From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 74541158089 for ; Sat, 23 Sep 2023 11:03:37 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 87D5B2BC028; Sat, 23 Sep 2023 11:03:36 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7050D2BC028 for ; Sat, 23 Sep 2023 11:03:36 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id A508533D3CD for ; Sat, 23 Sep 2023 11:03:35 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 16FA011BC for ; Sat, 23 Sep 2023 11:03:34 +0000 (UTC) From: "Mike Pagano" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mike Pagano" Message-ID: <1695466997.5f0da340c312b96c5645d105e56a06674020ee3a.mpagano@gentoo> Subject: [gentoo-commits] proj/linux-patches:6.1 commit in: / X-VCS-Repository: proj/linux-patches X-VCS-Files: 0000_README 1515_selinux-fix-handling-of-empty-opts.patch X-VCS-Directories: / X-VCS-Committer: mpagano X-VCS-Committer-Name: Mike Pagano X-VCS-Revision: 5f0da340c312b96c5645d105e56a06674020ee3a X-VCS-Branch: 6.1 Date: Sat, 23 Sep 2023 11:03:34 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 4117064c-66dd-4b59-a3e0-8efdc6491b6e X-Archives-Hash: 62d9ad376af0439e5d0618605dbab068 commit: 5f0da340c312b96c5645d105e56a06674020ee3a Author: Mike Pagano gentoo org> AuthorDate: Sat Sep 23 11:03:17 2023 +0000 Commit: Mike Pagano gentoo org> CommitDate: Sat Sep 23 11:03:17 2023 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=5f0da340 Remove redundant patch Removed: 1515_selinux-fix-handling-of-empty-opts.patch Signed-off-by: Mike Pagano gentoo.org> 0000_README | 4 --- 1515_selinux-fix-handling-of-empty-opts.patch | 51 --------------------------- 2 files changed, 55 deletions(-) diff --git a/0000_README b/0000_README index 44dd3ca6..3723582e 100644 --- a/0000_README +++ b/0000_README @@ -271,10 +271,6 @@ Patch: 1510_fs-enable-link-security-restrictions-by-default.patch From: http://sources.debian.net/src/linux/3.16.7-ckt4-3/debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch/ Desc: Enable link security restrictions by default. -Patch: 1515_selinux-fix-handling-of-empty-opts.patch -From: https://www.spinics.net/lists/linux-fsdevel/msg249428.html -Desc: selinux: fix handling of empty opts in selinux_fs_context_submount() - Patch: 1700_sparc-address-warray-bound-warnings.patch From: https://github.com/KSPP/linux/issues/109 Desc: Address -Warray-bounds warnings diff --git a/1515_selinux-fix-handling-of-empty-opts.patch b/1515_selinux-fix-handling-of-empty-opts.patch deleted file mode 100644 index 10336ec5..00000000 --- a/1515_selinux-fix-handling-of-empty-opts.patch +++ /dev/null @@ -1,51 +0,0 @@ -selinux: fix handling of empty opts in selinux_fs_context_submount() - -selinux_set_mnt_opts() relies on the fact that the mount options pointer -is always NULL when all options are unset (specifically in its -!selinux_initialized() branch. However, the new -selinux_fs_context_submount() hook breaks this rule by allocating a new -structure even if no options are set. That causes any submount created -before a SELinux policy is loaded to be rejected in -selinux_set_mnt_opts(). - -Fix this by making selinux_fs_context_submount() leave fc->security -set to NULL when there are no options to be copied from the reference -superblock. - -Reported-by: Adam Williamson -Link: https://bugzilla.redhat.com/show_bug.cgi?id=2236345 -Fixes: d80a8f1b58c2 ("vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing") -Signed-off-by: Ondrej Mosnacek ---- - security/selinux/hooks.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index 10350534de6d6..2aa0e219d7217 100644 ---- a/security/selinux/hooks.c -+++ b/security/selinux/hooks.c -@@ -2775,14 +2775,20 @@ static int selinux_umount(struct vfsmount *mnt, int flags) - static int selinux_fs_context_submount(struct fs_context *fc, - struct super_block *reference) - { -- const struct superblock_security_struct *sbsec; -+ const struct superblock_security_struct *sbsec = selinux_superblock(reference); - struct selinux_mnt_opts *opts; - -+ /* -+ * Ensure that fc->security remains NULL when no options are set -+ * as expected by selinux_set_mnt_opts(). -+ */ -+ if (!(sbsec->flags & (FSCONTEXT_MNT|CONTEXT_MNT|DEFCONTEXT_MNT))) -+ return 0; -+ - opts = kzalloc(sizeof(*opts), GFP_KERNEL); - if (!opts) - return -ENOMEM; - -- sbsec = selinux_superblock(reference); - if (sbsec->flags & FSCONTEXT_MNT) - opts->fscontext_sid = sbsec->sid; - if (sbsec->flags & CONTEXT_MNT) --- -2.41.0