leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ec1ade6a04
linux/fs/nfs
History
Olga Kornievskaia ec1ade6a04 nfs: account for selinux security context when deciding to share superblock 
Keep track of whether or not there were LSM security context
options passed during mount (ie creation of the superblock).
Then, while deciding if the superblock can be shared for the new
mount, check if the newly passed in LSM security context options
are compatible with the existing superblock's ones by calling
security_sb_mnt_opts_compat().

Previously, with selinux enabled, NFS wasn't able to do the
following 2mounts:
mount -o vers=4.2,sec=sys,context=system_u:object_r:root_t:s0
<serverip>:/ /mnt
mount -o vers=4.2,sec=sys,context=system_u:object_r:swapfile_t:s0
<serverip>:/scratch /scratch

2nd mount would fail with "mount.nfs: an incorrect mount option was
specified" and var log messages would have:
"SElinux: mount invalid. Same superblock, different security
settings for.."

Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
[PM: tweak subject line]
Signed-off-by: Paul Moore <paul@paul-moore.com>
2021-03-22 15:01:45 -04:00
..
blocklayout block: Add bio_max_segs 2021-02-26 15:49:51 -07:00
filelayout SUNRPC: Add xdr_set_scratch_page() and xdr_reset_scratch_buffer() 2020-11-30 14:46:35 -05:00
flexfilelayout NFS client updates for Linux 5.11 2020-12-17 12:15:03 -08:00
cache_lib.c NFS client updates for Linux 4.15 2017-11-17 14:18:00 -08:00
cache_lib.h NFS client updates for Linux 4.15 2017-11-17 14:18:00 -08:00
callback_proc.c kernel.h: split out mathematical helpers 2020-12-15 22:46:15 -08:00
callback_xdr.c SUNRPC: Make trace_svc_process() display the RPC procedure symbolically 2021-01-25 09:36:23 -05:00
callback.c SUNRPC: Cache the process user cred in the RPC server listener 2019-04-24 09:46:35 -04:00
callback.h NFSv4: Add support for CB_RECALL_ANY for flexfiles layouts 2020-03-16 08:34:30 -04:00
client.c NFS: NFSv2/NFSv3: Use cred from fs_context during mount 2020-12-02 14:05:54 -05:00
delegation.c NFS: nfs_delegation_find_inode_server must first reference the superblock 2021-01-10 16:29:28 -05:00
delegation.h NFSv4: Ensure the delegation is pinned in nfs_do_return_delegation() 2020-02-13 16:18:50 -05:00
dir.c fs: make helpers idmap mount aware 2021-01-24 14:27:20 +01:00
direct.c NFS client updates for Linux 5.9 2020-08-15 08:26:55 -07:00
dns_resolve.c NFS: remove duplicate headers 2020-05-27 10:10:12 -04:00
dns_resolve.h
export.c nfs: use change attribute for NFS re-exports 2021-01-30 11:47:12 -05:00
file.c NFS: Add support for eager writes 2021-02-16 16:11:14 -05:00
fs_context.c nfs: account for selinux security context when deciding to share superblock 2021-03-22 15:01:45 -04:00
fscache-index.c nfs: fscache: use timespec64 in inode auxdata 2020-01-15 10:54:30 -05:00
fscache.c NFS: Add nfs_pageio_complete_read() and remove nfs_readpage_async() 2021-02-01 13:32:48 -05:00
fscache.h nfs: fscache: use timespec64 in inode auxdata 2020-01-15 10:54:30 -05:00
getroot.c NFS: Ensure security label is set for root inode 2020-03-30 19:56:50 -04:00
inode.c NFS Client Updates for Linux 5.12 2021-02-26 09:17:24 -08:00
internal.h nfs: account for selinux security context when deciding to share superblock 2021-03-22 15:01:45 -04:00
io.c NFS: Fix up documentation warnings 2019-02-20 15:14:21 -05:00
iostat.h
Kconfig NFS: Disable READ_PLUS by default 2020-12-10 16:48:03 -05:00
Makefile NFSv4.2: add client side xattr caching. 2020-07-13 17:52:46 -04:00
mount_clnt.c NFSv3: fix rpc receive buffer size for MOUNT call 2020-05-14 18:42:44 -04:00
namespace.c fs: make helpers idmap mount aware 2021-01-24 14:27:20 +01:00
netns.h NFS: Add sysfs support for per-container identifier 2019-07-06 14:54:49 -04:00
