Skip to content

Commit 02e768c

Browse files
committed
Merge tag 'selinux-pr-20230914' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux fix from Paul Moore: "A relatively small SELinux patch to fix an issue with a vfs/LSM/SELinux patch that went upstream during the recent merge window. The short version is that the original patch changed how we initialized mount options to resolve a NFS issue and we inadvertently broke a use case due to the changed behavior. The fix restores this behavior for the cases that require it while keeping the original NFS fix in place" * tag 'selinux-pr-20230914' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: fix handling of empty opts in selinux_fs_context_submount()
2 parents 8221097 + ccf1dab commit 02e768c

File tree

1 file changed

+8
-2
lines changed

1 file changed

+8
-2
lines changed

security/selinux/hooks.c

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2775,14 +2775,20 @@ static int selinux_umount(struct vfsmount *mnt, int flags)
27752775
static int selinux_fs_context_submount(struct fs_context *fc,
27762776
struct super_block *reference)
27772777
{
2778-
const struct superblock_security_struct *sbsec;
2778+
const struct superblock_security_struct *sbsec = selinux_superblock(reference);
27792779
struct selinux_mnt_opts *opts;
27802780

2781+
/*
2782+
* Ensure that fc->security remains NULL when no options are set
2783+
* as expected by selinux_set_mnt_opts().
2784+
*/
2785+
if (!(sbsec->flags & (FSCONTEXT_MNT|CONTEXT_MNT|DEFCONTEXT_MNT)))
2786+
return 0;
2787+
27812788
opts = kzalloc(sizeof(*opts), GFP_KERNEL);
27822789
if (!opts)
27832790
return -ENOMEM;
27842791

2785-
sbsec = selinux_superblock(reference);
27862792
if (sbsec->flags & FSCONTEXT_MNT)
27872793
opts->fscontext_sid = sbsec->sid;
27882794
if (sbsec->flags & CONTEXT_MNT)

0 commit comments

Comments
 (0)