Discussion:
linux-next: manual merge of the selinux tree with the nfs tree
(too old to reply)
Stephen Rothwell
2020-03-17 02:31:17 UTC
Permalink
Hi all,

Today's linux-next merge of the selinux tree got a conflict in:

fs/nfs/getroot.c

between commit:

e8213ffc2aec ("NFS: Ensure security label is set for root inode")

from the nfs tree and commit:

28d4d0e16f09 ("When using NFSv4.2, the security label for the root inode should be set via a call to nfs_setsecurity() during the mount process, otherwise the inode will appear as unlabeled for up to acdirmin seconds. Currently the label for the root inode is allocated, retrieved, and freed entirely witin nfs4_proc_get_root().")

from the selinux tree.

These are basically the same patch with slight formatting differences.

I fixed it up (I used the latter) and can carry the fix as necessary.
This is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging. You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.
--
Cheers,
Stephen Rothwell
Trond Myklebust
2020-03-17 13:33:16 UTC
Permalink
Post by Stephen Rothwell
Hi all,
fs/nfs/getroot.c
e8213ffc2aec ("NFS: Ensure security label is set for root inode")
28d4d0e16f09 ("When using NFSv4.2, the security label for the root
inode should be set via a call to nfs_setsecurity() during the mount
process, otherwise the inode will appear as unlabeled for up to
acdirmin seconds. Currently the label for the root inode is
allocated, retrieved, and freed entirely witin
nfs4_proc_get_root().")
from the selinux tree.
These are basically the same patch with slight formatting
differences.
I fixed it up (I used the latter) and can carry the fix as necessary.
This is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging. You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any
particularly
complex conflicts.
OK... Why is this being pushed through the selinux tree? Was that your
intention Scott? Given that it didn't touch anything outside NFS and
had been acked by the Selinux folks, but had not been acked by the NFS
maintainers, I was assuming it was waiting to be applied here.

--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebu
Paul Moore
2020-03-17 13:49:16 UTC
Permalink
Post by Trond Myklebust
Post by Stephen Rothwell
Hi all,
fs/nfs/getroot.c
e8213ffc2aec ("NFS: Ensure security label is set for root inode")
28d4d0e16f09 ("When using NFSv4.2, the security label for the root
inode should be set via a call to nfs_setsecurity() during the mount
process, otherwise the inode will appear as unlabeled for up to
acdirmin seconds. Currently the label for the root inode is
allocated, retrieved, and freed entirely witin
nfs4_proc_get_root().")
from the selinux tree.
These are basically the same patch with slight formatting
differences.
I fixed it up (I used the latter) and can carry the fix as necessary.
This is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging. You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any
particularly
complex conflicts.
OK... Why is this being pushed through the selinux tree? Was that your
intention Scott? Given that it didn't touch anything outside NFS and
had been acked by the Selinux folks, but had not been acked by the NFS
maintainers, I was assuming it was waiting to be applied here.
FYI, archive link below, but the short version is that the patch fixed
a problem seen with SELinux/labeled-NFS and after not hearing anything
from the NFS folks for over a week I went ahead and merged it into the
SELinux tree. With everything going on in the world at the moment I
didn't want this fix to get lost. I have no problem reverting the
patch in the SELinux -next branch if you guys would prefer to push
this up to Linus via the NFS tree; I just want to make sure we get
this fixed.