nfs2super.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nfs2xdr.c SUNRPC: Clean up the handling of page padding in rpc_prepare_reply_pages() 2020-12-02 14:05:53 -05:00
nfs3_fs.h fs: make helpers idmap mount aware 2021-01-24 14:27:20 +01:00
nfs3acl.c NFS Client Updates for Linux 5.12 2021-02-26 09:17:24 -08:00
nfs3client.c NFS: Additional refactoring for fs_context conversion 2020-01-15 10:15:17 -05:00
nfs3proc.c NFS: Allow the NFS generic code to pass in a verifier to readdir 2020-12-02 14:05:52 -05:00
nfs3super.c treewide: Add SPDX license identifier for more missed files 2019-05-21 10:50:45 +02:00
nfs3xdr.c SUNRPC: Clean up the handling of page padding in rpc_prepare_reply_pages() 2020-12-02 14:05:53 -05:00
nfs4_fs.h NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE 2020-10-02 08:43:09 -04:00
nfs4client.c nfs: Fix fall-through warnings for Clang 2021-02-01 13:32:32 -05:00
nfs4file.c NFSv4_2: SSC helper should use its own config. 2021-01-28 10:55:37 -05:00
nfs4getroot.c
nfs4idmap.c NFS: Only reference user namespace from nfs4idmap struct instead of cred 2020-10-13 15:56:54 -04:00
nfs4idmap.h
nfs4namespace.c nfs: Fix memory leak of export_path 2020-06-26 08:43:14 -04:00
nfs4proc.c NFS Client Updates for Linux 5.12 2021-02-26 09:17:24 -08:00
nfs4renewd.c NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals 2020-02-04 12:27:55 -05:00
nfs4session.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
nfs4session.h NFSv4.1: use BITS_PER_LONG macro in nfs4session.h 2020-12-14 06:51:07 -05:00
nfs4state.c nfs: Fix fall-through warnings for Clang 2021-02-01 13:32:32 -05:00
nfs4super.c NFS: Adjust fs_context error logging 2021-01-10 13:32:39 -05:00
nfs4sysctl.c nfs: Do not convert nfs_idmap_cache_timeout to jiffies 2018-01-18 15:10:47 -05:00
nfs4trace.c pNFS/flexfiles: Add tracing for layout errors 2020-01-15 10:54:33 -05:00
nfs4trace.h NFSv4/pnfs: Add tracing for the deviceid cache 2020-12-16 17:25:24 -05:00
nfs4xdr.c NFS client updates for Linux 5.11 2020-12-17 12:15:03 -08:00
nfs42.h NFSv4.2: add the extended attribute proc functions. 2020-07-13 17:52:45 -04:00
nfs42proc.c NFSv4.2: fix error return on memory allocation failure 2020-12-16 07:54:42 -05:00
nfs42xattr.c NFSv4.2: fix failure to unregister shrinker 2020-11-12 10:40:02 -05:00
nfs42xdr.c NFS client updates for Linux 5.11 2020-12-17 12:15:03 -08:00
nfs.h
nfsroot.c nfsroot: Default mount option should ask for built-in NFS version 2020-11-02 10:29:03 -05:00
nfstrace.c NFS: Add trace events to report non-zero NFS status codes 2019-02-13 12:03:21 -05:00
nfstrace.h nfs: define and use the NFS_INO_INVALID_XATTR flag 2020-07-13 17:52:45 -04:00
pagelist.c pNFS/flexfiles: Fix array overflow when flexfiles mirroring is enabled 2020-11-30 10:52:22 -05:00
pnfs_dev.c NFSv4/pnfs: Add tracing for the deviceid cache 2020-12-16 17:25:24 -05:00
pnfs_nfs.c NFS/pNFS: Don't leak DS commits in pnfs_generic_retry_commit() 2021-01-10 13:32:52 -05:00
pnfs.c nfs: Fix fall-through warnings for Clang 2021-02-01 13:32:32 -05:00
pnfs.h pNFS: We want return-on-close to complete when evicting the inode 2021-01-10 13:32:51 -05:00
proc.c NFS: Allow the NFS generic code to pass in a verifier to readdir 2020-12-02 14:05:52 -05:00
read.c NFS: Add nfs_pageio_complete_read() and remove nfs_readpage_async() 2021-02-01 13:32:48 -05:00
super.c nfs: account for selinux security context when deciding to share superblock 2021-03-22 15:01:45 -04:00
symlink.c nfs: pass the correct prototype to read_cache_page 2019-05-09 16:26:57 -04:00
sysctl.c
sysfs.c NFSv4: Fix up RCU annotations for struct nfs_netns_client 2020-10-15 13:31:08 -04:00
sysfs.h NFSv4: Fix up RCU annotations for struct nfs_netns_client 2020-10-15 13:31:08 -04:00
unlink.c NFS: Avoid referencing the cred twice in async rename/unlink 2020-03-16 08:34:29 -04:00
write.c NFS: Add support for eager writes 2021-02-16 16:11:14 -05:00