of both GFP_KERNEL
 and GFP_ATOMIC in convert_context()"

Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
---
 security/selinux/ss/services.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h
index 6348c95ff0e5..c4301626487f 100644
--- a/security/selinux/ss/services.h
+++ b/security/selinux/ss/services.h
@@ -41,6 +41,7 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd,
 				      struct avtab_node *node);
 
 int services_convert_context(struct convert_context_args *args,
-			     struct context *oldc, struct context *newc);
+			     struct context *oldc, struct context *newc,
+			     gfp_t gfp_flags);
 
 #endif	/* _SS_SERVICES_H_ */
-- 
2.35.1

-- 
Cheers,
Stephen Rothwell

diff --cc security/selinux/ss/services.c
index 64a6a37dc36d,e63c4f942fd6..9086c4ea0255
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@@ -2014,18 -2008,20 +2008,21 @@@ static inline int convert_context_handl
  	return 0;
  }
  
- /*
-  * Convert the values in the security context
-  * structure `oldc' from the values specified
-  * in the policy `p->oldp' to the values specified
-  * in the policy `p->newp', storing the new context
-  * in `newc'.  Verify that the context is valid
-  * under the new policy.
+ /**
+  * services_convert_context - Convert a security context across policies.
+  * @args: populated convert_context_args struct
+  * @oldc: original context
+  * @newc: converted context
+  *
+  * Convert the values in the security context structure @oldc from the values
+  * specified in the policy @args->oldp to the values specified in the policy
+  * @args->newp, storing the new context in @newc, and verifying that the
+  * context is valid under the new policy.
   */
- static int convert_context(struct context *oldc, struct context *newc, void *p,
- 			   gfp_t gfp_flags)
+ int services_convert_context(struct convert_context_args *args,
 -			     struct context *oldc, struct context *newc)
++			     struct context *oldc, struct context *newc,
++			     gfp_t gfp_flags)
  {
- 	struct convert_context_args *args;
  	struct ocontext *oc;
  	struct role_datum *role;
  	struct type_datum *typdatum;
@@@ -2034,10 -2030,8 +2031,8 @@@
  	u32 len;
  	int rc;
  
- 	args = p;
- 
  	if (oldc->str) {
 -		s = kstrdup(oldc->str, GFP_KERNEL);
 +		s = kstrdup(oldc->str, gfp_flags);
  		if (!s)
  			return -ENOMEM;
  
diff --cc security/selinux/ss/sidtab.c
index db5cce385bf8,1c3d2cda6b92..38d25173aebd
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@@ -324,8 -327,8 +327,9 @@@ int sidtab_context_to_sid(struct sidta
  			goto out_unlock;
  		}
  
- 		rc = convert->func(context, &dst_convert->context,
- 				   convert->args, GFP_ATOMIC);
+ 		rc = services_convert_context(convert->args,
 -					      context, &dst_convert->context);
++					      context, &dst_convert->context,
++					      GFP_ATOMIC);
  		if (rc) {
  			context_destroy(&dst->context);
  			goto out_unlock;
@@@ -402,9 -405,9 +406,10 @@@ static int sidtab_convert_tree(union si
  		}
  		i = 0;
  		while (i < SIDTAB_LEAF_ENTRIES && *pos < count) {
- 			rc = convert->func(&esrc->ptr_leaf->entries[i].context,
- 					   &edst->ptr_leaf->entries[i].context,
- 					   convert->args, GFP_KERNEL);
+ 			rc = services_convert_context(convert->args,
+ 					&esrc->ptr_leaf->entries[i].context,
 -					&edst->ptr_leaf->entries[i].context);
++					&edst->ptr_leaf->entries[i].context,
++					GFP_KERNEL);
  			if (rc)
  				return rc;
  			(*pos)++;

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: linux-next: manual merge of the selinux tree with Linus' tree

[Paul Moore]

On Wed, Nov 9, 2022 at 8:44 PM Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Hi all,
>
> Today's linux-next merge of the selinux tree got conflicts in:
>
>   security/selinux/ss/services.c
>   security/selinux/ss/sidtab.c
>   security/selinux/ss/sidtab.h
>
> between commit:
>
>   abe3c631447d ("selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()")
>
> from Linus' tree and commit:
>
>   048be156491f ("selinux: remove the sidtab context conversion indirect calls")
>
> from the selinux tree.
>
> I fixed it up (see below) and applied the following merge fix patch
> as well and can carry the fix as necessary. This is now fixed as far as
> linux-next is concerned, but any non trivial conflicts should be mentioned
> to your upstream maintainer when your tree is submitted for merging.
> You may also want to consider cooperating with the maintainer of the
> conflicting tree to minimise any particularly complex conflicts.

