git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Ondrej Mosnacek <omosnace@redhat.com>
	Tue, 11 Jun 2019 08:07:19 +0000 (10:07 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 19 Jun 2019 06:00:01 +0000 (08:00 +0200)
commit	bc690120360b8e56a056dc031b2d29f713910686
tree	773754adda6838e7050426d1c1cfcb1bfaf2fec1	tree
parent	d3a341b4e675ca38d204e2c1b0e53dd46fc10ea3	commit \| diff

selinux: log raw contexts as untrusted strings

commit aff7ed4851680d0d28ad9f52cd2f99213e1371b2 upstream.

These strings may come from untrusted sources (e.g. file xattrs) so they
need to be properly escaped.

Reproducer:
    # setenforce 0
    # touch /tmp/test
    # setfattr -n security.selinux -v 'kuřecí řízek' /tmp/test
    # runcon system_u:system_r:sshd_t:s0 cat /tmp/test
    (look at the generated AVCs)

Actual result:
    type=AVC [...] trawcon=kuřecí řízek

Expected result:
    type=AVC [...] trawcon=6B75C5996563C3AD20C599C3AD7A656B

Fixes: fede148324c3 ("selinux: log invalid contexts in AVCs")
Cc: stable@vger.kernel.org # v5.1+
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>