aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorPaul Moore <pmoore@redhat.com>2013-12-13 14:49:53 -0500
committerPaul Moore <pmoore@redhat.com>2013-12-13 14:52:25 -0500
commit4d546f81717d253ab67643bf072c6d8821a9249c (patch)
tree2bfae32c5e42b7b57cab82efbe71f522db79af60 /security
parent598cdbcf861825692fe7905e0fd662c7d06bae58 (diff)
selinux: revert 102aefdda4d8275ce7d7100bc16c88c74272b260
Revert "selinux: consider filesystem subtype in policies" This reverts commit 102aefdda4d8275ce7d7100bc16c88c74272b260. Explanation from Eric Paris: SELinux policy can specify if it should use a filesystem's xattrs or not. In current policy we have a specification that fuse should not use xattrs but fuse.glusterfs should use xattrs. This patch has a bug in which non-glusterfs filesystems would match the rule saying fuse.glusterfs should use xattrs. If both fuse and the particular filesystem in question are not written to handle xattr calls during the mount command, they will deadlock. I have fixed the bug to do proper matching, however I believe a revert is still the correct solution. The reason I believe that is because the code still does not work. The s_subtype is not set until after the SELinux hook which attempts to match on the ".gluster" portion of the rule. So we cannot match on the rule in question. The code is useless. Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c40
-rw-r--r--security/selinux/ss/services.c42
2 files changed, 22 insertions, 60 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index bf0537d78a70..756a6d269c9a 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -96,10 +96,6 @@
96#include "audit.h" 96#include "audit.h"
97#include "avc_ss.h" 97#include "avc_ss.h"
98 98
99#define SB_TYPE_FMT "%s%s%s"
100#define SB_SUBTYPE(sb) (sb->s_subtype && sb->s_subtype[0])
101#define SB_TYPE_ARGS(sb) sb->s_type->name, SB_SUBTYPE(sb) ? "." : "", SB_SUBTYPE(sb) ? sb->s_subtype : ""
102
103extern struct security_operations *security_ops; 99extern struct security_operations *security_ops;
104 100
105/* SECMARK reference count */ 101/* SECMARK reference count */
@@ -414,8 +410,8 @@ static int sb_finish_set_opts(struct super_block *sb)
414 the first boot of the SELinux kernel before we have 410 the first boot of the SELinux kernel before we have
415 assigned xattr values to the filesystem. */ 411 assigned xattr values to the filesystem. */
416 if (!root_inode->i_op->getxattr) { 412 if (!root_inode->i_op->getxattr) {
417 printk(KERN_WARNING "SELinux: (dev %s, type "SB_TYPE_FMT") has no " 413 printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
418 "xattr support\n", sb->s_id, SB_TYPE_ARGS(sb)); 414 "xattr support\n", sb->s_id, sb->s_type->name);
419 rc = -EOPNOTSUPP; 415 rc = -EOPNOTSUPP;
420 goto out; 416 goto out;
421 } 417 }
@@ -423,22 +419,22 @@ static int sb_finish_set_opts(struct super_block *sb)
423 if (rc < 0 && rc != -ENODATA) { 419 if (rc < 0 && rc != -ENODATA) {
424 if (rc == -EOPNOTSUPP) 420 if (rc == -EOPNOTSUPP)
425 printk(KERN_WARNING "SELinux: (dev %s, type " 421 printk(KERN_WARNING "SELinux: (dev %s, type "
426 SB_TYPE_FMT") has no security xattr handler\n", 422 "%s) has no security xattr handler\n",
427 sb->s_id, SB_TYPE_ARGS(sb)); 423 sb->s_id, sb->s_type->name);
428 else 424 else
429 printk(KERN_WARNING "SELinux: (dev %s, type " 425 printk(KERN_WARNING "SELinux: (dev %s, type "
430 SB_TYPE_FMT") getxattr errno %d\n", sb->s_id, 426 "%s) getxattr errno %d\n", sb->s_id,
431 SB_TYPE_ARGS(sb), -rc); 427 sb->s_type->name, -rc);
432 goto out; 428 goto out;
433 } 429 }
434 } 430 }
435 431
436 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) 432 if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
437 printk(KERN_ERR "SELinux: initialized (dev %s, type "SB_TYPE_FMT"), unknown behavior\n", 433 printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
438 sb->s_id, SB_TYPE_ARGS(sb)); 434 sb->s_id, sb->s_type->name);
439 else 435 else
440 printk(KERN_DEBUG "SELinux: initialized (dev %s, type "SB_TYPE_FMT"), %s\n", 436 printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
441 sb->s_id, SB_TYPE_ARGS(sb), 437 sb->s_id, sb->s_type->name,
442 labeling_behaviors[sbsec->behavior-1]); 438 labeling_behaviors[sbsec->behavior-1]);
443 439
444 sbsec->flags |= SE_SBINITIALIZED; 440 sbsec->flags |= SE_SBINITIALIZED;
@@ -601,6 +597,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
601 const struct cred *cred = current_cred(); 597 const struct cred *cred = current_cred();
602 int rc = 0, i; 598 int rc = 0, i;
603 struct superblock_security_struct *sbsec = sb->s_security; 599 struct superblock_security_struct *sbsec = sb->s_security;
