Hi all,
Today's linux-next merge of the selinux tree got a conflict in:
fs/nfs/getroot.c
between commit:
e8213ffc2aec ("NFS: Ensure security label is set for root inode")
from the nfs tree and commit:
28d4d0e16f09 ("When using NFSv4.2, the security label for the root inode should be set via a call to nfs_setsecurity() during the mount process, otherwise the inode will appear as unlabeled for up to acdirmin seconds. Currently the label for the root inode is allocated, retrieved, and freed entirely witin nfs4_proc_get_root().")
from the selinux tree.
These are basically the same patch with slight formatting differences.
I fixed it up (I used the latter) and can carry the fix as necessary.
This is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging. You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.
--
Cheers,
Stephen Rothwell
On Tue, 2020-03-17 at 13:31 +1100, Stephen Rothwell wrote:
> Hi all,
>
> Today's linux-next merge of the selinux tree got a conflict in:
>
> fs/nfs/getroot.c
>
> between commit:
>
> e8213ffc2aec ("NFS: Ensure security label is set for root inode")
>
> from the nfs tree and commit:
>
> 28d4d0e16f09 ("When using NFSv4.2, the security label for the root
> inode should be set via a call to nfs_setsecurity() during the mount
> process, otherwise the inode will appear as unlabeled for up to
> acdirmin seconds. Currently the label for the root inode is
> allocated, retrieved, and freed entirely witin
> nfs4_proc_get_root().")
>
> from the selinux tree.
>
> These are basically the same patch with slight formatting
> differences.
>
> I fixed it up (I used the latter) and can carry the fix as necessary.
> This is now fixed as far as linux-next is concerned, but any non
> trivial
> conflicts should be mentioned to your upstream maintainer when your
> tree
> is submitted for merging. You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any
> particularly
> complex conflicts.
>
OK... Why is this being pushed through the selinux tree? Was that your
intention Scott? Given that it didn't touch anything outside NFS and
had been acked by the Selinux folks, but had not been acked by the NFS
maintainers, I was assuming it was waiting to be applied here.
--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
[email protected]
On Tue, Mar 17, 2020 at 9:33 AM Trond Myklebust <[email protected]> wrote:
> On Tue, 2020-03-17 at 13:31 +1100, Stephen Rothwell wrote:
> > Hi all,
> >
> > Today's linux-next merge of the selinux tree got a conflict in:
> >
> > fs/nfs/getroot.c
> >
> > between commit:
> >
> > e8213ffc2aec ("NFS: Ensure security label is set for root inode")
> >
> > from the nfs tree and commit:
> >
> > 28d4d0e16f09 ("When using NFSv4.2, the security label for the root
> > inode should be set via a call to nfs_setsecurity() during the mount
> > process, otherwise the inode will appear as unlabeled for up to
> > acdirmin seconds. Currently the label for the root inode is
> > allocated, retrieved, and freed entirely witin
> > nfs4_proc_get_root().")
> >
> > from the selinux tree.
> >
> > These are basically the same patch with slight formatting
> > differences.
> >
> > I fixed it up (I used the latter) and can carry the fix as necessary.
> > This is now fixed as far as linux-next is concerned, but any non
> > trivial
> > conflicts should be mentioned to your upstream maintainer when your
> > tree
> > is submitted for merging. You may also want to consider cooperating
> > with the maintainer of the conflicting tree to minimise any
> > particularly
> > complex conflicts.
> >
> OK... Why is this being pushed through the selinux tree? Was that your
> intention Scott? Given that it didn't touch anything outside NFS and
> had been acked by the Selinux folks, but had not been acked by the NFS
> maintainers, I was assuming it was waiting to be applied here.
FYI, archive link below, but the short version is that the patch fixed
a problem seen with SELinux/labeled-NFS and after not hearing anything
from the NFS folks for over a week I went ahead and merged it into the
SELinux tree. With everything going on in the world at the moment I
didn't want this fix to get lost. I have no problem reverting the
patch in the SELinux -next branch if you guys would prefer to push
this up to Linus via the NFS tree; I just want to make sure we get
this fixed.
https://lore.kernel.org/selinux/CAHC9VhThqgv_QzCyeVYkBASVmNg2qZGxHwcxXL7KN84kR7+XUQ@mail.gmail.com/
--
paul moore
http://www.paul-moore.com
On Tue, 17 Mar 2020, Trond Myklebust wrote:
> On Tue, 2020-03-17 at 13:31 +1100, Stephen Rothwell wrote:
> > Hi all,
> >
> > Today's linux-next merge of the selinux tree got a conflict in:
> >
> > fs/nfs/getroot.c
> >
> > between commit:
> >
> > e8213ffc2aec ("NFS: Ensure security label is set for root inode")
> >
> > from the nfs tree and commit:
> >
> > 28d4d0e16f09 ("When using NFSv4.2, the security label for the root
> > inode should be set via a call to nfs_setsecurity() during the mount
> > process, otherwise the inode will appear as unlabeled for up to
> > acdirmin seconds. Currently the label for the root inode is
> > allocated, retrieved, and freed entirely witin
> > nfs4_proc_get_root().")
> >
> > from the selinux tree.
> >
> > These are basically the same patch with slight formatting
> > differences.
> >
> > I fixed it up (I used the latter) and can carry the fix as necessary.