I had to make a similar patch for my own testing.  Thanks Stephen.

Out of curiosity, is there an established procedure for notifying
linux-next about such conflicts?  I'm happy to let Stephen find it on
his own and handle the merge for linux-next, but it seems like there
is some duplicated work here ...

-- 
paul-moore.com

linux-next: manual merge of the selinux tree with Linus' tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 1089 bytes --]

Hi all,

Today's linux-next merge of the selinux tree got a conflict in:

  fs/io-wq.c

between commit:

  dd47c104533d ("io-wq: provide IO_WQ_* constants for IORING_REGISTER_IOWQ_MAX_WORKERS arg items")

from Linus' tree and commit:

  5bd2182d58e9 ("audit,io_uring,io-wq: add some basic audit support to io_uring")

from the selinux tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc fs/io-wq.c
index b5fd015268d7,dac5c5961c9d..000000000000
--- a/fs/io-wq.c
+++ b/fs/io-wq.c
@@@ -14,7 -14,7 +14,8 @@@
  #include <linux/rculist_nulls.h>
  #include <linux/cpu.h>
  #include <linux/tracehook.h>
+ #include <linux/audit.h>
 +#include <uapi/linux/io_uring.h>
  
  #include "io-wq.h"
  

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: linux-next: manual merge of the selinux tree with Linus' tree

[Paul Moore]

On Mon, Sep 20, 2021 at 9:17 PM Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Hi all,
>
> Today's linux-next merge of the selinux tree got a conflict in:
>
>   fs/io-wq.c
>
> between commit:
>
>   dd47c104533d ("io-wq: provide IO_WQ_* constants for IORING_REGISTER_IOWQ_MAX_WORKERS arg items")
>
> from Linus' tree and commit:
>
>   5bd2182d58e9 ("audit,io_uring,io-wq: add some basic audit support to io_uring")
>
> from the selinux tree.

Thanks Stephen.

I noticed the same thing while doing some additional testing yesterday
and applied a very similar patch to my testing kernel.  I'll be sure
to mention this to Linus when I send this up during the next merge
window.

-- 
paul moore
www.paul-moore.com

linux-next: manual merge of the selinux tree with Linus' tree

[Stephen Rothwell]

Hi Paul,

Today's linux-next merge of the selinux tree got a conflict in:

  include/rdma/ib_verbs.h

between commit:

  2fc775726491 ("IB/opa-vnic: RDMA NETDEV interface")

from Linus' tree and commit:

  89b54b4d09bd ("IB/core: Enforce PKey security on QPs")

from the selinux tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc include/rdma/ib_verbs.h
index ba8314ec5768,c9e903fc824b..000000000000
--- a/include/rdma/ib_verbs.h
+++ b/include/rdma/ib_verbs.h
@@@ -1890,7 -1878,10 +1930,8 @@@ enum ib_mad_result 
  	IB_MAD_RESULT_CONSUMED = 1 << 2  /* Packet consumed: stop processing */
  };
  
 -#define IB_DEVICE_NAME_MAX 64
 -
  struct ib_port_cache {
+ 	u64		      subnet_prefix;
  	struct ib_pkey_cache  *pkey;
  	struct ib_gid_table   *gid;
  	u8                     lmc;
@@@ -1912,34 -1903,12 +1953,40 @@@ struct ib_port_immutable 
  	u32                           max_mad_size;
  };
  
 +/* rdma netdev type - specifies protocol type */
 +enum rdma_netdev_t {
 +	RDMA_NETDEV_OPA_VNIC,
 +	RDMA_NETDEV_IPOIB,
 +};
 +
 +/**
 + * struct rdma_netdev - rdma netdev
 + * For cases where netstack interfacing is required.
 + */
 +struct rdma_netdev {
 +	void              *clnt_priv;
 +	struct ib_device  *hca;
 +	u8                 port_num;
 +
 +	/* control functions */
 +	void (*set_id)(struct net_device *netdev, int id);
 +	/* send packet */
 +	int (*send)(struct net_device *dev, struct sk_buff *skb,
 +		    struct ib_ah *address, u32 dqpn);
 +	/* multicast */
 +	int (*attach_mcast)(struct net_device *dev, struct ib_device *hca,
 +			    union ib_gid *gid, u16 mlid,
 +			    int set_qkey, u32 qkey);
 +	int (*detach_mcast)(struct net_device *dev, struct ib_device *hca,
 +			    union ib_gid *gid, u16 mlid);
 +};
 +
+ struct ib_port_pkey_list {
+ 	/* Lock to hold while modifying the list. */
+ 	spinlock_t		      list_lock;
+ 	struct list_head	      pkey_list;
+ };
+ 
  struct ib_device {
  	/* Do not access @dma_device directly from ULP nor from HW drivers. */
  	struct device                *dma_device;

