proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2025-12-11 12:30:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
ec54424923
mirror_ubuntu-kernels/security/selinux
History
Ondrej Mosnacek ccf1dab96b selinux: fix handling of empty opts in selinux_fs_context_submount() 
selinux_set_mnt_opts() relies on the fact that the mount options pointer
is always NULL when all options are unset (specifically in its
!selinux_initialized() branch. However, the new
selinux_fs_context_submount() hook breaks this rule by allocating a new
structure even if no options are set. That causes any submount created
before a SELinux policy is loaded to be rejected in
selinux_set_mnt_opts().

Fix this by making selinux_fs_context_submount() leave fc->security
set to NULL when there are no options to be copied from the reference
superblock.

Cc: <stable@vger.kernel.org>
Reported-by: Adam Williamson <awilliam@redhat.com>
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2236345
Fixes: d80a8f1b58 ("vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
2023-09-12 17:31:08 -04:00
..
include selinux: revert SECINITSID_INIT support 2023-08-09 10:51:13 -04:00
ss selinux/stable-6.6 PR 20230829 2023-08-30 08:51:16 -07:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
avc.c selinux: update my email address 2023-07-19 11:27:02 -04:00
hooks.c selinux: fix handling of empty opts in selinux_fs_context_submount() 2023-09-12 17:31:08 -04:00
ibpkey.c selinux: stop passing selinux_state pointers and their offspring 2023-03-14 15:22:45 -04:00
ima.c selinux: adjust typos in comments 2023-05-08 16:44:01 -04:00
Kconfig selinux: introduce SECURITY_SELINUX_DEBUG configuration 2023-07-20 16:21:52 -04:00
Makefile selinux: fix Makefile for versions of make < v4.3 2023-06-02 15:34:29 -04:00
netif.c selinux: avoid implicit conversions in the netif code 2023-07-18 18:29:48 -04:00
netlabel.c selinux: prevent KMSAN warning in selinux_inet_conn_request() 2023-08-15 18:23:22 -04:00
netlink.c selinux: mark some global variables __ro_after_init 2021-01-12 10:08:55 -05:00
netnode.c selinux: stop passing selinux_state pointers and their offspring 2023-03-14 15:22:45 -04:00
netport.c selinux: stop passing selinux_state pointers and their offspring 2023-03-14 15:22:45 -04:00
nlmsgtab.c selinux: use unsigned iterator in nlmsgtab code 2023-08-09 19:07:49 -04:00
selinuxfs.c selinux/stable-6.6 PR 20230829 2023-08-30 08:51:16 -07:00
status.c selinux: avoid implicit conversions regarding enforcing status 2023-07-18 18:29:50 -04:00
xfrm.c selinux: de-brand SELinux 2023-07-18 18:42:57 -04:00