Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1226434pxb; Tue, 1 Feb 2022 23:08:56 -0800 (PST) X-Google-Smtp-Source: ABdhPJxsGK477+efD5t+gNO2fOMO+uiHOKP/DwV40sJqoqYdgAFP/EDM2R12MgmTbtssKfuels9x X-Received: by 2002:a05:6a00:1508:: with SMTP id q8mr28358482pfu.3.1643785736323; Tue, 01 Feb 2022 23:08:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643785736; cv=none; d=google.com; s=arc-20160816; b=Smx4D6HdiWuVsT0KbZTNtbzrBASbW1vhoEP6eXrU9v1ntCQAVsPEE9eS3QNXTmq+Og Eb7kfDPjkkYJ6kPtzMuUrw0HuXaIhO9L/CASzalOmWFo03j+pzUYfLsMcyacU3Hp8wf8 cz2xLrjO4ShHoNjCbj6CUDZHeBgAwdSFEHRkH7ipKoJtbVF73wouewkOPUVq1AdDB3RB 2g7gKzcrDFP866s/tkySEyS+0Zm7duIxM7+EBO1EhDAHZ8mIGGJ1FojsCCtjhGQLgiD2 /e1s4GewloJOcvda8T3v5pzOoBS59GX1Fmrs7zFH0JkcSkA/83bnkxUFwp2JsQzdadzn RqvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=yP1bs/cD6ul5vF2aW3mHYFKWpId1PYYPSFAUCUmS+ys=; b=glfZiMK2l4VjQ3DSJQHjUzUlJMq4ArCGa7FmvvrWsH9lwxwe1CXKl8qSJBkIROn6kR 1Ifvq8/JUkQroUafyRAgC9mWqhG2xwfFEF/5170s84Bs+5KDjBWA5F1nQSAM0xLIKXMd 1rrmtLDk9JQ5b4+5xT7PD0OWS/5SHXzwhMNU/54X/2JvwJ45yYEzK0/guieuldK9tFUU ZkXAe7nkIViPc8TlSEnP19DseZyD/QjRoH0a11eUVq9fAtH9uw5y6VWn/nU8WieEeFPN VV/+3Ggz5KS/jDkMaoTkgW3UbH1vcEspJXLR1dbLJnjx0PC/ucXvzTPrtzbTD7U0PcXk yFSg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=TM532U95; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ms20si4325423pjb.47.2022.02.01.23.08.29; Tue, 01 Feb 2022 23:08:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=TM532U95; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239405AbiBAOii (ORCPT + 99 others); Tue, 1 Feb 2022 09:38:38 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:47909 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239419AbiBAOih (ORCPT ); Tue, 1 Feb 2022 09:38:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1643726317; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=yP1bs/cD6ul5vF2aW3mHYFKWpId1PYYPSFAUCUmS+ys=; b=TM532U95K5++PgKb8ATxqaKsuN1Q6+ArioWfyqWLPjbW2I9x3htxO8TY9Epe+knGzsy0kI J5aTnrYYdTSOlvnJJDZaC00AnH/X5hJbLG/vLj8oCjOIp3m+KNyGTXbgLh8gb6tId82dJz OHVRMfe/6WPypfO+jMaxCdmqNHnI8q0= Received: from mail-yb1-f199.google.com (mail-yb1-f199.google.com [209.85.219.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-93-k-Ml-GbqNr25_YJRslvrQw-1; Tue, 01 Feb 2022 09:38:34 -0500 X-MC-Unique: k-Ml-GbqNr25_YJRslvrQw-1 Received: by mail-yb1-f199.google.com with SMTP id g67-20020a25db46000000b0061437d5e4b3so32932917ybf.10 for ; Tue, 01 Feb 2022 06:38:34 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yP1bs/cD6ul5vF2aW3mHYFKWpId1PYYPSFAUCUmS+ys=; b=mE9Ko2Q7lRpOpriPF813CO9cc0QwgnIRJPDn1C/Sk1dsd7jSO+58uCt3xlFYU9pFeS QuxucToUyxyg647XVqucJqGbnQPZkiytYl5VkD/7ouBhFGgH1yOO6BX4bkp5gX9hAzAo WP/BmGp9QUs5lZipNA8Vj4X09WlP5vy9YM2NcO6R1d/SfxsiOu4HHI/GtM0YbmJ9Ozjg sIz/sYEgurfAcwoWr841jQUSmEIel/ggLbDhlRf0GFxiqLG5zJhXH6iacM2bXI1TVfEm zxSNPmizOHdnlzXgA7Pdrt1UbQAVqA6NLu/tFOGFGAHVdADKIbjll4YVf/Itw61xV9n5 