Public bug reported:
from upstream https://github.com/openzfs/zfs/pull/18376
Normally, kernel gives any LSM registering a sb_eat_lsm_opts hook a first look
at mount options coming in from a userspace mount request. The LSM may process
and/or remove any options. Whatever is left is passed to the filesystem.
This is how the dataset properties context, fscontext, defcontext and
rootcontext are used to configure ZFS mounts for SELinux. libzfs will
fetch those properties from the dataset, then add them to the mount
options.
In 0f608aa (#18216) we added our own mount shims to cover the loss of
the kernel-provided ones. It turns out that if a filesystem provides a
.parse_monolithic, it is expected to do all mount option parameter
processing - the kernel will not get involved at all. Because of that,
LSMs are never given a chance to process mount options. The context
properties are never seen by SELinux, nor are any other options
targeting other LSMs.
** Affects: zfs-linux (Ubuntu)
Importance: High
Status: In Progress
** Affects: zfs-linux (Ubuntu Resolute)
Importance: High
Status: In Progress
** Also affects: zfs-linux (Ubuntu Resolute)
Importance: Undecided
Status: New
** Changed in: zfs-linux (Ubuntu Resolute)
Status: New => In Progress
** Changed in: zfs-linux (Ubuntu Resolute)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2146866
Title:
ensure LSMs get to process mount options
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/2146866/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