https://lore.kernel.org/selinux/CAHC9VhThqgv_QzCyeVYkBASVmNg2qZGxHwcxXL7KN84kR7+***@mail.gmail.com/
--
paul moore
www.paul-moore.com
Scott Mayhew
2020-03-17 15:18:29 UTC
Permalink
Post by Trond Myklebust
Post by Stephen Rothwell
Hi all,
fs/nfs/getroot.c
e8213ffc2aec ("NFS: Ensure security label is set for root inode")
28d4d0e16f09 ("When using NFSv4.2, the security label for the root
inode should be set via a call to nfs_setsecurity() during the mount
process, otherwise the inode will appear as unlabeled for up to
acdirmin seconds. Currently the label for the root inode is
allocated, retrieved, and freed entirely witin
nfs4_proc_get_root().")
from the selinux tree.
These are basically the same patch with slight formatting
differences.
I fixed it up (I used the latter) and can carry the fix as necessary.
This is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging. You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any
particularly
complex conflicts.
OK... Why is this being pushed through the selinux tree? Was that your
intention Scott?
Not really... I addressed the patch to you and Anna, after all. On the
other hand, I didn't object when Paul picked up the patch in his tree.
I'm guessing I should have spoken up. Sorry about that.

-Scott
Post by Trond Myklebust
Given that it didn't touch anything outside NFS and
had been acked by the Selinux folks, but had not been acked by the NFS
maintainers, I was assuming it was waiting to be applied here.
--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
Trond Myklebust
2020-03-17 16:12:01 UTC
Permalink
Post by Scott Mayhew
Post by Trond Myklebust
Post by Stephen Rothwell
Hi all,
fs/nfs/getroot.c
e8213ffc2aec ("NFS: Ensure security label is set for root inode")
28d4d0e16f09 ("When using NFSv4.2, the security label for the root
inode should be set via a call to nfs_setsecurity() during the mount
process, otherwise the inode will appear as unlabeled for up to
acdirmin seconds. Currently the label for the root inode is
allocated, retrieved, and freed entirely witin
nfs4_proc_get_root().")
from the selinux tree.
These are basically the same patch with slight formatting
differences.
I fixed it up (I used the latter) and can carry the fix as
necessary.
This is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when
your
tree
is submitted for merging. You may also want to consider
cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.
OK... Why is this being pushed through the selinux tree? Was that your
intention Scott?
Not really... I addressed the patch to you and Anna, after all. On the
other hand, I didn't object when Paul picked up the patch in his tree.
I'm guessing I should have spoken up. Sorry about that.
OK. Well there doesn't seem to be anything else touching the NFS mount
code in this dev cycle, so I don't expect any integration issues at
this point. I'm therefore OK with it going through the selinux tree.

I'll therefore drop the patch from the NFS tree, assuming you still
have it in the selinux tree, Paul.

--
Trond Myklebust
Linux NFS client maintain
Paul Moore
2020-03-17 21:10:04 UTC
Permalink
On Tue, Mar 17, 2020 at 12:12 PM Trond Myklebust
Post by Trond Myklebust
Post by Scott Mayhew
Post by Trond Myklebust
Post by Stephen Rothwell
Hi all,
fs/nfs/getroot.c
e8213ffc2aec ("NFS: Ensure security label is set for root inode")
28d4d0e16f09 ("When using NFSv4.2, the security label for the root
inode should be set via a call to nfs_setsecurity() during the mount
process, otherwise the inode will appear as unlabeled for up to
acdirmin seconds. Currently the label for the root inode is
allocated, retrieved, and freed entirely witin
nfs4_proc_get_root().")
from the selinux tree.
These are basically the same patch with slight formatting differences.
I fixed it up (I used the latter) and can carry the fix as necessary.
This is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when
your
tree
is submitted for merging. You may also want to consider
cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.
OK... Why is this being pushed through the selinux tree? Was that your
intention Scott?
Not really... I addressed the patch to you and Anna, after all. On the
other hand, I didn't object when Paul picked up the patch in his tree.
I'm guessing I should have spoken up. Sorry about that.
OK. Well there doesn't seem to be anything else touching the NFS mount
code in this dev cycle, so I don't expect any integration issues at
this point. I'm therefore OK with it going through the selinux tree.
I'll therefore drop the patch from the NFS tree, assuming you still
have it in the selinux tree, Paul.
I was waiting to hear back from you before reverting, I'll go ahead
and leave it in the selinux/next tree. If anything changes on the NFS
side, let me know.
--
paul moore
www.paul-moore.com
Loading...