korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-09-22 04:31:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
1617032af6
linux/security
History
Ondrej Mosnacek 87b7a2c910 selinux: fix handling of empty opts in selinux_fs_context_submount() 
commit ccf1dab96b upstream.

selinux_set_mnt_opts() relies on the fact that the mount options pointer
is always NULL when all options are unset (specifically in its
!selinux_initialized() branch. However, the new
selinux_fs_context_submount() hook breaks this rule by allocating a new
structure even if no options are set. That causes any submount created
before a SELinux policy is loaded to be rejected in
selinux_set_mnt_opts().

Fix this by making selinux_fs_context_submount() leave fc->security
set to NULL when there are no options to be copied from the reference
superblock.

Cc: <stable@vger.kernel.org>
Reported-by: Adam Williamson <awilliam@redhat.com>
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2236345
Fixes: d80a8f1b58 ("vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-09-23 11:14:36 +02:00
..
apparmor + Bug Fixes 2023-07-07 09:55:31 -07:00
bpf selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
integrity ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig 2023-09-13 09:53:21 +02:00
keys sysctl: set variable key_sysctls storage-class-specifier to static 2023-08-07 17:55:54 +00:00
landlock hostfs: Fix ephemeral inodes 2023-06-12 21:26:19 +02:00
loadpin sysctl-6.4-rc1 2023-04-27 16:52:33 -07:00
lockdown selinux: remove the runtime disable functionality 2023-03-20 12:34:23 -04:00
safesetid SafeSetID: fix UID printed instead of GID 2023-06-20 20:26:00 -04:00
selinux selinux: fix handling of empty opts in selinux_fs_context_submount() 2023-09-23 11:14:36 +02:00
smack smackfs: Prevent underflow in smk_set_cipso() 2023-09-13 09:53:22 +02:00
tomoyo mm/gup: remove vmas parameter from get_user_pages_remote() 2023-06-09 16:25:26 -07:00
yama sysctl-6.4-rc1 2023-04-27 16:52:33 -07:00
commoncap.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
Kconfig mm/slab: remove HAVE_HARDENED_USERCOPY_ALLOCATOR 2023-05-24 15:38:17 +02:00
Kconfig.hardening randstruct: disable Clang 15 support 2023-02-08 15:26:58 -08:00
lsm_audit.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing 2023-09-13 09:52:58 +02:00