> > This is now fixed as far as linux-next is concerned, but any non
> > trivial
> > conflicts should be mentioned to your upstream maintainer when your
> > tree
> > is submitted for merging. You may also want to consider cooperating
> > with the maintainer of the conflicting tree to minimise any
> > particularly
> > complex conflicts.
> >
> OK... Why is this being pushed through the selinux tree? Was that your
> intention Scott?
Not really... I addressed the patch to you and Anna, after all. On the
other hand, I didn't object when Paul picked up the patch in his tree.
I'm guessing I should have spoken up. Sorry about that.
-Scott
> Given that it didn't touch anything outside NFS and
> had been acked by the Selinux folks, but had not been acked by the NFS
> maintainers, I was assuming it was waiting to be applied here.
>
> --
> Trond Myklebust
> Linux NFS client maintainer, Hammerspace
> [email protected]
>
>
On Tue, 2020-03-17 at 11:18 -0400, Scott Mayhew wrote:
> On Tue, 17 Mar 2020, Trond Myklebust wrote:
>
> > On Tue, 2020-03-17 at 13:31 +1100, Stephen Rothwell wrote:
> > > Hi all,
> > >
> > > Today's linux-next merge of the selinux tree got a conflict in:
> > >
> > > fs/nfs/getroot.c
> > >
> > > between commit:
> > >
> > > e8213ffc2aec ("NFS: Ensure security label is set for root
> > > inode")
> > >
> > > from the nfs tree and commit:
> > >
> > > 28d4d0e16f09 ("When using NFSv4.2, the security label for the
> > > root
> > > inode should be set via a call to nfs_setsecurity() during the
> > > mount
> > > process, otherwise the inode will appear as unlabeled for up to
> > > acdirmin seconds. Currently the label for the root inode is
> > > allocated, retrieved, and freed entirely witin
> > > nfs4_proc_get_root().")
> > >
> > > from the selinux tree.
> > >
> > > These are basically the same patch with slight formatting
> > > differences.
> > >
> > > I fixed it up (I used the latter) and can carry the fix as
> > > necessary.
> > > This is now fixed as far as linux-next is concerned, but any non
> > > trivial
> > > conflicts should be mentioned to your upstream maintainer when
> > > your
> > > tree
> > > is submitted for merging. You may also want to consider
> > > cooperating
> > > with the maintainer of the conflicting tree to minimise any
> > > particularly
> > > complex conflicts.
> > >
> > OK... Why is this being pushed through the selinux tree? Was that
> > your
> > intention Scott?
>
> Not really... I addressed the patch to you and Anna, after all. On
> the
> other hand, I didn't object when Paul picked up the patch in his
> tree.
> I'm guessing I should have spoken up. Sorry about that.
>
OK. Well there doesn't seem to be anything else touching the NFS mount
code in this dev cycle, so I don't expect any integration issues at
this point. I'm therefore OK with it going through the selinux tree.
I'll therefore drop the patch from the NFS tree, assuming you still
have it in the selinux tree, Paul.
--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
[email protected]
On Tue, Mar 17, 2020 at 12:12 PM Trond Myklebust
<[email protected]> wrote:
> On Tue, 2020-03-17 at 11:18 -0400, Scott Mayhew wrote:
> > On Tue, 17 Mar 2020, Trond Myklebust wrote:
> >
> > > On Tue, 2020-03-17 at 13:31 +1100, Stephen Rothwell wrote:
> > > > Hi all,
> > > >
> > > > Today's linux-next merge of the selinux tree got a conflict in:
> > > >
> > > > fs/nfs/getroot.c
> > > >
> > > > between commit:
> > > >
> > > > e8213ffc2aec ("NFS: Ensure security label is set for root
> > > > inode")
> > > >
> > > > from the nfs tree and commit:
> > > >
> > > > 28d4d0e16f09 ("When using NFSv4.2, the security label for the
> > > > root
> > > > inode should be set via a call to nfs_setsecurity() during the
> > > > mount
> > > > process, otherwise the inode will appear as unlabeled for up to
> > > > acdirmin seconds. Currently the label for the root inode is
> > > > allocated, retrieved, and freed entirely witin
> > > > nfs4_proc_get_root().")
> > > >
> > > > from the selinux tree.
> > > >
> > > > These are basically the same patch with slight formatting
> > > > differences.
> > > >
> > > > I fixed it up (I used the latter) and can carry the fix as
> > > > necessary.
> > > > This is now fixed as far as linux-next is concerned, but any non
> > > > trivial
> > > > conflicts should be mentioned to your upstream maintainer when
> > > > your
> > > > tree
> > > > is submitted for merging. You may also want to consider
> > > > cooperating
> > > > with the maintainer of the conflicting tree to minimise any
> > > > particularly
> > > > complex conflicts.
> > > >
> > > OK... Why is this being pushed through the selinux tree? Was that
> > > your
> > > intention Scott?
> >
> > Not really... I addressed the patch to you and Anna, after all. On
> > the
> > other hand, I didn't object when Paul picked up the patch in his
> > tree.
> > I'm guessing I should have spoken up. Sorry about that.
> >
>
> OK. Well there doesn't seem to be anything else touching the NFS mount
> code in this dev cycle, so I don't expect any integration issues at
> this point. I'm therefore OK with it going through the selinux tree.
>
> I'll therefore drop the patch from the NFS tree, assuming you still
> have it in the selinux tree, Paul.
I was waiting to hear back from you before reverting, I'll go ahead
and leave it in the selinux/next tree. If anything changes on the NFS
side, let me know.
--
paul moore
http://www.paul-moore.com