linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Taras Kondratiuk <takondra@cisco.com>
To: "H. Peter Anvin" <hpa@zytor.com>,
	Al Viro <viro@zeniv.linux.org.uk>, Arnd Bergmann <arnd@arndb.de>,
	Rob Landley <rob@landley.net>,
	Mimi Zohar <zohar@linux.vnet.ibm.com>,
	Jonathan Corbet <corbet@lwn.net>,
	James McMechan <james.w.mcmechan@gmail.com>
Cc: initramfs@vger.kernel.org, Victor Kamensky <kamensky@cisco.com>,
	linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	xe-linux-external@cisco.com
Subject: [PATCH v2 15/15] selinux: delay sid population for rootfs till init is complete
Date: Thu, 25 Jan 2018 03:27:55 +0000	[thread overview]
Message-ID: <1516850875-25066-16-git-send-email-takondra@cisco.com> (raw)
In-Reply-To: <1516850875-25066-1-git-send-email-takondra@cisco.com>

From: Victor Kamensky <kamensky@cisco.com>

With initramfs cpio format that supports extended attributes
we need to skip sid population on sys_lsetxattr call from
initramfs for rootfs if security server is not initialized yet.

Otherwise callback in selinux_inode_post_setxattr will try to
translate give security.selinux label into sid context and since
security server is not available yet inode will receive default
sid (typically kernel_t). Note that in the same time proper
label will be stored in inode xattrs. Later, since inode sid
would be already populated system will never look back at
actual xattrs. But if we skip sid population for rootfs and
we have policy that direct use of xattrs for rootfs, proper
sid will be filled in from extended attributes one node is
accessed and server is initialized.

Note new DELAYAFTERINIT_MNT super block flag is introduced
to only mark rootfs for such behavior. For other types of
tmpfs original logic is still used.

Signed-off-by: Victor Kamensky <kamensky@cisco.com>
---
 security/selinux/hooks.c            | 9 ++++++++-
 security/selinux/include/security.h | 1 +
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f3fe65589f02..bb25268f734e 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -716,7 +716,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
 			 */
 			if (!strncmp(sb->s_type->name, "rootfs",
 				     sizeof("rootfs")))
-				sbsec->flags |= SBLABEL_MNT;
+				sbsec->flags |= SBLABEL_MNT|DELAYAFTERINIT_MNT;
 
 			/* Defer initialization until selinux_complete_init,
 			   after the initial policy is loaded and the security
@@ -3253,6 +3253,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
 {
 	struct inode *inode = d_backing_inode(dentry);
 	struct inode_security_struct *isec;
+	struct superblock_security_struct *sbsec;
 	u32 newsid;
 	int rc;
 
@@ -3261,6 +3262,12 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
 		return;
 	}
 
+	if (!ss_initialized) {
+		sbsec = inode->i_sb->s_security;
+		if (sbsec->flags & DELAYAFTERINIT_MNT)
+			return;
+	}
+
 	rc = security_context_to_sid_force(value, size, &newsid);
 	if (rc) {
 		printk(KERN_ERR "SELinux:  unable to map context to SID"
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 02f0412d42f2..585acfd6cbcf 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -52,6 +52,7 @@
 #define ROOTCONTEXT_MNT	0x04
 #define DEFCONTEXT_MNT	0x08
 #define SBLABEL_MNT	0x10
+#define DELAYAFTERINIT_MNT 0x20
 /* Non-mount related flags */
 #define SE_SBINITIALIZED	0x0100
 #define SE_SBPROC		0x0200
-- 
2.10.3.dirty

      parent reply	other threads:[~2018-01-25  3:38 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-25  3:27 [PATCH v2 00/15] extend initramfs archive format to support xattrs Taras Kondratiuk
2018-01-25  3:27 ` [PATCH v2 01/15] Documentation: add newcx initramfs format description Taras Kondratiuk
2018-01-25  9:29   ` Arnd Bergmann
2018-01-25 20:26     ` Taras Kondratiuk
2018-01-25 21:02       ` Arnd Bergmann
2018-01-25 22:13         ` Taras Kondratiuk
2018-01-26  2:39     ` Rob Landley
2018-01-26  9:04       ` Arnd Bergmann
2018-01-26 10:31       ` Henrique de Moraes Holschuh
2018-01-26 15:51         ` Victor Kamensky
2018-01-26 18:15           ` Henrique de Moraes Holschuh
2018-01-26  2:40   ` Rob Landley
2018-01-26 21:02     ` Taras Kondratiuk
2018-01-25  3:27 ` [PATCH v2 02/15] initramfs: replace states with function pointers Taras Kondratiuk
2018-01-25  3:27 ` [PATCH v2 03/15] initramfs: store file name in name_buf Taras Kondratiuk
2018-01-25  3:27 ` [PATCH v2 04/15] initramfs: remove unnecessary symlinks processing shortcut Taras Kondratiuk
2018-01-25  3:27 ` [PATCH v2 05/15] initramfs: move files creation into separate state Taras Kondratiuk
2018-01-25  3:27 ` [PATCH v2 06/15] initramfs: separate reading cpio method from header Taras Kondratiuk
2018-01-25  3:27 ` [PATCH v2 07/15] initramfs: split header layout information from parsing function Taras Kondratiuk
2018-01-25  3:27 ` [PATCH v2 08/15] initramfs: add newcx format Taras Kondratiuk
2018-01-25  3:27 ` [PATCH v2 09/15] initramfs: set extended attributes Taras Kondratiuk
2018-01-25  3:27 ` [PATCH v2 10/15] gen_init_cpio: move header formatting into function Taras Kondratiuk
2018-01-25  3:27 ` [PATCH v2 11/15] gen_init_cpio: add newcx format Taras Kondratiuk
2018-01-26  2:40   ` Rob Landley
2018-01-26 20:37     ` Taras Kondratiuk
2018-01-25  3:27 ` [PATCH v2 12/15] gen_init_cpio: set extended attributes for " Taras Kondratiuk
2018-01-25  3:27 ` [PATCH v2 13/15] gen_initramfs_list.sh: add -x option to enable " Taras Kondratiuk
2018-01-25  3:27 ` [PATCH v2 14/15] selinux: allow setxattr on rootfs so initramfs code can set them Taras Kondratiuk
2018-01-25  3:27 ` Taras Kondratiuk [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1516850875-25066-16-git-send-email-takondra@cisco.com \
    --to=takondra@cisco.com \
    --cc=arnd@arndb.de \
    --cc=corbet@lwn.net \
    --cc=hpa@zytor.com \
    --cc=initramfs@vger.kernel.org \
    --cc=james.w.mcmechan@gmail.com \
    --cc=kamensky@cisco.com \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=rob@landley.net \
    --cc=viro@zeniv.linux.org.uk \
    --cc=xe-linux-external@cisco.com \
    --cc=zohar@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).