| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <19ec3a66-6638-0526-0a96-8b6a5c0ffb26@schaufler-ca.com>
Date: Tue, 25 Jan 2022 09:16:16 -0800
From: Casey Schaufler <casey@...aufler-ca.com>
To: "GONG, Ruiqi" <gongruiqi1@...wei.com>,
Paul Moore <paul@...l-moore.com>,
Stephen Smalley <stephen.smalley.work@...il.com>,
Eric Paris <eparis@...isplace.org>
Cc: Ondrej Mosnacek <omosnace@...hat.com>,
Anna Schumaker <Anna.Schumaker@...app.com>,
Olga Kornievskaia <kolga@...app.com>, selinux@...r.kernel.org,
linux-kernel@...r.kernel.org,
Wang Weiyang <wangweiyang2@...wei.com>,
Xiu Jianfeng <xiujianfeng@...wei.com>,
Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [PATCH -next] selinux: access superblock_security_struct in LSM
blob way
On 1/24/2022 11:11 PM, GONG, Ruiqi wrote:
> LSM blob has been involved for superblock's security struct. So fix the
> remaining direct access to sb->s_security by using the LSM blob
> mechanism.
>
> Fixes: 08abe46b2cfc ("selinux: fall back to SECURITY_FS_USE_GENFS if no xattr support")
> Fixes: 69c4a42d72eb ("lsm,selinux: add new hook to compare new mount to an existing mount")
> Signed-off-by: GONG, Ruiqi <gongruiqi1@...wei.com>
Reviewed-by: Casey Schaufler <casey@...aufler-ca.com>
This is pretty important.
> ---
> security/selinux/hooks.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 5b6895e4fc29..a0243bae8423 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -479,7 +479,7 @@ static int selinux_is_sblabel_mnt(struct super_block *sb)
>
> static int sb_check_xattr_support(struct super_block *sb)
> {
> - struct superblock_security_struct *sbsec = sb->s_security;
> + struct superblock_security_struct *sbsec = selinux_superblock(sb);
> struct dentry *root = sb->s_root;
> struct inode *root_inode = d_backing_inode(root);
> u32 sid;
> @@ -2647,7 +2647,7 @@ static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts)
> static int selinux_sb_mnt_opts_compat(struct super_block *sb, void *mnt_opts)
> {
> struct selinux_mnt_opts *opts = mnt_opts;
> - struct superblock_security_struct *sbsec = sb->s_security;
> + struct superblock_security_struct *sbsec = selinux_superblock(sb);
> u32 sid;
> int rc;
>
Powered by blists - more mailing lists