Re: linux-next: manual merge of the selinux tree with Linus' tree

[Paul Moore]

On Sun, May 21, 2017 at 10:38 PM, Stephen Rothwell <sfr@canb.auug.org.au> wrote:
> Hi Paul,
>
> Today's linux-next merge of the selinux tree got a conflict in:
>
>   include/rdma/ib_verbs.h
>
> between commit:
>
>   2fc775726491 ("IB/opa-vnic: RDMA NETDEV interface")
>
> from Linus' tree and commit:
>
>   89b54b4d09bd ("IB/core: Enforce PKey security on QPs")
>
> from the selinux tree.
>
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.

Thanks Stephen.

Daniel and Doug, does Stephen's patch look right to you?

> diff --cc include/rdma/ib_verbs.h
> index ba8314ec5768,c9e903fc824b..000000000000
> --- a/include/rdma/ib_verbs.h
> +++ b/include/rdma/ib_verbs.h
> @@@ -1890,7 -1878,10 +1930,8 @@@ enum ib_mad_result
>         IB_MAD_RESULT_CONSUMED = 1 << 2  /* Packet consumed: stop processing */
>   };
>
>  -#define IB_DEVICE_NAME_MAX 64
>  -
>   struct ib_port_cache {
> +       u64                   subnet_prefix;
>         struct ib_pkey_cache  *pkey;
>         struct ib_gid_table   *gid;
>         u8                     lmc;
> @@@ -1912,34 -1903,12 +1953,40 @@@ struct ib_port_immutable
>         u32                           max_mad_size;
>   };
>
>  +/* rdma netdev type - specifies protocol type */
>  +enum rdma_netdev_t {
>  +      RDMA_NETDEV_OPA_VNIC,
>  +      RDMA_NETDEV_IPOIB,
>  +};
>  +
>  +/**
>  + * struct rdma_netdev - rdma netdev
>  + * For cases where netstack interfacing is required.
>  + */
>  +struct rdma_netdev {
>  +      void              *clnt_priv;
>  +      struct ib_device  *hca;
>  +      u8                 port_num;
>  +
>  +      /* control functions */
>  +      void (*set_id)(struct net_device *netdev, int id);
>  +      /* send packet */
>  +      int (*send)(struct net_device *dev, struct sk_buff *skb,
>  +                  struct ib_ah *address, u32 dqpn);
>  +      /* multicast */
>  +      int (*attach_mcast)(struct net_device *dev, struct ib_device *hca,
>  +                          union ib_gid *gid, u16 mlid,
>  +                          int set_qkey, u32 qkey);
>  +      int (*detach_mcast)(struct net_device *dev, struct ib_device *hca,
>  +                          union ib_gid *gid, u16 mlid);
>  +};
>  +
> + struct ib_port_pkey_list {
> +       /* Lock to hold while modifying the list. */
> +       spinlock_t                    list_lock;
> +       struct list_head              pkey_list;
> + };
> +
>   struct ib_device {
>         /* Do not access @dma_device directly from ULP nor from HW drivers. */
>         struct device                *dma_device;



-- 
paul moore
www.paul-moore.com

Re: linux-next: manual merge of the selinux tree with Linus' tree

[Daniel Jurgens]

On 5/22/2017 4:08 PM, Paul Moore wrote:
> On Sun, May 21, 2017 at 10:38 PM, Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>> Hi Paul,
>>
>> Today's linux-next merge of the selinux tree got a conflict in:
>>
>>   include/rdma/ib_verbs.h
>>
>> between commit:
>>
>>   2fc775726491 ("IB/opa-vnic: RDMA NETDEV interface")
>>
>> from Linus' tree and commit:
>>
>>   89b54b4d09bd ("IB/core: Enforce PKey security on QPs")
>>
>> from the selinux tree.
>>
>> I fixed it up (see below) and can carry the fix as necessary. This
>> is now fixed as far as linux-next is concerned, but any non trivial
>> conflicts should be mentioned to your upstream maintainer when your tree
>> is submitted for merging.  You may also want to consider cooperating
>> with the maintainer of the conflicting tree to minimise any particularly
>> complex conflicts.
> Thanks Stephen.
>
> Daniel and Doug, does Stephen's patch look right to you?

