acrn-kernel/security/selinux
Ondrej Mosnacek 978b86fbdb selinux: fix handling of empty opts in selinux_fs_context_submount()
commit ccf1dab96b upstream.

selinux_set_mnt_opts() relies on the fact that the mount options pointer
is always NULL when all options are unset (specifically in its
!selinux_initialized() branch. However, the new
selinux_fs_context_submount() hook breaks this rule by allocating a new
structure even if no options are set. That causes any submount created
before a SELinux policy is loaded to be rejected in
selinux_set_mnt_opts().

Fix this by making selinux_fs_context_submount() leave fc->security
set to NULL when there are no options to be copied from the reference
superblock.

Cc: <stable@vger.kernel.org>
Reported-by: Adam Williamson <awilliam@redhat.com>
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2236345
Fixes: d80a8f1b58 ("vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-09-23 11:11:11 +02:00
..
include lsm/stable-6.1 PR 20221003 2022-10-03 17:51:52 -07:00
ss selinux: set next pointer before attaching to list 2023-08-30 16:11:07 +02:00
.gitignore
Kconfig
Makefile selinux: don't use make's grouped targets feature yet 2023-06-09 10:34:24 +02:00
avc.c
hooks.c selinux: fix handling of empty opts in selinux_fs_context_submount() 2023-09-23 11:11:11 +02:00
ibpkey.c
ima.c
netif.c
netlabel.c
netlink.c
netnode.c
netport.c
nlmsgtab.c
selinuxfs.c
status.c
xfrm.c