On 4/9/2021 4:12 AM, Ondrej Mosnacek wrote:
> This series attempts to clean up part of the mess that has grown around
> the LSM mount option handling across different subsystems.
>
> The original motivation was to fix a NFS+SELinux bug that I found while
> trying to get the NFS part of the selinux-testsuite [1] to work, which
> is fixed by patch 2.
>
> The first patch paves the way for the second one by eliminating the
> special case workaround in selinux_set_mnt_opts(), while also
> simplifying BTRFS's LSM mount option handling.
>
> I tested the patches by running the NFS part of the SELinux testsuite
> (which is now fully passing). I also added the pending patch for
> broken BTRFS LSM options support with fsconfig(2) [2] and ran the
> proposed BTRFS SELinux tests for selinux-testsuite [3] (still passing
> with all patches).
The Smack testsuite can be found at:
https://github.com/smack-team/smack-testsuite.git
It might provide another layer of confidence.
>
> [1] https://github.com/SELinuxProject/selinux-testsuite/
> [2] https://lore.kernel.org/selinux/[email protected]/T/
> [3]
> https://lore.kernel.org/selinux/[email protected]/
> ^^ the original patch no longer applies - a rebased version is here:
>
> https://github.com/WOnder93/selinux-testsuite/commit/212e76b5bd0775c7507c1996bd172de3bcbff139.patch
>
> Ondrej Mosnacek (2):
> vfs,LSM: introduce the FS_HANDLES_LSM_OPTS flag
> selinux: fix SECURITY_LSM_NATIVE_LABELS flag handling on double mount
>
> fs/btrfs/super.c | 35 ++++++-----------------------------
> fs/nfs/fs_context.c | 6 ++++--
> fs/super.c | 10 ++++++----
> include/linux/fs.h | 3 ++-
> security/selinux/hooks.c | 32 +++++++++++++++++---------------
> 5 files changed, 35 insertions(+), 51 deletions(-)
>
