diff options
author | Scott Mayhew <smayhew@redhat.com> | 2020-03-04 01:58:37 +0300 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2020-03-31 02:56:50 +0300 |
commit | 779df6a5480f1307d51b66ea72352be592265cad (patch) | |
tree | dfd60cf3ed2d28daa3b251b6485e4e5385f3dd6f /include | |
parent | 27978872179b815105082902b22c516359576673 (diff) | |
download | linux-779df6a5480f1307d51b66ea72352be592265cad.tar.xz |
NFS: Ensure security label is set for root inode
When using NFSv4.2, the security label for the root inode should be set
via a call to nfs_setsecurity() during the mount process, otherwise the
inode will appear as unlabeled for up to acdirmin seconds. Currently
the label for the root inode is allocated, retrieved, and freed entirely
witin nfs4_proc_get_root().
Add a field for the label to the nfs_fattr struct, and allocate & free
the label in nfs_get_root(), where we also add a call to
nfs_setsecurity(). Note that for the call to nfs_setsecurity() to
succeed, it's necessary to also move the logic calling
security_sb_{set,clone}_security() from nfs_get_tree_common() down into
nfs_get_root()... otherwise the SBLABEL_MNT flag will not be set in the
super_block's security flags and nfs_setsecurity() will silently fail.
Reported-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Tested-by: Stephen Smalley <sds@tycho.nsa.gov>
[PM: fixed 80-char line width problems]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/nfs_xdr.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h index 94c77ed55ce1..6838c149f335 100644 --- a/include/linux/nfs_xdr.h +++ b/include/linux/nfs_xdr.h @@ -75,6 +75,7 @@ struct nfs_fattr { struct nfs4_string *owner_name; struct nfs4_string *group_name; struct nfs4_threshold *mdsthreshold; /* pNFS threshold hints */ + struct nfs4_label *label; }; #define NFS_ATTR_FATTR_TYPE (1U << 0) |