From patchwork Fri Apr 22 15:38:24 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Seth Forshee <seth.forshee@canonical.com>
X-Patchwork-Id: 8913611
Return-Path: <selinux-bounces@tycho.nsa.gov>
X-Original-To: patchwork-selinux@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id B5CB6BF29F
	for <patchwork-selinux@patchwork.kernel.org>;
	Fri, 22 Apr 2016 15:54:48 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id E985620225
	for <patchwork-selinux@patchwork.kernel.org>;
	Fri, 22 Apr 2016 15:54:47 +0000 (UTC)
Received: from emvm-gh1-uea08.nsa.gov (smtp.nsa.gov [8.44.101.8])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 5DA122014A
	for <patchwork-selinux@patchwork.kernel.org>;
	Fri, 22 Apr 2016 15:54:46 +0000 (UTC)
X-TM-IMSS-Message-ID: <61c1191e00000a5c@nsa.gov>
Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by nsa.gov
	([10.208.42.193]) with ESMTP (TREND IMSS SMTP Service 7.1) id
	61c1191e00000a5c ; Fri, 22 Apr 2016 11:50:40 -0400
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3MFpHZ2008495;
	Fri, 22 Apr 2016 11:51:17 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u3MFdBfI105270 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Fri, 22 Apr 2016 11:39:11 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3MFd3xS004296
	for <selinux@tycho.nsa.gov>; Fri, 22 Apr 2016 11:39:11 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A0CqBAA7RBpX/yQp0ApeHYJwgXu3d4QQhg4CgXQBAQEBAQFmJ4RCAQEBAxIVGQEBNwEPUTQBBQEcBgESIogIAaBpgTE+MYpPhSgBBIxdAQEBAQEBAQMCARcGCoQNggqOYAGOS4lIgVWMQYkphWWNcTCBDmKBeD6BU04BiHoBAQE
X-IPAS-Result: 
 A0CqBAA7RBpX/yQp0ApeHYJwgXu3d4QQhg4CgXQBAQEBAQFmJ4RCAQEBAxIVGQEBNwEPUTQBBQEcBgESIogIAaBpgTE+MYpPhSgBBIxdAQEBAQEBAQMCARcGCoQNggqOYAGOS4lIgVWMQYkphWWNcTCBDmKBeD6BU04BiHoBAQE
X-IronPort-AV: E=Sophos;i="5.24,517,1454994000"; d="scan'208";a="5402615"
Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov)
	([10.208.41.36])
	by goalie.tycho.ncsc.mil with ESMTP; 22 Apr 2016 11:39:10 -0400
IronPort-PHdr: =?us-ascii?q?9a23=3AlcxpSxa6nTxkbCSbUGiBCcf/LSx+4OfEezUN459i?=
	=?us-ascii?q?sYplN5qZpMW9bnLW6fgltlLVR4KTs6sC0LqG9f+4Ejxcqb+681k8M7V0Hycfjs?=
	=?us-ascii?q?sXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aJBzzOEJP?=
	=?us-ascii?q?K/jvHcaK1oLsh7D0pMWYM1kArQH+SI0xBS3+lR/WuMgSjNkqAYcK4TyNnEF1ff?=
	=?us-ascii?q?9Lz3hjP1OZkkW0zM6x+Jl+73YY4Kp5pIZoGJ/3dKUgTLFeEC9ucyVsvJWq5lH/?=
	=?us-ascii?q?Sl7Fy2EdWS0p1FJiAgXJ4Qv/V5G7+n/3vOtw1CSAOOXmSLEvQjWl6eFgTxq+zG?=
	=?us-ascii?q?8/PiM9uETQjdZ9xPZDqQ+ljwR23oqRZYaSLvc4daTYK5dSfnZMRsZcUWR6B4q4?=
	=?us-ascii?q?a4YeR74aMf1ws5j2p1xIqwC3QwarGrWrghJSh3S+5aQg0v9pRQze1RYhBPoWuW?=
	=?us-ascii?q?7Vt83xPawfF+evw/+b4y/EaqZt1Cv9oKbPaAshrPzECal9bcqXx041DAPIg32b?=
	=?us-ascii?q?oIriOTKe3+BLuG+eubkzHdmzgnIq/lki6gOkwd0h38yQ3toY?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1EiAQCfQhpXj6/WVdFeHYJwgXu3d4QQg?=
