| Message ID | 20240202064048.29881-1-ddiss@suse.de (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [v2] selinux: only filter copy-up xattrs following initialization | expand |
On Feb 2, 2024 David Disseldorp <ddiss@suse.de> wrote: > > Extended attribute copy-up functionality added via 19472b69d639d > ("selinux: Implementation for inode_copy_up_xattr() hook") sees > "security.selinux" contexts dropped, instead relying on contexts > applied via the inode_copy_up() hook. > > When copy-up takes place during early boot, prior to selinux > initialization / policy load, the context stripping can be unwanted > and unexpected. > > With this change, filtering of "security.selinux" xattrs will only occur > after selinux initialization. > > Signed-off-by: David Disseldorp <ddiss@suse.de> > --- > Changes since v1: > - drop RFC > - slightly rework commit message and preceeding comment > > security/selinux/hooks.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) Merged into selinux/dev, thanks for following up on this. -- paul-moore.com
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a6bf90ace84c7..b17247d66b24f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3534,9 +3534,10 @@ static int selinux_inode_copy_up_xattr(const char *name) { /* The copy_up hook above sets the initial context on an inode, but we * don't then want to overwrite it by blindly copying all the lower - * xattrs up. Instead, we have to filter out SELinux-related xattrs. + * xattrs up. Instead, filter out SELinux-related xattrs following + * policy load. */ - if (strcmp(name, XATTR_NAME_SELINUX) == 0) + if (selinux_initialized() && strcmp(name, XATTR_NAME_SELINUX) == 0) return 1; /* Discard */ /* * Any other attribute apart from SELINUX is not claimed, supported
Extended attribute copy-up functionality added via 19472b69d639d ("selinux: Implementation for inode_copy_up_xattr() hook") sees "security.selinux" contexts dropped, instead relying on contexts applied via the inode_copy_up() hook. When copy-up takes place during early boot, prior to selinux initialization / policy load, the context stripping can be unwanted and unexpected. With this change, filtering of "security.selinux" xattrs will only occur after selinux initialization. Signed-off-by: David Disseldorp <ddiss@suse.de> --- Changes since v1: - drop RFC - slightly rework commit message and preceeding comment security/selinux/hooks.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)