diff options
author | Olga Kornievskaia <kolga@netapp.com> | 2021-02-19 23:22:33 +0100 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2021-03-22 20:01:45 +0100 |
commit | ec1ade6a0448e3bfb07bb905aca1bc18836220c7 (patch) | |
tree | 306efdd474c9289e61e13483a35c5dc868c74232 /fs/nfs/internal.h | |
parent | nfs: remove unneeded null check in nfs_fill_super() (diff) | |
download | linux-ec1ade6a0448e3bfb07bb905aca1bc18836220c7.tar.xz linux-ec1ade6a0448e3bfb07bb905aca1bc18836220c7.zip |
nfs: account for selinux security context when deciding to share superblock
Keep track of whether or not there were LSM security context
options passed during mount (ie creation of the superblock).
Then, while deciding if the superblock can be shared for the new
mount, check if the newly passed in LSM security context options
are compatible with the existing superblock's ones by calling
security_sb_mnt_opts_compat().
Previously, with selinux enabled, NFS wasn't able to do the
following 2mounts:
mount -o vers=4.2,sec=sys,context=system_u:object_r:root_t:s0
<serverip>:/ /mnt
mount -o vers=4.2,sec=sys,context=system_u:object_r:swapfile_t:s0
<serverip>:/scratch /scratch
2nd mount would fail with "mount.nfs: an incorrect mount option was
specified" and var log messages would have:
"SElinux: mount invalid. Same superblock, different security
settings for.."
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
[PM: tweak subject line]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'fs/nfs/internal.h')
-rw-r--r-- | fs/nfs/internal.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h index 25fb43b69e5a..c3f57b423611 100644 --- a/fs/nfs/internal.h +++ b/fs/nfs/internal.h @@ -96,6 +96,7 @@ struct nfs_fs_context { char *fscache_uniq; unsigned short protofamily; unsigned short mountfamily; + bool has_sec_mnt_opts; struct { union { |