1 From 849a49e6952a6f0eaf735f4e8ebeb178a228ad34 Mon Sep 17 00:00:00 2001
2 From: Ondrej Mosnacek <omosnace@redhat.com>
3 Date: Fri, 21 Dec 2018 21:18:53 +0100
4 Subject: selinux: do not override context on context mounts
6 [ Upstream commit 53e0c2aa9a59a48e3798ef193d573ade85aa80f5 ]
8 Ignore all selinux_inode_notifysecctx() calls on mounts with SBLABEL_MNT
9 flag unset. This is achived by returning -EOPNOTSUPP for this case in
10 selinux_inode_setsecurtity() (because that function should not be called
11 in such case anyway) and translating this error to 0 in
12 selinux_inode_notifysecctx().
14 This fixes behavior of kernfs-based filesystems when mounted with the
15 'context=' option. Before this patch, if a node's context had been
16 explicitly set to a non-default value and later the filesystem has been
17 remounted with the 'context=' option, then this node would show up as
18 having the manually-set context and not the mount-specified one.
21 # mount -t cgroup2 cgroup2 /sys/fs/cgroup/unified
22 # chcon unconfined_u:object_r:user_home_t:s0 /sys/fs/cgroup/unified/cgroup.stat
23 # ls -lZ /sys/fs/cgroup/unified
25 -r--r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Dec 13 10:41 cgroup.controllers
26 -rw-r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Dec 13 10:41 cgroup.max.depth
27 -rw-r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Dec 13 10:41 cgroup.max.descendants
28 -rw-r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Dec 13 10:41 cgroup.procs
29 -r--r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 0 Dec 13 10:41 cgroup.stat
30 -rw-r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Dec 13 10:41 cgroup.subtree_control
31 -rw-r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Dec 13 10:41 cgroup.threads
32 # umount /sys/fs/cgroup/unified
33 # mount -o context=system_u:object_r:tmpfs_t:s0 -t cgroup2 cgroup2 /sys/fs/cgroup/unified
36 # ls -lZ /sys/fs/cgroup/unified
38 -r--r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.controllers
39 -rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.max.depth
40 -rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.max.descendants
41 -rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.procs
42 -r--r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 0 Dec 13 10:41 cgroup.stat
43 -rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.subtree_control
44 -rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.threads
47 # ls -lZ /sys/fs/cgroup/unified
49 -r--r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.controllers
50 -rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.max.depth
51 -rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.max.descendants
52 -rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.procs
53 -r--r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.stat
54 -rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.subtree_control
55 -rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.threads
57 Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
58 Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
59 Signed-off-by: Paul Moore <paul@paul-moore.com>
60 Signed-off-by: Sasha Levin <sashal@kernel.org>
62 security/selinux/hooks.c | 9 ++++++++-
63 1 file changed, 8 insertions(+), 1 deletion(-)
65 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
66 index a5d9c0146ac3..b72aa48f6478 100644
67 --- a/security/selinux/hooks.c
68 +++ b/security/selinux/hooks.c
69 @@ -3339,12 +3339,16 @@ static int selinux_inode_setsecurity(struct inode *inode, const char *name,
70 const void *value, size_t size, int flags)
72 struct inode_security_struct *isec = inode_security_novalidate(inode);
73 + struct superblock_security_struct *sbsec = inode->i_sb->s_security;
77 if (strcmp(name, XATTR_SELINUX_SUFFIX))
80 + if (!(sbsec->flags & SBLABEL_MNT))
86 @@ -6103,7 +6107,10 @@ static void selinux_inode_invalidate_secctx(struct inode *inode)
88 static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
90 - return selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX, ctx, ctxlen, 0);
91 + int rc = selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX,
93 + /* Do not return error when suppressing label (SBLABEL_MNT not set). */
94 + return rc == -EOPNOTSUPP ? 0 : rc;