From patchwork Thu May 25 21:07:53 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Scott Mayhew X-Patchwork-Id: 9749137 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 51321601E9 for ; Thu, 25 May 2017 21:08:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 439C1283BB for ; Thu, 25 May 2017 21:08:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 38846283CD; Thu, 25 May 2017 21:08:00 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DEC72283BB for ; Thu, 25 May 2017 21:07:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S936784AbdEYVH6 (ORCPT ); Thu, 25 May 2017 17:07:58 -0400 Received: from mx1.redhat.com ([209.132.183.28]:54785 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S938983AbdEYVH4 (ORCPT ); Thu, 25 May 2017 17:07:56 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C419B64D9E; Thu, 25 May 2017 21:07:55 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com C419B64D9E Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=smayhew@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com C419B64D9E Received: from coeurl.usersys.redhat.com (ovpn-121-173.rdu2.redhat.com [10.10.121.173]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4828217B5B; Thu, 25 May 2017 21:07:55 +0000 (UTC) Received: by coeurl.usersys.redhat.com (Postfix, from userid 1000) id D9F0220281; Thu, 25 May 2017 17:07:54 -0400 (EDT) From: Scott Mayhew To: selinux@tycho.nsa.gov, linux-nfs@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Trond Myklebust , "J . Bruce Fields" Subject: [PATCH RFC 1/2] selinux: allow SECURITY_LSM_NATIVE_LABELS to be set on an already initialized superblock Date: Thu, 25 May 2017 17:07:53 -0400 Message-Id: <20170525210754.24265-2-smayhew@redhat.com> In-Reply-To: <20170525210754.24265-1-smayhew@redhat.com> References: <20170404232646.GB24146@parsley.fieldses.org> <20170525210754.24265-1-smayhew@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Thu, 25 May 2017 21:07:56 +0000 (UTC) Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When an NFSv4 client performs a mount operation, it first mounts the NFSv4 root and then does path walk to the exported path and performs a submount on that, cloning the security mount options from the root's superblock to the submount's superblock in the process. Unless the NFS server has an explicit fsid=0 export with the "security_label" option, the NFSv4 root superblock will not have SBLABEL_MNT set, and neither will the submount superblock after cloning the security mount options. As a result, setxattr's of security labels over NFSv4.2 will fail. Allowing the NFSv4 client to override the SECURITY_LSM_NATIVE_LABELS flag on an initialized superblock will ensure that SBLABEL_MNT is set when the client traverses from an exported path without the "security_label" option to one with the "security_label" option. Signed-off-by: Scott Mayhew --- security/selinux/hooks.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e67a526..366ab86 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -730,7 +730,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, * will be used for both mounts) */ if ((sbsec->flags & SE_SBINITIALIZED) && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) - && (num_opts == 0)) + && (num_opts == 0) && !(kern_flags & SECURITY_LSM_NATIVE_LABELS)) goto out; root_isec = backing_inode_security_novalidate(root); @@ -797,7 +797,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, } } - if (sbsec->flags & SE_SBINITIALIZED) { + if (sbsec->flags & SE_SBINITIALIZED && !(kern_flags & SECURITY_LSM_NATIVE_LABELS)) { /* previously mounted with options, but not on this attempt? */ if ((sbsec->flags & SE_MNTMASK) && !num_opts) goto out_double_mount;