• Olga Kornievskaia's avatar
    nfs: account for selinux security context when deciding to share superblock · ec1ade6a
    Olga Kornievskaia authored
    Keep track of whether or not there were LSM security context
    options passed during mount (ie creation of the superblock).
    Then, while deciding if the superblock can be shared for the new
    mount, check if the newly passed in LSM security context options
    are compatible with the existing superblock's ones by calling
    security_sb_mnt_opts_compat().
    
    Previously, with selinux enabled, NFS wasn't able to do the
    following 2mounts:
    mount -o vers=4.2,sec=sys,context=system_u:object_r:root_t:s0
    <serverip>:/ /mnt
    mount -o vers=4.2,sec=sys,context=system_u:object_r:swapfile_t:s0
    <serverip>:/scratch /scratch
    
    2nd mount would fail with "mount.nfs: an incorrect mount option was
    specified" and var log messages would have:
    "SElinux: mount invalid. Same superblock, different security
    settings for.."
    Signed-off-by: default avatarOlga Kornievskaia <kolga@netapp.com>
    [PM: tweak subject line]
    Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
    ec1ade6a
super.c 36.9 KB