diff mbox series

[RFC,03/44] selinux: support multiple selinuxfs instances

Message ID	20250102164509.25606-4-stephen.smalley.work@gmail.com (mailing list archive)
State	New
Delegated to:	Paul Moore
Headers	show Received: from mail-qk1-f173.google.com (mail-qk1-f173.google.com [209.85.222.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4969113CFA6 for <selinux@vger.kernel.org>; Thu, 2 Jan 2025 16:45:36 +0000 (UTC) From: Stephen Smalley <stephen.smalley.work@gmail.com> To: selinux@vger.kernel.org Cc: paul@paul-moore.com, omosnace@redhat.com, Stephen Smalley <stephen.smalley.work@gmail.com> Subject: [RFC PATCH 03/44] selinux: support multiple selinuxfs instances Date: Thu, 2 Jan 2025 11:44:28 -0500 Message-Id: <20250102164509.25606-4-stephen.smalley.work@gmail.com> In-Reply-To: <20250102164509.25606-1-stephen.smalley.work@gmail.com> References: <20250102164509.25606-1-stephen.smalley.work@gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	SELinux namespace support \| expand [RFC,00/44] SELinux namespace support [RFC,01/44] selinux: restore passing of selinux_state [RFC,02/44] selinux: introduce current_selinux_state [RFC,03/44] selinux: support multiple selinuxfs instances [RFC,04/44] selinux: dynamically allocate selinux namespace [RFC,05/44] netstate,selinux: create the selinux netlink socket per network namespace [RFC,06/44] selinux: support per-task/cred selinux namespace [RFC,07/44] selinux: introduce cred_selinux_state() and use it [RFC,08/44] selinux: add a selinuxfs interface to unshare selinux namespace [RFC,09/44] selinuxfs: restrict write operations to the same selinux namespace [RFC,10/44] selinux: introduce a global SID table [RFC,11/44] selinux: wrap security server interfaces to use the global SID table [RFC,12/44] selinux: update hook functions to use correct selinux namespace [RFC,13/44] selinux: introduce cred_task_has_perm() [RFC,14/44] selinux: introduce cred_has_extended_perms() [RFC,15/44] selinux: introduce cred_self_has_perm() [RFC,16/44] selinux: introduce cred_has_perm() [RFC,17/44] selinux: introduce cred_ssid_has_perm() and cred_other_has_perm() [RFC,18/44] selinux: introduce task_obj_perm() [RFC,19/44] selinux: fix selinux_lsm_getattr() check [RFC,20/44] selinux: update bprm hooks for selinux namespaces [RFC,21/44] selinux: add kerneldoc to new permission checking functions [RFC,22/44] selinux: convert selinux_file_send_sigiotask() to namespace-aware helper [RFC,23/44] selinux: rename cred_has_perm() to cred_tsid_has_perm() [RFC,24/44] selinux: convert additional checks to cred_ssid_has_perm() [RFC,25/44] selinux: introduce selinux_state_has_perm() [RFC,26/44] selinux: annotate selinuxfs permission checks [RFC,27/44] selinux: annotate process transition permission checks [RFC,28/44] selinux: convert xfrm and netlabel permission checks [RFC,29/44] selinux: switch selinux_lsm_setattr() checks to current namespace [RFC,30/44] selinux: add limits for SELinux namespaces [RFC,31/44] selinux: fix namespace creation [RFC,32/44] selinux: limit selinux netlink notifications to init namespace [RFC,33/44] selinux: refactor selinux_state_create() [RFC,34/44] selinux: make open_perms namespace-aware [RFC,35/44] selinux: split cred_ssid_has_perm() into two cases [RFC,36/44] selinux: set initial SID context for init to "kernel" in global SID table [RFC,37/44] selinux: disallow writes to /sys/fs/selinux/user in non-init namespaces [RFC,38/44] selinux: convert nlmsg_sock_has_extended_perms() to namespace-aware [RFC,39/44] selinux: defer inode init on current selinux state [RFC,40/44] selinux: init inode from nearest initialized namespace [RFC,41/44] selinux: allow userspace to detect non-init SELinux namespace [RFC,42/44] selinux: exempt creation of init SELinux namespace from limits [RFC,43/44] selinux: introduce a Kconfig option for SELinux namespaces [RFC,44/44] selinux: fix inode initialization when no namespace is initialized

Commit Message

Stephen Smalley Jan. 2, 2025, 4:44 p.m. UTC

Support multiple selinuxfs instances, one per selinux namespace.

The expected usage would be to unshare the SELinux namespace and
the mount namespace, and then mount a new selinuxfs instance.  The
new instance would then provide an interface for viewing and manipulating
the state of the new SELinux namespace and would not affect the parent
namespace in any manner.

This change by itself should have no effect on SELinux behavior or
APIs (userspace or LSM).

Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
 security/selinux/selinuxfs.c | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff mbox series

Patch

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 5de86b2b3378..a72fc91f10ec 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -2152,9 +2152,33 @@  static int sel_fill_super(struct super_block *sb, struct fs_context *fc)
 	return ret;
 }
 
+static int selinuxfs_compare(struct super_block *sb, struct fs_context *fc)
+{
+	struct selinux_fs_info *fsi = sb->s_fs_info;
+
+	return (current_selinux_state == fsi->state);
+}
+
 static int sel_get_tree(struct fs_context *fc)
 {
-	return get_tree_single(fc, sel_fill_super);
+	struct super_block *sb;
+	int err;
+
+	sb = sget_fc(fc, selinuxfs_compare, set_anon_super_fc);
+	if (IS_ERR(sb))
+		return PTR_ERR(sb);
+
+	if (!sb->s_root) {
+		err = sel_fill_super(sb, fc);
+		if (err) {
+			deactivate_locked_super(sb);
+			return err;
+		}
+		sb->s_flags |= SB_ACTIVE;
+	}
+
+	fc->root = dget(sb->s_root);
+	return 0;
 }
 
 static const struct fs_context_operations sel_context_ops = {