	=?us-ascii?q?g2EAQKBdAEBAQEBAQICDwEBAQEHCwsJIYJcfVs9AQEBAxIVGQEBNwEPUTQBBQE?=
	=?us-ascii?q?cBgESIogIAaBsgTE+MYpPhSgBBIxdAQEBAQEBAQMCARcGCoQNggqOYI5MiUiBV?=
	=?us-ascii?q?YxBiSmFZY1xMIEOgloeIIFTTgGIegEBAQ?=
X-IPAS-Result: =?us-ascii?q?A1EiAQCfQhpXj6/WVdFeHYJwgXu3d4QQgg2EAQKBdAEBAQE?=
	=?us-ascii?q?BAQICDwEBAQEHCwsJIYJcfVs9AQEBAxIVGQEBNwEPUTQBBQEcBgESIogIAaBsg?=
	=?us-ascii?q?TE+MYpPhSgBBIxdAQEBAQEBAQMCARcGCoQNggqOYI5MiUiBVYxBiSmFZY1xMIE?=
	=?us-ascii?q?OgloeIIFTTgGIegEBAQ?=
X-IronPort-AV: E=Sophos;i="5.24,517,1454976000"; d="scan'208";a="12934439"
Received: from emvm-gh1-uea09.nsa.gov ([10.208.42.194])
	by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-SHA;
	22 Apr 2016 15:39:10 +0000
X-TM-IMSS-Message-ID: <ad945c1400000629@nsa.gov>
Received: from mail-ob0-f175.google.com (mail-ob0-f175.google.com
	[209.85.214.175]) by nsa.gov ([10.208.42.194]) with ESMTP (TREND IMSS
	SMTP
	Service 7.1; TLSv1/SSLv3 AES128-SHA (128/128)) id ad945c1400000629 ;
	Fri, 22 Apr 2016 11:38:42 -0400
Received: by mail-ob0-f175.google.com with SMTP id tz8so50753334obc.0
	for <selinux@tycho.nsa.gov>; Fri, 22 Apr 2016 08:39:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=canonical-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=AE9Glh7PFyZk66TdZ44xHAtAexwc6iutT3qbCqRsTYc=;
	b=exkQE4mh1GHxRn5+zO03GCJrGQWfDKPqQ2wDdUTckklAST8paaN8st5DJR9JwV1/wY
	Sl/dcmJpsLznC61lj66sizCCcMJ/tFrqFK0Cz5oNk7wtkKeVBDtz4TVhYmMtSbjD08lw
	CRuzh/XsgyqaeiVGGrAVsJZyWMP30poOfbiU9Y8Tl6k2dVNHqXAGskaKXYC/djHm2TfR
	fBb8VE5LQJhm9n/6AEasfQ8AzCGTKGMTUdm3XT7YYZlgi8/i+n9XfJLkWh629PbDSmEG
	d7Nh4gDXDsptvu8Gsa6L1y31J7IIwtx14Oy221HK174K2OqYkRUrmlXfZD2WDq+5F8oV
	YNLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=AE9Glh7PFyZk66TdZ44xHAtAexwc6iutT3qbCqRsTYc=;
	b=F9SrCeVge45ZFzdPptLSEUeOF3401Ag3/CSx8of7p10w9k//etpRPXi5OwN5d2p1qz
	nVdRAeph+R1xx0HJKXf/+SbqkVRODtugjY7YBErR6YJ712e72bSMCa5okZcz61Nu0nNl
	gz3RRBklzTTRxx/uy+aDpBk3UPjT4g2CQsZCsmhP3XXQvvuxmdYvaY4Mxzw0rQUUZ+kK
	BKkIDe1VDyMNx/KpQi8l3jNzHdcdR6ZMNqbvN+ZWDIbrAlQxuFE7lzpTc1MWr3MG9XdE
	VU+PsBVEFIfiknXo3f08wT7ZWy2S9dSGm5mTh1z8IxybueXqlIs+fPj/8jz9xB1zbBpx
	CWnA==
X-Gm-Message-State: 
 AOPr4FWlKNhKHDhJp6If3n5Lh+rXd8xKYsXV33lokNRUhpcPmUmKzB1H8oh/Fxhhr+6CCX6D
X-Received: by 10.60.52.177 with SMTP id u17mr1801989oeo.61.1461339548018;
	Fri, 22 Apr 2016 08:39:08 -0700 (PDT)
Received: from localhost ([2605:a601:aab:f920:ad1c:41df:dcb1:a4a0])
	by smtp.gmail.com with ESMTPSA id
	ed8sm2094352obb.19.2016.04.22.08.39.07
	(version=TLS1_2 cipher=AES128-SHA bits=128/128);
	Fri, 22 Apr 2016 08:39:07 -0700 (PDT)
From: Seth Forshee <seth.forshee@canonical.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>,
	Paul Moore <paul@paul-moore.com>, Stephen Smalley <sds@tycho.nsa.gov>,
	Eric Paris <eparis@parisplace.org>
Subject: [PATCH v3 07/21] selinux: Add support for unprivileged mounts from
	user namespaces
Date: Fri, 22 Apr 2016 10:38:24 -0500
