Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp3011746ybi; Mon, 17 Jun 2019 14:39:14 -0700 (PDT) X-Google-Smtp-Source: APXvYqwsVQY1AMZXQQAGAQ9X/lIcdOVa0MI62uw52yneLIrnyCaualwPla7n4hbRIqUyfUpkAFt0 X-Received: by 2002:a17:902:2a6b:: with SMTP id i98mr24372271plb.75.1560807554295; Mon, 17 Jun 2019 14:39:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560807554; cv=none; d=google.com; s=arc-20160816; b=JsMOlANEu8OIfx+HPWRnXEtkThRJy6WhIY13joI9j4s9MJ1QMiZWKvJXo5FLxoT1LN yQ80VnE/tGZToa1OoB4YV4v7apuec/8uGYp1VJqmYMJwzq6cPrXwq4EfAxLFwnSGM9jw qxIP5nKNxrzS4p4zl77Mrk2uhiXUadVJpY7p2IJSHH866lxOVDH5GIdfZoQmDxtG0a+5 T1deRzLdDL4SAoXh+vFqScHxyLLE3/rGbQeAg+WuCxwtBpJu9pBIO1nPBi2pXF4w99sY kIxjWcHik2R9gxJCL30onnwuvlkNuExl74WSelCrpLva+46VnC25ZiTRJDvLyRsbOXa+ 6qaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=nTsCRsgiidMxpXC8rA5o6DWQ/jW36H1H95Bs5HvVguU=; b=IIxc7kFLEeQksgFQwo8AR2nsD0AeGQ02beMxf0ZkYwJDcs+x/06WrvLVA87Lvepjno dB5CJRxu6z0xvwf6uE/R4RxYUwjyz7FiHCQ69IcfJCebsXmxrMFuF767+R0vfRnCo6zY Y7HMyHrTH1VmwRsMgoOD9jK6n51k86/+Uw7ZqIklXt3nX779AA8zZnfHwTLLF2vT/n3B z7ow8/IxDUsXHHRrpRKgIovMvYaaw4IuJqyy10465khE4gnNuDingWjUnRgxBatFxUO5 VoHplCYhJuSIyIWbkRix3A0dbUyVirvwMLO4K6iNmMP3f/k1c0OH2pYq0LbW9njbdjYd O9Eg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fYpHR+Bb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n9si10846306pff.14.2019.06.17.14.38.59; Mon, 17 Jun 2019 14:39:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fYpHR+Bb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729094AbfFQVhp (ORCPT + 99 others); Mon, 17 Jun 2019 17:37:45 -0400 Received: from mail.kernel.org ([198.145.29.99]:43352 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728808AbfFQVTd (ORCPT ); Mon, 17 Jun 2019 17:19:33 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C2C42208CB; Mon, 17 Jun 2019 21:19:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1560806372; bh=jqenDNII4IoZDFoDx7mrOY3SY6QUqRovuDdceGkE0zo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fYpHR+BbBJ/WkQUvHB6WeAL5Wd/yEsTqE4nAewBoYA0/1aCt51j1rUVGVNVWLrRE6 PGHjJ3j5Kss9zz6PFpq7D/YOaU/ZSlyjlnOUAuNHbIGcY4pwV66I7r90cPdZoY5OD4 fAoJU1lCi2iGdStnQQW8VtIBI+/1LSz37Rehj0S4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jose Bollo , Casey Schaufler , David Howells , Linus Torvalds Subject: [PATCH 5.1 029/115] Smack: Restore the smackfsdef mount option and add missing prefixes Date: Mon, 17 Jun 2019 23:08:49 +0200 Message-Id: <20190617210801.421402542@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190617210759.929316339@linuxfoundation.org> References: <20190617210759.929316339@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Casey Schaufler commit 6e7739fc938c1ec58d321f70ea41d9548a4cca0f upstream. The 5.1 mount system rework changed the smackfsdef mount option to smackfsdefault. This fixes the regression by making smackfsdef treated the same way as smackfsdefault. Also fix the smack_param_specs[] to have "smack" prefixes on all the names. This isn't visible to a user unless they either: (a) Try to mount a filesystem that's converted to the internal mount API and that implements the ->parse_monolithic() context operation - and only then if they call security_fs_context_parse_param() rather than security_sb_eat_lsm_opts(). There are no examples of this upstream yet, but nfs will probably want to do this for nfs2 or nfs3. (b) Use fsconfig() to configure the filesystem - in which case security_fs_context_parse_param() will be called. This issue is that smack_sb_eat_lsm_opts() checks for the "smack" prefix on the options, but smack_fs_context_parse_param() does not. Fixes: c3300aaf95fb ("smack: get rid of match_token()") Fixes: 2febd254adc4 ("smack: Implement filesystem context security hooks") Cc: stable@vger.kernel.org Reported-by: Jose Bollo Signed-off-by: Casey Schaufler Signed-off-by: David Howells Tested-by: Casey Schaufler Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- security/smack/smack_lsm.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -67,6 +67,7 @@ static struct { int len; int opt; } smk_mount_opts[] = { + {"smackfsdef", sizeof("smackfsdef") - 1, Opt_fsdefault}, A(fsdefault), A(fsfloor), A(fshat), A(fsroot), A(fstransmute) }; #undef A @@ -681,11 +682,12 @@ static int smack_fs_context_dup(struct f } static const struct fs_parameter_spec smack_param_specs[] = { - fsparam_string("fsdefault", Opt_fsdefault), - fsparam_string("fsfloor", Opt_fsfloor), - fsparam_string("fshat", Opt_fshat), - fsparam_string("fsroot", Opt_fsroot), - fsparam_string("fstransmute", Opt_fstransmute), + fsparam_string("smackfsdef", Opt_fsdefault), + fsparam_string("smackfsdefault", Opt_fsdefault), + fsparam_string("smackfsfloor", Opt_fsfloor), + fsparam_string("smackfshat", Opt_fshat), + fsparam_string("smackfsroot", Opt_fsroot), + fsparam_string("smackfstransmute", Opt_fstransmute), {} };