nfs: account for selinux security context when deciding to share superblock

olgakorn1 · pcmoore · commit ec1ade6a0448 · 2021-03-22T15:01:45.000-04:00
Keep track of whether or not there were LSM security context
options passed during mount (ie creation of the superblock).
Then, while deciding if the superblock can be shared for the new
mount, check if the newly passed in LSM security context options
are compatible with the existing superblock's ones by calling
security_sb_mnt_opts_compat().

Previously, with selinux enabled, NFS wasn't able to do the
following 2mounts:
mount -o vers=4.2,sec=sys,context=system_u:object_r:root_t:s0
&lt;serverip&gt;:/ /mnt
mount -o vers=4.2,sec=sys,context=system_u:object_r:swapfile_t:s0
&lt;serverip&gt;:/scratch /scratch

2nd mount would fail with "mount.nfs: an incorrect mount option was
specified" and var log messages would have:
"SElinux: mount invalid. Same superblock, different security
settings for.."

Signed-off-by: Olga Kornievskaia &lt;kolga@netapp.com&gt;
[PM: tweak subject line]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
diff --git a/fs/nfs/fs_context.c b/fs/nfs/fs_context.c
@@ -463,6 +463,9 @@ static int nfs_fs_context_parse_param(struct fs_context *fc,
 	if (opt < 0)
 		return ctx->sloppy ? 1 : opt;
 
+	if (fc->security)
+		ctx->has_sec_mnt_opts = 1;
+
 	switch (opt) {
 	case Opt_source:
 		if (fc->source)
diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h
@@ -96,6 +96,7 @@ struct nfs_fs_context {
 	char			*fscache_uniq;
 	unsigned short		protofamily;
 	unsigned short		mountfamily;
+	bool			has_sec_mnt_opts;
 
 	struct {
 		union {
diff --git a/fs/nfs/super.c b/fs/nfs/super.c
@@ -1077,6 +1077,7 @@ static void nfs_fill_super(struct super_block *sb, struct nfs_fs_context *ctx)
 						 &sb->s_blocksize_bits);
 
 	nfs_super_set_maxbytes(sb, server->maxfilesize);
+	server->has_sec_mnt_opts = ctx->has_sec_mnt_opts;
 }
 
 static int nfs_compare_mount_options(const struct super_block *s, const struct nfs_server *b,
@@ -1193,6 +1194,9 @@ static int nfs_compare_super(struct super_block *sb, struct fs_context *fc)
 		return 0;
 	if (!nfs_compare_userns(old, server))
 		return 0;
+	if ((old->has_sec_mnt_opts || fc->security) &&
+			security_sb_mnt_opts_compat(sb, fc->security))
+		return 0;
 	return nfs_compare_mount_options(sb, server, fc);
 }
 
diff --git a/include/linux/nfs_fs_sb.h b/include/linux/nfs_fs_sb.h
@@ -256,6 +256,7 @@ struct nfs_server {
 
 	/* User namespace info */
 	const struct cred	*cred;
+	bool			has_sec_mnt_opts;
 };
 
 /* Server capabilities */

Original file line number	Diff line number	Diff line change
`@@ -1077,6 +1077,7 @@ static void nfs_fill_super(struct super_block sb, struct nfs_fs_context ctx)`
`1077`	`1077`	`&sb->s_blocksize_bits);`
`1078`	`1078`
`1079`	`1079`	`nfs_super_set_maxbytes(sb, server->maxfilesize);`
	`1080`	`+ server->has_sec_mnt_opts = ctx->has_sec_mnt_opts;`
`1080`	`1081`	`}`
`1081`	`1082`
`1082`	`1083`	`static int nfs_compare_mount_options(const struct super_block s, const struct nfs_server b,`
`@@ -1193,6 +1194,9 @@ static int nfs_compare_super(struct super_block sb, struct fs_context fc)`
`1193`	`1194`	`return 0;`
`1194`	`1195`	`if (!nfs_compare_userns(old, server))`
`1195`	`1196`	`return 0;`
	`1197`	`+ if ((old->has_sec_mnt_opts \|\| fc->security) &&`
	`1198`	`+ security_sb_mnt_opts_compat(sb, fc->security))`
	`1199`	`+ return 0;`
`1196`	`1200`	`return nfs_compare_mount_options(sb, server, fc);`
`1197`	`1201`	`}`
`1198`	`1202`