600 const char *name = sb->s_type->name;
604 struct inode *inode = sbsec->sb->s_root->d_inode; 601 struct inode *inode = sbsec->sb->s_root->d_inode;
605 struct inode_security_struct *root_isec = inode->i_security; 602 struct inode_security_struct *root_isec = inode->i_security;
606 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; 603 u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
@@ -659,8 +656,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
659 strlen(mount_options[i]), &sid); 656 strlen(mount_options[i]), &sid);
660 if (rc) { 657 if (rc) {
661 printk(KERN_WARNING "SELinux: security_context_to_sid" 658 printk(KERN_WARNING "SELinux: security_context_to_sid"
662 "(%s) failed for (dev %s, type "SB_TYPE_FMT") errno=%d\n", 659 "(%s) failed for (dev %s, type %s) errno=%d\n",
663 mount_options[i], sb->s_id, SB_TYPE_ARGS(sb), rc); 660 mount_options[i], sb->s_id, name, rc);
664 goto out; 661 goto out;
665 } 662 }
666 switch (flags[i]) { 663 switch (flags[i]) {
@@ -807,8 +804,7 @@ out:
807out_double_mount: 804out_double_mount:
808 rc = -EINVAL; 805 rc = -EINVAL;
809 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different " 806 printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
810 "security settings for (dev %s, type "SB_TYPE_FMT")\n", sb->s_id, 807 "security settings for (dev %s, type %s)\n", sb->s_id, name);
811 SB_TYPE_ARGS(sb));
812 goto out; 808 goto out;
813} 809}
814 810
@@ -2481,8 +2477,8 @@ static int selinux_sb_remount(struct super_block *sb, void *data)
2481 rc = security_context_to_sid(mount_options[i], len, &sid); 2477 rc = security_context_to_sid(mount_options[i], len, &sid);
2482 if (rc) { 2478 if (rc) {
2483 printk(KERN_WARNING "SELinux: security_context_to_sid" 2479 printk(KERN_WARNING "SELinux: security_context_to_sid"
2484 "(%s) failed for (dev %s, type "SB_TYPE_FMT") errno=%d\n", 2480 "(%s) failed for (dev %s, type %s) errno=%d\n",
2485 mount_options[i], sb->s_id, SB_TYPE_ARGS(sb), rc); 2481 mount_options[i], sb->s_id, sb->s_type->name, rc);
2486 goto out_free_opts; 2482 goto out_free_opts;
2487 } 2483 }
2488 rc = -EINVAL; 2484 rc = -EINVAL;
@@ -2520,8 +2516,8 @@ out_free_secdata:
2520 return rc; 2516 return rc;
2521out_bad_option: 2517out_bad_option:
2522 printk(KERN_WARNING "SELinux: unable to change security options " 2518 printk(KERN_WARNING "SELinux: unable to change security options "
2523 "during remount (dev %s, type "SB_TYPE_FMT")\n", sb->s_id, 2519 "during remount (dev %s, type=%s)\n", sb->s_id,
2524 SB_TYPE_ARGS(sb)); 2520 sb->s_type->name);
2525 goto out_free_opts; 2521 goto out_free_opts;
2526} 2522}
2527 2523
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 6db5546717eb..fc5a63a05a1c 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2344,50 +2344,16 @@ int security_fs_use(struct super_block *sb)
2344 struct ocontext *c; 2344 struct ocontext *c;
2345 struct superblock_security_struct *sbsec = sb->s_security; 2345 struct superblock_security_struct *sbsec = sb->s_security;
2346 const char *fstype = sb->s_type->name; 2346 const char *fstype = sb->s_type->name;
2347 const char *subtype = (sb->s_subtype && sb->s_subtype[0]) ? sb->s_subtype : NULL;
2348 struct ocontext *base = NULL;
2349 2347
2350 read_lock(&policy_rwlock); 2348 read_lock(&policy_rwlock);
2351 2349
2352 for (c = policydb.ocontexts[OCON_FSUSE]; c; c = c->next) { 2350 c = policydb.ocontexts[OCON_FSUSE];
2353 char *sub; 2351 while (c) {
2354 int baselen; 2352 if (strcmp(fstype, c->u.name) == 0)
2355
2356 baselen = strlen(fstype);
2357
2358 /* if base does not match, this is not the one */
2359 if (strncmp(fstype, c->u.name, baselen))
2360 continue;
2361
2362 /* if there is no subtype, this is the one! */
2363 if (!subtype)
2364 break;
2365
2366 /* skip past the base in this entry */
2367 sub = c->u.name + baselen;
2368
2369 /* entry is only a base. save it. keep looking for subtype */
2370 if (sub[0] == '\0') {
2371 base = c;
2372 continue;
2373 }
2374
2375 /* entry is not followed by a subtype, so it is not a match */
2376 if (sub[0] != '.')
2377 continue;
2378
2379 /* whew, we found a subtype of this fstype */
2380 sub++; /* move past '.' */
2381
2382 /* exact match of fstype AND subtype */
2383 if (!strcmp(subtype, sub))
2384 break; 2353 break;
2354 c = c->next;
2385 } 2355 }
2386 2356
2387 /* in case we had found an fstype match but no subtype match */
2388 if (!c)
2389 c = base;
2390
2391 if (c) { 2357 if (c) {
2392 sbsec->behavior = c->v.behavior; 2358 sbsec->behavior = c->v.behavior;
2393 if (!c->sid[0]) { 2359 if (!c->sid[0]) {
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-20 20:04:32 -0400