| Message ID | 20220125071133.188172-1-gongruiqi1@huawei.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [-next] selinux: access superblock_security_struct in LSM blob way | expand |
On 1/24/2022 11:11 PM, GONG, Ruiqi wrote: > LSM blob has been involved for superblock's security struct. So fix the > remaining direct access to sb->s_security by using the LSM blob > mechanism. > > Fixes: 08abe46b2cfc ("selinux: fall back to SECURITY_FS_USE_GENFS if no xattr support") > Fixes: 69c4a42d72eb ("lsm,selinux: add new hook to compare new mount to an existing mount") > Signed-off-by: GONG, Ruiqi <gongruiqi1@huawei.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> This is pretty important. > --- > security/selinux/hooks.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 5b6895e4fc29..a0243bae8423 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -479,7 +479,7 @@ static int selinux_is_sblabel_mnt(struct super_block *sb) > > static int sb_check_xattr_support(struct super_block *sb) > { > - struct superblock_security_struct *sbsec = sb->s_security; > + struct superblock_security_struct *sbsec = selinux_superblock(sb); > struct dentry *root = sb->s_root; > struct inode *root_inode = d_backing_inode(root); > u32 sid; > @@ -2647,7 +2647,7 @@ static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts) > static int selinux_sb_mnt_opts_compat(struct super_block *sb, void *mnt_opts) > { > struct selinux_mnt_opts *opts = mnt_opts; > - struct superblock_security_struct *sbsec = sb->s_security; > + struct superblock_security_struct *sbsec = selinux_superblock(sb); > u32 sid; > int rc; >
On Tue, Jan 25, 2022 at 2:12 AM GONG, Ruiqi <gongruiqi1@huawei.com> wrote: > > LSM blob has been involved for superblock's security struct. So fix the > remaining direct access to sb->s_security by using the LSM blob > mechanism. > > Fixes: 08abe46b2cfc ("selinux: fall back to SECURITY_FS_USE_GENFS if no xattr support") > Fixes: 69c4a42d72eb ("lsm,selinux: add new hook to compare new mount to an existing mount") > Signed-off-by: GONG, Ruiqi <gongruiqi1@huawei.com> > --- > security/selinux/hooks.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) Thanks for the patch! I just merged this into selinux/next.
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5b6895e4fc29..a0243bae8423 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -479,7 +479,7 @@ static int selinux_is_sblabel_mnt(struct super_block *sb) static int sb_check_xattr_support(struct super_block *sb) { - struct superblock_security_struct *sbsec = sb->s_security; + struct superblock_security_struct *sbsec = selinux_superblock(sb); struct dentry *root = sb->s_root; struct inode *root_inode = d_backing_inode(root); u32 sid; @@ -2647,7 +2647,7 @@ static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts) static int selinux_sb_mnt_opts_compat(struct super_block *sb, void *mnt_opts) { struct selinux_mnt_opts *opts = mnt_opts; - struct superblock_security_struct *sbsec = sb->s_security; + struct superblock_security_struct *sbsec = selinux_superblock(sb); u32 sid; int rc;
LSM blob has been involved for superblock's security struct. So fix the remaining direct access to sb->s_security by using the LSM blob mechanism. Fixes: 08abe46b2cfc ("selinux: fall back to SECURITY_FS_USE_GENFS if no xattr support") Fixes: 69c4a42d72eb ("lsm,selinux: add new hook to compare new mount to an existing mount") Signed-off-by: GONG, Ruiqi <gongruiqi1@huawei.com> --- security/selinux/hooks.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)