[PATCH 5.1 029/115] Smack: Restore the smackfsdef mount option and add missing prefixes

From: Greg Kroah-Hartman
Date: Mon Jun 17 2019 - 17:42:45 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.1 021/115] io_uring: fix memory leak of UNIX domain socket inode"
Previous message: Greg Kroah-Hartman: "[PATCH 5.1 031/115] bcache: fix stack corruption by PRECEDING_KEY()"
In reply to: Greg Kroah-Hartman: "[PATCH 5.1 031/115] bcache: fix stack corruption by PRECEDING_KEY()"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.1 021/115] io_uring: fix memory leak of UNIX domain socket inode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>

commit 6e7739fc938c1ec58d321f70ea41d9548a4cca0f upstream.

The 5.1 mount system rework changed the smackfsdef mount option to
smackfsdefault. This fixes the regression by making smackfsdef treated
the same way as smackfsdefault.

Also fix the smack_param_specs[] to have "smack" prefixes on all the
names. This isn't visible to a user unless they either:

(a) Try to mount a filesystem that's converted to the internal mount API
and that implements the ->parse_monolithic() context operation - and
only then if they call security_fs_context_parse_param() rather than
security_sb_eat_lsm_opts().

There are no examples of this upstream yet, but nfs will probably want
to do this for nfs2 or nfs3.

(b) Use fsconfig() to configure the filesystem - in which case
security_fs_context_parse_param() will be called.

This issue is that smack_sb_eat_lsm_opts() checks for the "smack" prefix
on the options, but smack_fs_context_parse_param() does not.

Fixes: c3300aaf95fb ("smack: get rid of match_token()")
Fixes: 2febd254adc4 ("smack: Implement filesystem context security hooks")
Cc: stable@xxxxxxxxxxxxxxx
Reported-by: Jose Bollo <jose.bollo@xxxxxxx>
Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
Tested-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
security/smack/smack_lsm.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)

--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -67,6 +67,7 @@ static struct {
int len;
int opt;
} smk_mount_opts[] = {
+ {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault},
A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute)
};
#undef A
@@ -681,11 +682,12 @@ static int smack_fs_context_dup(struct f
}

static const struct fs_parameter_spec smack_param_specs[] = {
- fsparam_string("fsdefault", Opt_fsdefault),
- fsparam_string("fsfloor", Opt_fsfloor),
- fsparam_string("fshat", Opt_fshat),
- fsparam_string("fsroot", Opt_fsroot),
- fsparam_string("fstransmute", Opt_fstransmute),
+ fsparam_string("smackfsdef", Opt_fsdefault),
+ fsparam_string("smackfsdefault", Opt_fsdefault),
+ fsparam_string("smackfsfloor", Opt_fsfloor),
+ fsparam_string("smackfshat", Opt_fshat),
+ fsparam_string("smackfsroot", Opt_fsroot),
+ fsparam_string("smackfstransmute", Opt_fstransmute),
{}
};

Next message: Greg Kroah-Hartman: "[PATCH 5.1 021/115] io_uring: fix memory leak of UNIX domain socket inode"
Previous message: Greg Kroah-Hartman: "[PATCH 5.1 031/115] bcache: fix stack corruption by PRECEDING_KEY()"
In reply to: Greg Kroah-Hartman: "[PATCH 5.1 031/115] bcache: fix stack corruption by PRECEDING_KEY()"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.1 021/115] io_uring: fix memory leak of UNIX domain socket inode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]