Commit 094f7b69ea73 adds a new check to ensure that when we clone an existing superblock that the contexts match properly. We do however have another place where you can hit similar problems in selinux_set_mnt_opts. That function returns -EINVAL, whereas selinux_sb_clone_mnt_opts returns -EBUSY in this situation. I think -EBUSY is probably more descriptive of the situation here. The context= option would have worked had the superblock not already been in use. Fix selinux_set_mnt_opts to return -EBUSY instead of -EINVAL in this situation. Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx> --- security/selinux/hooks.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5c6f2cd..348f069 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -745,7 +745,7 @@ out: mutex_unlock(&sbsec->lock); return rc; out_double_mount: - rc = -EINVAL; + rc = -EBUSY; printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different " "security settings for (dev %s, type %s)\n", sb->s_id, name); goto out; -- 1.7.1 -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
