Received: by 2002:a05:6358:700f:b0:131:369:b2a3 with SMTP id 15csp3028019rwo;
        Thu, 3 Aug 2023 20:36:46 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IEsZZMaG0JvQ+ijoQOOM/Y8ce9aY9PjyVaxzjPGQVbSbqH3wvs0HmmkNi3baodiGZxrqBQ8
X-Received: by 2002:ac2:4d92:0:b0:4fe:1f27:8856 with SMTP id g18-20020ac24d92000000b004fe1f278856mr296561lfe.7.1691120205969;
        Thu, 03 Aug 2023 20:36:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691120205; cv=none;
        d=google.com; s=arc-20160816;
        b=Vt1RHnWDXNjLe23uOqFzudDoLRRk7AG7v672z5DwzQxVLfinIDLsjMEB8oMFv65kfy
         TbsNZBsz71frEmwK9EF8R1vY1gfgX+B1cb7ki8zKy6Jkijtm6ncKaZIsC6d4IPBCvI7U
         sWG12yzCUraBsPs0lU39/hk2+uPS/MFkSIKr9KF2IbziU8F3qVBKDJGaNLC8nhvtNq4n
         VMvfhJlBDUwpkRnCFgDu+6kL2WrV4S4/WpBd2i/OYw8X7U828iWK1oqS4yaFMPQhp3Uw
         SVJw0/5Wax3BxsjVTUJaiezq/70hvIcB4gWLTXmPb+bBqzJEtt5URL75eygAqn8BTdIz
         PkcA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=Vd95Z3+osQHMY4UnbAFYs8153P0Rw3koffJjaaUVqu8=;
        fh=oUf4ZgFxQykWlP4cL5M+f07OjgtQ6hAS9ioflnvLglY=;
        b=CLhYC7zr0DTU2OtHXfEuR7aGbhOHiPGJQtPg/W4Y1WDRd6SlyAE16mc2Z4V76UUofs
         9t/Ql0OTgrWXKh2PgFQlj3jfG64ILYZaMlQqGZp2u2u9qFuVqOw3cl9VBCGnluODM9Ga
         U9gb2+PUODNR7UFfrft4h0+s800y8cdQrlKWEAl1+0YxiCINmi7JrHJPMNA7Rqv8UDzF
         fNbwpeipbDSA+l8vVhBNrNM6KXxP2yLQIpM1jikSBJKcdXODlQQ5J6ItLOFfZlROhaGW
         34vcPMLjAwC3pW1Ilrl/TozHzCYdaLfA2uSt1rScqDFGsU65SXFl7DMcs54fsHLZjc/8
         Wt0w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore.com header.s=google header.b=PS7MVmRE;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com
Return-Path: <linux-nfs-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id y13-20020aa7cccd000000b00522b112625asi969848edt.360.2023.08.03.20.36.12;
        Thu, 03 Aug 2023 20:36:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore.com header.s=google header.b=PS7MVmRE;
       spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231822AbjHDCtF (ORCPT <rfc822;amachhiwlinux@gmail.com>
        + 99 others); Thu, 3 Aug 2023 22:49:05 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60590 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231496AbjHDCtF (ORCPT
        <rfc822;linux-nfs@vger.kernel.org>); Thu, 3 Aug 2023 22:49:05 -0400
Received: from mail-yw1-x112f.google.com (mail-yw1-x112f.google.com [IPv6:2607:f8b0:4864:20::112f])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 257B030FD
        for <linux-nfs@vger.kernel.org>; Thu,  3 Aug 2023 19:49:03 -0700 (PDT)
Received: by mail-yw1-x112f.google.com with SMTP id 00721157ae682-5844bb9923eso19368037b3.0
        for <linux-nfs@vger.kernel.org>; Thu, 03 Aug 2023 19:49:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore.com; s=google; t=1691117342; x=1691722142;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Vd95Z3+osQHMY4UnbAFYs8153P0Rw3koffJjaaUVqu8=;
        b=PS7MVmREtdk+t0YqbU+r1cv06QIkKaMZgrhKw9zvVfR87cpxMdSKlrUm0ED8EwbS+G
         8vG57n9I5BgiXaUlca0jp6ISgoOtJurxusghMJizM47WzjUxGfezWrAughIOtqjuW83q
         dlLn+h66NqO41NcMjSRF0rCNOiX9dMqGfS2nr00ndQBlwXVgHLA35XzkX9kDCwlvZxrS
         Y0J+qtfivoQp+KRAa5VI6TjlK6xSTF/AzdMDxeJRcbCzUDhRDDEic/3Ya1LM5vYaElVx
         ruML3a/NIPnZxzd9oRLznWO1BXP8QIVIDq5spPdmCEhrqd6TG1ixFLHjuyHI3ds6UHlJ
         6J6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1691117342; x=1691722142;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Vd95Z3+osQHMY4UnbAFYs8153P0Rw3koffJjaaUVqu8=;
        b=keSLZdoeuUywTpO/8SWyiuX+YVkQTjV981affCpcjit2CEt4xyxAaVeBHilbgGlTex
         TwWIoLGN+HDMZuM3p9/GDTzXkpXQsoHJmOnB4RTpACWChiG1hpBBM/RWXHR11z3KWgEJ
         Wzm8OYmCIXCd9VDo4h9aQjJ9p5lwZ04YpV1FTo0ISw9V8yOVoiRIFNt1QT+0JfMzrKFE
         BDJe1kddDeAOv1A07qr3FGtr7z25BpfVZ1pKmHJe5QdHiL+YnOqmXdFxfsNKrrnZYkmi
         juai5JXbpxCgtjutLmvHDfaiFuD1vdmiW8cXD0/HpDFaKWZkaCYYGPhAEkdjQ0vRkDjV
         xh8Q==
X-Gm-Message-State: AOJu0YwLC+dyqkOpuSYZTaNLdRscBXk/DMxlyWiYMmKA3C68aW0hLysU
        3SmcbTZx/Qb60gjUcWCT1iz5ACg+vaD+d1qek+GQ
X-Received: by 2002:a0d:e253:0:b0:584:189c:13ec with SMTP id
 l80-20020a0de253000000b00584189c13ecmr519784ywe.21.1691117342044; Thu, 03 Aug
 2023 19:49:02 -0700 (PDT)
MIME-Version: 1.0
References: <20230802-master-v6-1-45d48299168b@kernel.org> <bac543537058619345b363bbfc745927.paul@paul-moore.com>
 <ca156cecbc070c3b7c68626572274806079a6e04.camel@kernel.org>
 <CAHC9VhTQDVyZewU0Oiy4AfJt_UtB7O2_-PcUmXkZtuwKDQBfXg@mail.gmail.com> <ec1fd18f271593d5c6b6813cfaeb688994f20bf4.camel@kernel.org>
In-Reply-To: <ec1fd18f271593d5c6b6813cfaeb688994f20bf4.camel@kernel.org>
From:   Paul Moore <paul@paul-moore.com>
Date:   Thu, 3 Aug 2023 22:48:50 -0400
Message-ID: <CAHC9VhSNXbJzfKLF+DjfK+_2eJYYc_AC3u3aUc_NUs_o5M5AaA@mail.gmail.com>
Subject: Re: [PATCH v6] vfs, security: Fix automount superblock LSM init
 problem, preventing NFS sb sharing
To:     Jeff Layton <jlayton@kernel.org>
Cc:     Alexander Viro <viro@zeniv.linux.org.uk>,
        Christian Brauner <brauner@kernel.org>,
        Trond Myklebust <trond.myklebust@hammerspace.com>,
        Anna Schumaker <anna@kernel.org>,
        James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        Eric Paris <eparis@parisplace.org>,
        Casey Schaufler <casey@schaufler-ca.com>,
        David Howells <dhowells@redhat.com>,
        Scott Mayhew <smayhew@redhat.com>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-nfs@vger.kernel.org, linux-security-module@vger.kernel.org,
        selinux@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

