On Fri, Apr 9, 2021 at 7:00 PM Casey Schaufler <ca...@schaufler-ca.com> wrote: > On 4/9/2021 4:12 AM, Ondrej Mosnacek wrote: > > This series attempts to clean up part of the mess that has grown around > > the LSM mount option handling across different subsystems. > > > > The original motivation was to fix a NFS+SELinux bug that I found while > > trying to get the NFS part of the selinux-testsuite  to work, which > > is fixed by patch 2. > > > > The first patch paves the way for the second one by eliminating the > > special case workaround in selinux_set_mnt_opts(), while also > > simplifying BTRFS's LSM mount option handling. > > > > I tested the patches by running the NFS part of the SELinux testsuite > > (which is now fully passing). I also added the pending patch for > > broken BTRFS LSM options support with fsconfig(2)  and ran the > > proposed BTRFS SELinux tests for selinux-testsuite  (still passing > > with all patches). > > The Smack testsuite can be found at: > https://github.com/smack-team/smack-testsuite.git > > It might provide another layer of confidence.
Thanks, but that doesn't seem to exercise mounting/remounting btrfs nor nfs with security options. Anything else should be unaffected. > > > > >  https://github.com/SELinuxProject/selinux-testsuite/ > >  > > https://lore.kernel.org/selinux/20210401065403.ga1363...@infradead.org/T/ > >  > > https://lore.kernel.org/selinux/20201103110121.53919-2-richard_c_hai...@btinternet.com/ > > ^^ the original patch no longer applies - a rebased version is here: > > > > https://github.com/WOnder93/selinux-testsuite/commit/212e76b5bd0775c7507c1996bd172de3bcbff139.patch > > > > Ondrej Mosnacek (2): > > vfs,LSM: introduce the FS_HANDLES_LSM_OPTS flag > > selinux: fix SECURITY_LSM_NATIVE_LABELS flag handling on double mount > > > > fs/btrfs/super.c | 35 ++++++----------------------------- > > fs/nfs/fs_context.c | 6 ++++-- > > fs/super.c | 10 ++++++---- > > include/linux/fs.h | 3 ++- > > security/selinux/hooks.c | 32 +++++++++++++++++--------------- > > 5 files changed, 35 insertions(+), 51 deletions(-) > > > -- Ondrej Mosnacek Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.