From: Paul Moore <paul@paul-moore.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
Eric Paris <eparis@parisplace.org>,
selinux@vger.kernel.org, Scott Mayhew <smayhew@redhat.com>
Subject: Re: [PATCH] security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock
Date: Mon, 11 Mar 2019 16:12:42 -0400 [thread overview]
Message-ID: <CAHC9VhSg4WWw9EdTYoOAZcd=TCaPQd2yyRqxcpX9Z+gKGriQhg@mail.gmail.com> (raw)
In-Reply-To: <20190305211758.GA27437@fieldses.org>
On Tue, Mar 5, 2019 at 4:18 PM J. Bruce Fields <bfields@fieldses.org> wrote:
> From: "J. Bruce Fields" <bfields@redhat.com>
>
> In the case when we're reusing a superblock, selinux_sb_clone_mnt_opts()
> fails to set set_kern_flags, with the result that
> nfs_clone_sb_security() incorrectly clears NFS_CAP_SECURITY_LABEL.
>
> The result is that if you mount the same NFS filesystem twice, NFS
> security labels are turned off, even if they would work fine if you
> mounted the filesystem only once.
>
> ("fixes" may be not exactly the right tag, it may be more like
> "fixed-other-cases-but-missed-this-one".)
>
> Cc: Scott Mayhew <smayhew@redhat.com>
> Cc: stable@vger.kernel.org
> Fixes: 0b4d3452b8b4 "security/selinux: allow security_sb_clone_mnt_opts..."
> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
> ---
> security/selinux/hooks.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
Thanks for the fix. I just merged this into selinux/stable-5.1 and
I'll send this up to Linus tomorrow.
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index f0e36c3492ba..5e9304567233 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -959,8 +959,11 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
> BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
>
> /* if fs is reusing a sb, make sure that the contexts match */
> - if (newsbsec->flags & SE_SBINITIALIZED)
> + if (newsbsec->flags & SE_SBINITIALIZED) {
> + if ((kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context)
> + *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
> return selinux_cmp_sb_context(oldsb, newsb);
> + }
>
> mutex_lock(&newsbsec->lock);
>
> --
> 2.20.1
--
paul moore
www.paul-moore.com
prev parent reply other threads:[~2019-03-11 20:13 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-05 21:17 [PATCH] security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock J. Bruce Fields
2019-03-05 21:25 ` J. Bruce Fields
2019-03-06 14:34 ` Stephen Smalley
2019-03-06 15:34 ` J. Bruce Fields
2019-03-06 16:49 ` Stephen Smalley
2019-03-06 17:25 ` J. Bruce Fields
2019-03-06 17:28 ` Stephen Smalley
2019-03-11 20:12 ` Paul Moore [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHC9VhSg4WWw9EdTYoOAZcd=TCaPQd2yyRqxcpX9Z+gKGriQhg@mail.gmail.com' \
--to=paul@paul-moore.com \
--cc=bfields@fieldses.org \
--cc=eparis@parisplace.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
--cc=smayhew@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).