Looks good to me.

>
>> diff --cc include/rdma/ib_verbs.h
>> index ba8314ec5768,c9e903fc824b..000000000000
>> --- a/include/rdma/ib_verbs.h
>> +++ b/include/rdma/ib_verbs.h
>> @@@ -1890,7 -1878,10 +1930,8 @@@ enum ib_mad_result
>>         IB_MAD_RESULT_CONSUMED = 1 << 2  /* Packet consumed: stop processing */
>>   };
>>
>>  -#define IB_DEVICE_NAME_MAX 64
>>  -
>>   struct ib_port_cache {
>> +       u64                   subnet_prefix;
>>         struct ib_pkey_cache  *pkey;
>>         struct ib_gid_table   *gid;
>>         u8                     lmc;
>> @@@ -1912,34 -1903,12 +1953,40 @@@ struct ib_port_immutable
>>         u32                           max_mad_size;
>>   };
>>
>>  +/* rdma netdev type - specifies protocol type */
>>  +enum rdma_netdev_t {
>>  +      RDMA_NETDEV_OPA_VNIC,
>>  +      RDMA_NETDEV_IPOIB,
>>  +};
>>  +
>>  +/**
>>  + * struct rdma_netdev - rdma netdev
>>  + * For cases where netstack interfacing is required.
>>  + */
>>  +struct rdma_netdev {
>>  +      void              *clnt_priv;
>>  +      struct ib_device  *hca;
>>  +      u8                 port_num;
>>  +
>>  +      /* control functions */
>>  +      void (*set_id)(struct net_device *netdev, int id);
>>  +      /* send packet */
>>  +      int (*send)(struct net_device *dev, struct sk_buff *skb,
>>  +                  struct ib_ah *address, u32 dqpn);
>>  +      /* multicast */
>>  +      int (*attach_mcast)(struct net_device *dev, struct ib_device *hca,
>>  +                          union ib_gid *gid, u16 mlid,
>>  +                          int set_qkey, u32 qkey);
>>  +      int (*detach_mcast)(struct net_device *dev, struct ib_device *hca,
>>  +                          union ib_gid *gid, u16 mlid);
>>  +};
>>  +
>> + struct ib_port_pkey_list {
>> +       /* Lock to hold while modifying the list. */
>> +       spinlock_t                    list_lock;
>> +       struct list_head              pkey_list;
>> + };
>> +
>>   struct ib_device {
>>         /* Do not access @dma_device directly from ULP nor from HW drivers. */
>>         struct device                *dma_device;
>
>

linux-next: manual merge of the selinux tree with Linus' tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 2326 bytes --]

Hi Eric,

Today's linux-next merge of the selinux tree got a conflict in
security/selinux/hooks.c between commit eb9ae686507b ("SELinux: Add new
labeling type native labels") from Linus' tree and commits 40d3d0b85fa2
("SELinux: remove crazy contortions around proc") and a64c54cf0811
("SELinux: pass a superblock to security_fs_use") from the selinux tree.

I fixed it up (see below) and can carry the fix as necessary (no action
is required).

P.S. Unusually, that commit from Linus' tree has no Signed-off-by from
its purported author (David Quigley).
-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
diff --cc security/selinux/hooks.c
index a5091ec,4fbf2c5..0000000
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@@ -680,21 -702,14 +712,19 @@@ static int selinux_set_mnt_opts(struct 
  	if (strcmp(sb->s_type->name, "proc") == 0)
  		sbsec->flags |= SE_SBPROC;
  
 -	/* Determine the labeling behavior to use for this filesystem type. */
 -	rc = security_fs_use(sb);
 -	if (rc) {
 -		printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
 -		       __func__, sb->s_type->name, rc);
 -		goto out;
 +	if (!sbsec->behavior) {
 +		/*
 +		 * Determine the labeling behavior to use for this
 +		 * filesystem type.
 +		 */
- 		rc = security_fs_use((sbsec->flags & SE_SBPROC) ?
- 					"proc" : sb->s_type->name,
- 					&sbsec->behavior, &sbsec->sid);
++		rc = security_fs_use(sb);
 +		if (rc) {
 +			printk(KERN_WARNING
 +				"%s: security_fs_use(%s) returned %d\n",
 +					__func__, sb->s_type->name, rc);
 +			goto out;
 +		}
  	}
 -
  	/* sets the context of the superblock for the fs being mounted. */
  	if (fscontext_sid) {
  		rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
@@@ -2629,11 -2589,15 +2659,11 @@@ static int selinux_inode_init_security(
  		isec->initialized = 1;
  	}
  
