projects / platform / kernel / linux-starfive.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing
[platform/kernel/linux-starfive.git] / security / selinux / hooks.c
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d06e350..afd6637 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2745,6 +2745,27 @@ static int selinux_umount(struct vfsmount *mnt, int flags)
                                   FILESYSTEM__UNMOUNT, NULL);
 }
 
+static int selinux_fs_context_submount(struct fs_context *fc,
+                                  struct super_block *reference)
+{
+       const struct superblock_security_struct *sbsec;
+       struct selinux_mnt_opts *opts;
+
+       opts = kzalloc(sizeof(*opts), GFP_KERNEL);
+       if (!opts)
+               return -ENOMEM;
+
+       sbsec = selinux_superblock(reference);
+       if (sbsec->flags & FSCONTEXT_MNT)
+               opts->fscontext_sid = sbsec->sid;
+       if (sbsec->flags & CONTEXT_MNT)
+               opts->context_sid = sbsec->mntpoint_sid;
+       if (sbsec->flags & DEFCONTEXT_MNT)
+               opts->defcontext_sid = sbsec->def_sid;
+       fc->security = opts;
+       return 0;
+}
+
 static int selinux_fs_context_dup(struct fs_context *fc,
                                  struct fs_context *src_fc)
 {
@@ -7182,6 +7203,7 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = {
        /*
         * PUT "CLONING" (ACCESSING + ALLOCATING) HOOKS HERE
         */
+       LSM_HOOK_INIT(fs_context_submount, selinux_fs_context_submount),
        LSM_HOOK_INIT(fs_context_dup, selinux_fs_context_dup),
        LSM_HOOK_INIT(fs_context_parse_param, selinux_fs_context_parse_param),
        LSM_HOOK_INIT(sb_eat_lsm_opts, selinux_sb_eat_lsm_opts),
Domain: System / Kernel;