From patchwork Wed Dec 2 15:40:04 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 7748001 Return-Path: X-Original-To: patchwork-linux-fsdevel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id BA7F6BEEE1 for ; Wed, 2 Dec 2015 15:49:07 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id AE3C6204F6 for ; Wed, 2 Dec 2015 15:49:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id BE0A9204EB for ; Wed, 2 Dec 2015 15:49:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932795AbbLBPmP (ORCPT ); Wed, 2 Dec 2015 10:42:15 -0500 Received: from mail-io0-f179.google.com ([209.85.223.179]:35133 "EHLO mail-io0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932768AbbLBPmJ (ORCPT ); Wed, 2 Dec 2015 10:42:09 -0500 Received: by ioc74 with SMTP id 74so49321905ioc.2 for ; Wed, 02 Dec 2015 07:42:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=2FzR9q4tqruOs2lLpG2mLGvytCvPgm6/p9dT4VlqO+4=; b=RSTrZ3AETX/vYiJFPVwPCZ1zOuRgsaHQ73iKDe+skQyrSPTyDmykMGC8LCgvKTJSk+ Z34eXp1p8KwKQfQdZKI7vVBRgmM3Bw8VxdEE9Biw86NyDF6uwPnCf+dVPqqb9Pa8OFn0 aOOHGamklJnwEE62UNwXQY9YNnWZTZ4Djj7yU6azAw7l0oBffO+cMLJj3aJ3cALpVSki WFf3S+1YKGpHlOfpsQr9YAzj7QQEBoMyV0HIm0AIpYZytAaUeoqnBWb2IOHiDLLRygi/ om7kxOQl6xsscAvMHPFvyadAcWG+96DkelK5UBp2kMy9Yc+O/55T/SdR5Do4ayw1dyn3 AJlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=2FzR9q4tqruOs2lLpG2mLGvytCvPgm6/p9dT4VlqO+4=; b=eRjZ3Ad1HbOuobSzDSlRcItUv+NudeAhuMrtyBaOCPyX/eq1iCDdH2sWFDGkF7V4Uu Lwv/b6ZUp8q48TxUzcG/KKucQXmwf17pclGX6iiaSs4bubFzwvLXk6JGqVERIqeIUdfC YMaPHi4xxnnaD2TexOhxauwJ/r0vE136Z/BhCjyqAG4vaG9U4ctluWTXqkvlTDZeeehW f30+slbN2TevrZkzALC5sR8mxybIi1pMRuuKkAeb+s+oBzvp1r0566HAg8ljtSIgFMB9 E1WxlXzGhYnCstRUfBGt0SD1tl//MH1PxD3W1hTVjuKUtn6bkyANDYcSR0clZQ/05XWW 4OWQ== X-Gm-Message-State: ALoCoQnaZDQDfHHMuC57zYlZ2QRkjU5uTan/gajoqsVNo8cuFK+cqxj+rtcQMdncN2EQMWGtxNQH X-Received: by 10.107.164.71 with SMTP id n68mr4244008ioe.162.1449070928559; Wed, 02 Dec 2015 07:42:08 -0800 (PST) Received: from localhost (199-87-125-144.dyn.kc.surewest.net. [199.87.125.144]) by smtp.gmail.com with ESMTPSA id g88sm1359911ioj.23.2015.12.02.07.42.07 (version=TLS1_2 cipher=AES128-SHA bits=128/128); Wed, 02 Dec 2015 07:42:08 -0800 (PST) From: Seth Forshee To: "Eric W. Biederman" , Paul Moore , Stephen Smalley , Eric Paris Cc: Alexander Viro , Serge Hallyn , Richard Weinberger , Austin S Hemmelgarn , Miklos Szeredi , linux-bcache@vger.kernel.org, dm-devel@redhat.com, linux-raid@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mtd@lists.infradead.org, linux-fsdevel@vger.kernel.org, fuse-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, Seth Forshee , James Morris , "Serge E. Hallyn" Subject: [PATCH 04/19] selinux: Add support for unprivileged mounts from user namespaces Date: Wed, 2 Dec 2015 09:40:04 -0600 Message-Id: <1449070821-73820-5-git-send-email-seth.forshee@canonical.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1449070821-73820-1-git-send-email-seth.forshee@canonical.com> References: <1449070821-73820-1-git-send-email-seth.forshee@canonical.com> Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Security labels from unprivileged mounts in user namespaces must be ignored. Force superblocks from user namespaces whose labeling behavior is to use xattrs to use mountpoint labeling instead. For the mountpoint label, default to converting the current task context into a form suitable for file objects, but also allow the policy writer to specify a different label through policy transition rules. Pieced together from code snippets provided by Stephen Smalley. Signed-off-by: Seth Forshee Acked-by: Stephen Smalley Acked-by: James Morris --- security/selinux/hooks.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a5b93df6553f..5fedc36dd6b2 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -756,6 +756,28 @@ static int selinux_set_mnt_opts(struct super_block *sb, goto out; } } + + /* + * If this is a user namespace mount, no contexts are allowed + * on the command line and security labels must be ignored. + */ + if (sb->s_user_ns != &init_user_ns) { + if (context_sid || fscontext_sid || rootcontext_sid || + defcontext_sid) { + rc = -EACCES; + goto out; + } + if (sbsec->behavior == SECURITY_FS_USE_XATTR) { + sbsec->behavior = SECURITY_FS_USE_MNTPOINT; + rc = security_transition_sid(current_sid(), current_sid(), + SECCLASS_FILE, NULL, + &sbsec->mntpoint_sid); + if (rc) + goto out; + } + goto out_set_opts; + } + /* sets the context of the superblock for the fs being mounted. */ if (fscontext_sid) { rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred); @@ -824,6 +846,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, sbsec->def_sid = defcontext_sid; } +out_set_opts: rc = sb_finish_set_opts(sb); out: mutex_unlock(&sbsec->lock);