- 	if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP))
+ 	if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))
  		return -EOPNOTSUPP;
  
 -	if (name) {
 -		namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
 -		if (!namep)
 -			return -ENOMEM;
 -		*name = namep;
 -	}
 +	if (name)
 +		*name = XATTR_SELINUX_SUFFIX;
  
  	if (value && len) {
  		rc = security_sid_to_context_force(newsid, &context, &clen);

[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]

Re: linux-next: manual merge of the selinux tree with Linus' tree

[David Quigley]

I guess my signed off got stripped somewhere. Originally I maintained those commits but Steve Dickson from red hat picked them up and they then made it into trond's tree and then into Linus'.

I unfortunately don't have my davequigley.com identities on my iPhone but you can add a sign off by dpquigl@davequigley.com for the commit.

Sent from my iPhone

On Jul 25, 2013, at 8:48 PM, Stephen Rothwell <sfr@canb.auug.org.au> wrote:

> Hi Eric,
> 
> Today's linux-next merge of the selinux tree got a conflict in
> security/selinux/hooks.c between commit eb9ae686507b ("SELinux: Add new
> labeling type native labels") from Linus' tree and commits 40d3d0b85fa2
> ("SELinux: remove crazy contortions around proc") and a64c54cf0811
> ("SELinux: pass a superblock to security_fs_use") from the selinux tree.
> 
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).
> 
> P.S. Unusually, that commit from Linus' tree has no Signed-off-by from
> its purported author (David Quigley).
> -- 
> Cheers,
> Stephen Rothwell                    sfr@canb.auug.org.au
> diff --cc security/selinux/hooks.c
> index a5091ec,4fbf2c5..0000000
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@@ -680,21 -702,14 +712,19 @@@ static int selinux_set_mnt_opts(struct 
>      if (strcmp(sb->s_type->name, "proc") == 0)
>          sbsec->flags |= SE_SBPROC;
> 
> -    /* Determine the labeling behavior to use for this filesystem type. */
> -    rc = security_fs_use(sb);
> -    if (rc) {
> -        printk(KERN_WARNING "%s: security_fs_use(%s) returned %d\n",
> -               __func__, sb->s_type->name, rc);
> -        goto out;
> +    if (!sbsec->behavior) {
> +        /*
> +         * Determine the labeling behavior to use for this
> +         * filesystem type.
> +         */
> -        rc = security_fs_use((sbsec->flags & SE_SBPROC) ?
> -                    "proc" : sb->s_type->name,
> -                    &sbsec->behavior, &sbsec->sid);
> ++        rc = security_fs_use(sb);
> +        if (rc) {
> +            printk(KERN_WARNING
> +                "%s: security_fs_use(%s) returned %d\n",
> +                    __func__, sb->s_type->name, rc);
> +            goto out;
> +        }
>      }
> -
>      /* sets the context of the superblock for the fs being mounted. */
>      if (fscontext_sid) {
>          rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
> @@@ -2629,11 -2589,15 +2659,11 @@@ static int selinux_inode_init_security(
>          isec->initialized = 1;
>      }
> 
> -    if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP))
> +    if (!ss_initialized || !(sbsec->flags & SBLABEL_MNT))
>          return -EOPNOTSUPP;
> 
> -    if (name) {
> -        namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
> -        if (!namep)
> -            return -ENOMEM;
> -        *name = namep;
> -    }
> +    if (name)
> +        *name = XATTR_SELINUX_SUFFIX;
> 
>      if (value && len) {
>          rc = security_sid_to_context_force(newsid, &context, &clen);

Re: linux-next: manual merge of the selinux tree with Linus' tree

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 650 bytes --]

Hi David,

On Thu, 25 Jul 2013 21:22:48 -0700 David Quigley <merlin@countercultured.net> wrote:
>
> I guess my signed off got stripped somewhere. Originally I maintained those commits but Steve Dickson from red hat picked them up and they then made it into trond's tree and then into Linus'.
> 
> I unfortunately don't have my davequigley.com identities on my iPhone
> but you can add a sign off by dpquigl@davequigley.com for the commit.

Noone can, it is set in stone in Linus' tree, now.  My comment was just a
heads up that something went wrong in the process.

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au

[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]