selinux: fix handling of empty opts in selinux_fs_context_submount()
authorOndrej Mosnacek <omosnace@redhat.com>
Mon, 11 Sep 2023 14:23:58 +0000 (16:23 +0200)
committerPaul Moore <paul@paul-moore.com>
Tue, 12 Sep 2023 21:31:08 +0000 (17:31 -0400)
commitccf1dab96be4caed7c5235b1cfdb606ac161b996
tree60271c741ee17f9f3758f0a7b9a5cfefded0ad09
parent0bb80ecc33a8fb5a682236443c1e740d5c917d1d
selinux: fix handling of empty opts in selinux_fs_context_submount()

selinux_set_mnt_opts() relies on the fact that the mount options pointer
is always NULL when all options are unset (specifically in its
!selinux_initialized() branch. However, the new
selinux_fs_context_submount() hook breaks this rule by allocating a new
structure even if no options are set. That causes any submount created
before a SELinux policy is loaded to be rejected in
selinux_set_mnt_opts().

Fix this by making selinux_fs_context_submount() leave fc->security
set to NULL when there are no options to be copied from the reference
superblock.

Cc: <stable@vger.kernel.org>
Reported-by: Adam Williamson <awilliam@redhat.com>
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2236345
Fixes: d80a8f1b58c2 ("vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
security/selinux/hooks.c