• Scott Mayhew's avatar
    NFS: Ensure security label is set for root inode · 779df6a5
    Scott Mayhew authored
    When using NFSv4.2, the security label for the root inode should be set
    via a call to nfs_setsecurity() during the mount process, otherwise the
    inode will appear as unlabeled for up to acdirmin seconds.  Currently
    the label for the root inode is allocated, retrieved, and freed entirely
    witin nfs4_proc_get_root().
    
    Add a field for the label to the nfs_fattr struct, and allocate & free
    the label in nfs_get_root(), where we also add a call to
    nfs_setsecurity().  Note that for the call to nfs_setsecurity() to
    succeed, it's necessary to also move the logic calling
    security_sb_{set,clone}_security() from nfs_get_tree_common() down into
    nfs_get_root()... otherwise the SBLABEL_MNT flag will not be set in the
    super_block's security flags and nfs_setsecurity() will silently fail.
    Reported-by: default avatarRichard Haines <richard_c_haines@btinternet.com>
    Signed-off-by: default avatarScott Mayhew <smayhew@redhat.com>
    Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    Tested-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    [PM: fixed 80-char line width problems]
    Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
    779df6a5
getroot.c 4.43 KB