| Message ID | 20210510105648.14635-4-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | libselinux: quirks of the status page | expand |
Christian Göttsche <cgzones@googlemail.com> writes: > Currently `avc_init_internal()`, called by `avc_open(3)` and > `avc_init(3)`, does open the SELinux status page with fallback mode > enabled. > > Quote from man:selinux_status_open(3): > In this case, this function tries to open a netlink socket using > .BR avc_netlink_open (3) and overwrite corresponding callbacks > (setenforce and policyload). Thus, we need to pay attention to the > interaction with these interfaces, when fallback mode is enabled. > > Calling `selinux_status_open` internally in fallback mode is bad, cause > it overrides callbacks from client applications or the internal > fallback-callbacks get overridden by client applications. > Note that `avc_open(3)` gets called under the hood by > `selinux_check_access(3)` without checking for failure. > Also the status page is available since Linux 2.6.37, so failures of > `selinux_status_open(3)` in non-fallback mode should only be caused by > policies not allowing the client process to open/read/map > the /sys/fs/selinux/status file. Acked-by: Petr Lautrbach <plautrba@redhat.com> All 3 are merged now. Thanks! > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > --- > libselinux/src/avc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c > index 8314d7ba..daaedbc6 100644 > --- a/libselinux/src/avc.c > +++ b/libselinux/src/avc.c > @@ -214,7 +214,7 @@ static int avc_init_internal(const char *prefix, > avc_enforcing = rc; > } > > - rc = selinux_status_open(1); > + rc = selinux_status_open(0); > if (rc < 0) { > avc_log(SELINUX_ERROR, > "%s: could not open selinux status page: %d (%s)\n", > -- > 2.31.1
diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c index 8314d7ba..daaedbc6 100644 --- a/libselinux/src/avc.c +++ b/libselinux/src/avc.c @@ -214,7 +214,7 @@ static int avc_init_internal(const char *prefix, avc_enforcing = rc; } - rc = selinux_status_open(1); + rc = selinux_status_open(0); if (rc < 0) { avc_log(SELINUX_ERROR, "%s: could not open selinux status page: %d (%s)\n",
Currently `avc_init_internal()`, called by `avc_open(3)` and `avc_init(3)`, does open the SELinux status page with fallback mode enabled. Quote from man:selinux_status_open(3): In this case, this function tries to open a netlink socket using .BR avc_netlink_open (3) and overwrite corresponding callbacks (setenforce and policyload). Thus, we need to pay attention to the interaction with these interfaces, when fallback mode is enabled. Calling `selinux_status_open` internally in fallback mode is bad, cause it overrides callbacks from client applications or the internal fallback-callbacks get overridden by client applications. Note that `avc_open(3)` gets called under the hood by `selinux_check_access(3)` without checking for failure. Also the status page is available since Linux 2.6.37, so failures of `selinux_status_open(3)` in non-fallback mode should only be caused by policies not allowing the client process to open/read/map the /sys/fs/selinux/status file. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- libselinux/src/avc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)