• Scott Mayhew's avatar
    security/selinux: allow security_sb_clone_mnt_opts to enable/disable native labeling behavior · 0b4d3452
    Scott Mayhew authored
    When an NFSv4 client performs a mount operation, it first mounts the
    NFSv4 root and then does path walk to the exported path and performs a
    submount on that, cloning the security mount options from the root's
    superblock to the submount's superblock in the process.
    
    Unless the NFS server has an explicit fsid=0 export with the
    "security_label" option, the NFSv4 root superblock will not have
    SBLABEL_MNT set, and neither will the submount superblock after cloning
    the security mount options.  As a result, setxattr's of security labels
    over NFSv4.2 will fail.  In a similar fashion, NFSv4.2 mounts mounted
    with the context= mount option will not show the correct labels because
    the nfs_server->caps flags of the cloned superblock will still have
    NFS_CAP_SECURITY_LABEL set.
    
    Allowing the NFSv4 client to enable or disable SECURITY_LSM_NATIVE_LABELS
    behavior will ensure that the SBLABEL_MNT flag has the correct value
    when the client traverses from an exported path without the
    "security_label" option to one with the "security_label" option and
    vice versa.  Similarly, checking to see if SECURITY_LSM_NATIVE_LABELS is
    set upon return from security_sb_clone_mnt_opts() and clearing
    NFS_CAP_SECURITY_LABEL if necessary will allow the correct labels to
    be displayed for NFSv4.2 mounts mounted with the context= mount option.
    
    Resolves: https://github.com/SELinuxProject/selinux-kernel/issues/35Signed-off-by: default avatarScott Mayhew <smayhew@redhat.com>
    Reviewed-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    Tested-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
    0b4d3452
security.c 42.9 KB