On Mon, Sep 11, 2023 at 04:23:58PM +0200, Ondrej Mosnacek wrote: > selinux_set_mnt_opts() relies on the fact that the mount options pointer > is always NULL when all options are unset (specifically in its > !selinux_initialized() branch. However, the new > selinux_fs_context_submount() hook breaks this rule by allocating a new > structure even if no options are set. That causes any submount created > before a SELinux policy is loaded to be rejected in > selinux_set_mnt_opts(). > > Fix this by making selinux_fs_context_submount() leave fc->security > set to NULL when there are no options to be copied from the reference > superblock. > > Reported-by: Adam Williamson <awilliam@xxxxxxxxxx> > Link: https://bugzilla.redhat.com/show_bug.cgi?id=2236345 > Fixes: d80a8f1b58c2 ("vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing") > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> > --- Looks good to me, Reviewed-by: Christian Brauner <brauner@xxxxxxxxxx>
