diff options
| author | Scott Mayhew <smayhew@redhat.com> | 2021-06-22 15:11:59 +0300 |
|---|---|---|
| committer | Trond Myklebust <trond.myklebust@hammerspace.com> | 2021-06-28 16:34:39 +0300 |
| commit | eae00c5d6e48ccb2d78ae5873743d7d1a572951b (patch) | |
| tree | 0477b418a7f0c9da6565a5d73528a9ab376b46ec /net | |
| parent | a9601ac5e9160a3f96348ebc5d0751397a501701 (diff) | |
| download | linux-eae00c5d6e48ccb2d78ae5873743d7d1a572951b.tar.xz | |
nfs: update has_sec_mnt_opts after cloning lsm options from parent
After calling security_sb_clone_mnt_opts() in nfs_get_root(), it's
necessary to copy the value of has_sec_mnt_opts from the cloned
super_block's nfs_server. Otherwise, calls to nfs_compare_super()
using this super_block may not return the correct result, leading to
mount failures.
For example, mounting an nfs server with the following in /etc/exports:
/export *(rw,insecure,crossmnt,no_root_squash,security_label)
and having /export/scratch on a separate block device.
mount -o v4.2,context=system_u:object_r:root_t:s0 server:/export/test /mnt/test
mount -o v4.2,context=system_u:object_r:swapfile_t:s0 server:/export/scratch /mnt/scratch
The second mount would fail with "mount.nfs: /mnt/scratch is busy or
already mounted or sharecache fail" and "SELinux: mount invalid. Same
superblock, different security settings for..." would appear in the
syslog.
Also while we're in there, replace several instances of "NFS_SB(s)"
with "server", which was already declared at the top of the
nfs_get_root().
Fixes: ec1ade6a0448 ("nfs: account for selinux security context when deciding to share superblock")
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Diffstat (limited to 'net')
0 files changed, 0 insertions, 0 deletions