#regzbot introduced v6.1.52..v6.1.53 #regzbot introduced: ed134f284b4ed85a70d5f760ed0686e3cd555f9b
We hit this regression when updating our guest vm kernel from 6.1.52 to 6.1.53 -- bisecting this problem was introduced in ed134f284b4ed85a70d5f760ed0686e3cd555f9b -- vfs, security: Fix automount superblock LSM init problem, preventing NFS sb sharing -- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v...
We're getting an EINVAL in `selinux_set_mnt_opts` in `security/selinux/hooks.c` when mounting a folder in a guest VM where selinux is disabled. We're mounting from another folder that we suspect has selinux labels set from the host. The EINVAL is getting set in the following block... ``` if (!selinux_initialized(&selinux_state)) { if (!opts) { /* Defer initialization until selinux_complete_init, after the initial policy is loaded and the security server is ready to handle calls. */ goto out; } rc = -EINVAL; pr_warn("SELinux: Unable to set superblock options " "before the security server is initialized\n"); goto out; } ``` We can reproduce 100% of the time but don't currently have a simple reproducer as the problem was found in our build service which uses kata-containers (with cloud-hypervisor and rootfs mounted via virtio-blk).
We have not checked the mainline as we currently are tied to 6.1.x.
-Simon