On Thu, Jan 27, 2022 at 08:51:44AM -0800, Casey Schaufler wrote: > The usual LSM hook "bail on fail" scheme doesn't work for cases where > a security module may return an error code indicating that it does not > recognize an input. In this particular case Smack sees a mount option > that it recognizes, and returns 0. A call to a BPF hook follows, which > returns -ENOPARAM, which confuses the caller because Smack has processed > its data. > > The SELinux hook incorrectly returns 1 on success. There was a time > when this was correct, however the current expectation is that it > return 0 on success. This is repaired. > > Reported-by: syzbot+d1e3b1d92d25abf97943@xxxxxxxxxxxxxxxxxxxxxxxxx > Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> > --- Looks good, Acked-by: Christian Brauner <brauner@xxxxxxxxxx>
