Re: [PATCH v9] vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing

[Paul Moore]

On Thu, Aug 10, 2023 at 9:57 AM Jeff Layton <jlayton@xxxxxxxxxx> wrote:
> On Tue, 2023-08-08 at 15:31 +0200, Christian Brauner wrote:
> > On Tue, Aug 08, 2023 at 07:34:20AM -0400, Jeff Layton wrote:
> > > From: David Howells <dhowells@xxxxxxxxxx>
> > >
> > > When NFS superblocks are created by automounting, their LSM parameters
> > > aren't set in the fs_context struct prior to sget_fc() being called,
> > > leading to failure to match existing superblocks.
> > >
> > > This bug leads to messages like the following appearing in dmesg when
> > > fscache is enabled:
> > >
> > >     NFS: Cache volume key already in use (nfs,4.2,2,108,106a8c0,1,,,,100000,100000,2ee,3a98,1d4c,3a98,1)
> > >
> > > Fix this by adding a new LSM hook to load fc->security for submount
> > > creation.
> > >
> > > Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
> > > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> > > Fixes: 9bc61ab18b1d ("vfs: Introduce fs_context, switch vfs_kern_mount() to it.")
> > > Fixes: 779df6a5480f ("NFS: Ensure security label is set for root inode)
> > > Tested-by: Jeff Layton <jlayton@xxxxxxxxxx>
> > > Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx>
> > > Acked-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
>
> I've made a significant number of changes since Casey acked this. It
> might be a good idea to drop his Acked-by (unless he wants to chime in
> and ask us to keep it).

My apologies in that it took me some time to be able to come back to
this, but v9 looks fine to me, and I have no problems with Christian
sending this up via the VFS tree.

Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx>

-- 
paul-moore.com