On Thu, Aug 3, 2023 at 12:27=E2=80=AFPM Jeff Layton <jlayton@kernel.org> wr=
ote:
> On Wed, 2023-08-02 at 22:46 -0400, Paul Moore wrote:
> > On Wed, Aug 2, 2023 at 3:34=E2=80=AFPM Jeff Layton <jlayton@kernel.org>=
 wrote:
> > > On Wed, 2023-08-02 at 14:16 -0400, Paul Moore wrote:
> > > > On Aug  2, 2023 Jeff Layton <jlayton@kernel.org> wrote:

...

> > My only concern now is the fs_context::lsm_set flag.
>
> Yeah, that bit is ugly. David studied this problem a lot more than I
> have, but basically, we only want to set the context info once, and
> we're not always going to have a nice string to parse to set up the
> options. This obviously works, but I'm fine with a more elegant method
> if you can spot one.

Like I said before, sometimes making a LSM hook conditional on some
flag is the only practical solution, but I always worry that there is
a chance that a future patch might end up toggling that flag by
accident and we lose an important call into the LSM.  Even if all we
end up doing is moving the flag down into the LSMs I would be happier;
there is still a risk, but at least if something breaks it is our (the
LSM folks) own damn fault ;)

> > You didn't mention exactly why the security_sb_set_mnt_opts() was
> > failing, and requires the fs_context::lsm_set check, but my guess is
> > that something is tripping over the fact that the superblock is
> > already properly setup.  I'm working under the assumption that this
> > problem - attempting to reconfigure a properly configured superblock -
> > should only be happening in the submount/non-NULL-reference case.  If
> > it is happening elsewhere I think I'm going to need some help
> > understanding that ...
>
> Correct. When you pass in the mount options, fc->security seems to be
> properly set. NFS mounting is complex though, so the final superblock
> you care about may end up being a descendant of the one that was
> originally configured.

Ooof, okay, there goes that idea.

At this point I guess it comes back to that question of why is calling
into security_sb_set_mnt_opts() a second (or third, etc.) time failing
for you?  Is there some conflict with the superblock
config/labeling/etc.?  Is there a permissions problem?  Better
understanding why that is failing might help us come up with a better
solution.

--=20
paul-moore.com