PP7g== X-Gm-Message-State: AOAM5312TA2Tu1aSJxdgmrJGM+rn6Up+dp9lpP/V/eOq3MzCSbqQbpFd u4Wb4Oim26iKgSbze0+VuPcr07LUiQkw7o0UhZP50zzxo2wkiYAE+IE+3OXaJiyyO4inh1/WcQN QAArV6MgB6fvGSZg7oxOhz5EfZvn7CrG0+Qis X-Received: by 2002:a25:7382:: with SMTP id o124mr34766808ybc.318.1643726313973; Tue, 01 Feb 2022 06:38:33 -0800 (PST) X-Received: by 2002:a25:7382:: with SMTP id o124mr34766786ybc.318.1643726313750; Tue, 01 Feb 2022 06:38:33 -0800 (PST) MIME-Version: 1.0 References: <20220120214948.3637895-1-smayhew@redhat.com> <20220120214948.3637895-2-smayhew@redhat.com> In-Reply-To: From: Ondrej Mosnacek Date: Tue, 1 Feb 2022 15:38:16 +0100 Message-ID: Subject: Re: [PATCH RFC v2 1/2] selinux: Fix selinux_sb_mnt_opts_compat() To: Paul Moore Cc: Scott Mayhew , SElinux list , linux-nfs , Linux kernel mailing list Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Mon, Jan 31, 2022 at 5:16 PM Paul Moore wrote: > On Mon, Jan 31, 2022 at 7:46 AM Ondrej Mosnacek wrote: > > On Fri, Jan 28, 2022 at 3:28 AM Paul Moore wrote: > > > On Thu, Jan 27, 2022 at 4:54 AM Ondrej Mosnacek wrote: > > > > I wonder if we could make this all much simpler by *always* doing the > > > > label parsing in selinux_add_opt() and just returning an error when > > > > !selinux_initialized(&selinux_state). Before the new mount API, mount > > > > options were always passed directly to the mount(2) syscall, so it > > > > wasn't possible to pass any SELinux mount options before the SELinux > > > > policy was loaded. I don't see why we need to jump through hoops here > > > > just to support this pseudo-feature of stashing an unparsed label into > > > > an fs_context before policy is loaded... Userspace should never need > > > > to do that. > > > > > > I could agree with that, although part of my mind is a little nervous > > > about the "userspace should *never* ..." because that always seems to > > > bite us. Although I'm struggling to think of a case where userspace > > > would need to set explicit SELinux mount options without having a > > > policy loaded. > > > > I get that, but IMO this is enough of an odd "use case" that I > > wouldn't worry too much ... > > I understand, but seeing as I'm the only one that defends these things > with Linus and others lets do this: It's not all black and white: https://lore.kernel.org/lkml/Pine.LNX.4.64.0512291322560.3298@g5.osdl.org/ > 1. Fix what we have now using Scott's patches once he incorporates the feedback. > 2. Merge another patch (separate patch(set) please!) which does the > parsing in selinux_add_opt(). > > ... this was if we have to revert #2 we still have the fixes in #1. Sounds good to me. I can prepare the simplification patch. If anyone does come to complain, then by all means, let's revert it. -- Ondrej Mosnacek Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.