Message-Id: <1461339521-123191-8-git-send-email-seth.forshee@canonical.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1461339521-123191-1-git-send-email-seth.forshee@canonical.com>
References: <1461339521-123191-1-git-send-email-seth.forshee@canonical.com>
X-TM-AS-MML: disable
X-Mailman-Approved-At: Fri, 22 Apr 2016 11:40:16 -0400
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
Cc: linux-bcache@vger.kernel.org, Serge Hallyn <serge.hallyn@canonical.com>,
	Seth Forshee <seth.forshee@canonical.com>,
	James Morris <james.l.morris@oracle.com>, dm-devel@redhat.com,
	Miklos Szeredi <mszeredi@redhat.com>,
	Richard Weinberger <richard.weinberger@gmail.com>,
	linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-raid@vger.kernel.org, fuse-devel@lists.sourceforge.net,
	Austin S Hemmelgarn <ahferroin7@gmail.com>,
	linux-mtd@lists.infradead.org,
	Alexander Viro <viro@zeniv.linux.org.uk>, selinux@tycho.nsa.gov,
	linux-fsdevel@vger.kernel.org, cgroups@vger.kernel.org,
	Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RP_MATCHES_RCVD, T_DKIM_INVALID,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Security labels from unprivileged mounts in user namespaces must
be ignored. Force superblocks from user namespaces whose labeling
behavior is to use xattrs to use mountpoint labeling instead.
For the mountpoint label, default to converting the current task
context into a form suitable for file objects, but also allow the
policy writer to specify a different label through policy
transition rules.

Pieced together from code snippets provided by Stephen Smalley.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <james.l.morris@oracle.com>
---
 security/selinux/hooks.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 1350167635cb..33beed3ac589 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -820,6 +820,28 @@ static int selinux_set_mnt_opts(struct super_block *sb,
 			goto out;
 		}
 	}
+
+	/*
+	 * If this is a user namespace mount, no contexts are allowed
+	 * on the command line and security labels must be ignored.
+	 */
+	if (sb->s_user_ns != &init_user_ns) {
+		if (context_sid || fscontext_sid || rootcontext_sid ||
+		    defcontext_sid) {
+			rc = -EACCES;
+			goto out;
+		}
+		if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
+			sbsec->behavior = SECURITY_FS_USE_MNTPOINT;
+			rc = security_transition_sid(current_sid(), current_sid(),
+						     SECCLASS_FILE, NULL,
+						     &sbsec->mntpoint_sid);
+			if (rc)
+				goto out;
+		}
+		goto out_set_opts;
+	}
+
 	/* sets the context of the superblock for the fs being mounted. */
 	if (fscontext_sid) {
 		rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
@@ -888,6 +910,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
 		sbsec->def_sid = defcontext_sid;
 	}
 
+out_set_opts:
 	rc = sb_finish_set_opts(sb);
 out:
 	mutex_unlock(&sbsec->lock);