All of lore.kernel.org
 help / color / mirror / Atom feed
From: Stephen Smalley <stephen.smalley.work@gmail.com>
To: Paul Moore <paul@paul-moore.com>
Cc: Ondrej Mosnacek <omosnace@redhat.com>,
	Tyler Hicks <tyhicks@linux.microsoft.com>,
	SElinux list <selinux@vger.kernel.org>
Subject: Re: [PATCH v2 1/2] selinux: don't log MAC_POLICY_LOAD record on failed policy load
Date: Thu, 18 Mar 2021 11:12:45 -0400	[thread overview]
Message-ID: <CAEjxPJ4+-PUJW+PbNDwBjoAFJTNQ-7WDNgC3zybYNo3a9eFV=w@mail.gmail.com> (raw)
In-Reply-To: <CAHC9VhSjtP9JN4XTWi0WyWnbF2j5D5HweQn9-Okut_D==UGQ-A@mail.gmail.com>

On Thu, Mar 18, 2021 at 10:48 AM Paul Moore <paul@paul-moore.com> wrote:
>
> On Wed, Mar 3, 2021 at 3:54 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> > The situation has changed a bit since that was written, though... Back
> > then after the policy had been loaded there was no way to turn back
> > and if sel_make_policy_nodes() failed, the new policy would stay and
> > selinuxfs would have been left behind in an inconsistent/broken state.
> > Now this issue is fixed and the new policy isn't actually applied
> > until the selinuxfs preparation succeeds. So from a certain POV, the
> > selinuxfs failure is no longer that fatal and could just print a
> > warning like the other error path, because the result is the same
> > after both failures (active policy and selinuxfs state remains
> > unchanged).
> >
> > Paul (or Stephen if you are reading this and have time to comment),
> > what do you think?
>
> Sorry for the late reply, I lost this in my inbox and since I already
> marked the patchset as "changes requested" in patchwork it fell off my
> radar ...
>
> Anyway, back to your question ... it does seem like pr_warn() is the
> right answer here for the reasons that Ondrej mentioned above, and I
> personally feel it is in keeping with the original patch's intention
> as well; "If the policy fails to be loaded from userspace then a
> warning message is printed ..."  However, I'm not going to lose a lot
> of sleep over differences between pr_warn() and pr_err() here, if
> someone feels strongly that it should be pr_err() and can back that up
> with some solid reasoning and/or precedence then so be it.

That's fine with me.  FWIW, I think the rationale for using
pr_warn_ratelimited() for error returns from security_load_policy()
was that the failure could be entirely userspace-induced, i.e. just
pass the kernel an invalid policy.
The pr_err() messages on sel_make_bools/classes were in contrast
entirely kernel-internal errors and could leave the system in an
inconsistent state as you noted.

  reply	other threads:[~2021-03-18 15:13 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-12 18:59 [PATCH v2 0/2] selinux: policy load fixes Ondrej Mosnacek
2021-02-12 18:59 ` [PATCH v2 1/2] selinux: don't log MAC_POLICY_LOAD record on failed policy load Ondrej Mosnacek
2021-02-25 18:14   ` Paul Moore
2021-02-26 14:46     ` Ondrej Mosnacek
2021-02-28 18:52       ` Paul Moore
2021-03-03  2:55         ` Tyler Hicks
2021-03-03  8:54           ` Ondrej Mosnacek
2021-03-18 14:48             ` Paul Moore
2021-03-18 15:12               ` Stephen Smalley [this message]
2021-02-12 18:59 ` [PATCH v2 2/2] selinux: fix variable scope issue in live sidtab conversion Ondrej Mosnacek
2021-02-25 19:20   ` Paul Moore
2021-02-26 14:47     ` Ondrej Mosnacek
2021-03-03  2:57   ` Tyler Hicks
2021-03-03  9:01     ` Ondrej Mosnacek
2021-03-18 11:22       ` Stephen Smalley
2021-03-18 11:45         ` Ondrej Mosnacek
2021-03-18 14:49           ` Paul Moore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAEjxPJ4+-PUJW+PbNDwBjoAFJTNQ-7WDNgC3zybYNo3a9eFV=w@mail.gmail.com' \
    --to=stephen.smalley.work@gmail.com \
    --cc=omosnace@redhat.com \
    --cc=paul@paul-moore.com \
    --cc=selinux@vger.kernel.org \
    --cc=tyhicks@linux.microsoft.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.