27;s glock, and tries
to acquire isec->lock.
Signed-off-by: Andreas Gruenbacher
---
security/selinux/hooks.c | 102 +++---
security/selinux/include/objsec.h | 5 +-
2 files changed, 66 insertions(+), 41 deletions(-)
diff --git a/security/selinux/hooks
inode's glock, and
* another task is in do_xmote -> inode_go_inval ->
selinux_inode_invalidate_secctx, holds the inode's glock, and tries
to acquire isec->lock.
Signed-off-by: Andreas Gruenbacher
---
security/selinux/hooks.c | 108
.
Signed-off-by: Andreas Gruenbacher
---
fs/proc/base.c | 23 +--
fs/proc/fd.c | 6 ++
fs/proc/internal.h | 2 +-
fs/proc/namespaces.c | 3 +--
security/selinux/hooks.c | 1 +
5 files changed, 14 insertions(+), 21 deletions(-)
diff --git a/
Now that isec->initialized == LABEL_INITIALIZED implies that
isec->sclass is valid, skip such inodes immediately in
inode_doinit_with_dentry.
For the remaining inodes, initialize isec->sclass at the beginning of
inode_doinit_with_dentry to simplify the code.
Signed-off-by: Andreas Gr
This set of four patches fixes a deadlock between selinux and GFS2 when GFS2
invalidates a security label. Please review and consider for the next merge
cycle.
Thanks,
Andreas
Andreas Gruenbacher (4):
selinux: Minor cleanups
proc: Pass file mode to proc_pid_make_inode
selinux: Clean up
Fix the comment for function __inode_security_revalidate, which returns
an integer.
Use the LABEL_* constants consistently for isec->initialized.
Signed-off-by: Andreas Gruenbacher
---
security/selinux/hooks.c | 3 ++-
security/selinux/selinuxfs.c | 4 ++--
2 files changed, 4 inserti
On Wed, Jun 1, 2016 at 3:44 PM, Stephen Smalley wrote:
> On 05/31/2016 11:22 AM, Andreas Gruenbacher wrote:
>> With that fixed, could you possibly put this change to test?
>
> Falls over during boot in generic_getxattr(), which still needs a
> non-NULL dentry in the work.selin
On Tue, May 31, 2016 at 4:44 PM, Stephen Smalley wrote:
> On 05/30/2016 09:59 AM, Andreas Gruenbacher wrote:
>> SELinux sometimes needs to load the security label of an inode without
>> knowing which dentry belongs to that inode (for example, in the
>> inode_permission hook)
Change the getxattr inode operation to only use its inode argument, and
ignore the dentry. This is possible because on overlayfs, each dentry
has a separate inode and inodes are not shared among dentries. Allows
SELinux to work on top of overlayfs.
Signed-off-by: Andreas Gruenbacher
---
fs
; on all others, it succeeds.
Signed-off-by: Andreas Gruenbacher
---
fs/9p/acl.c | 3 +++
fs/9p/xattr.c| 3 +++
fs/cifs/xattr.c | 9 +++--
fs/ecryptfs/inode.c | 8 ++--
fs/overlayfs/inode.c | 6 +-
net/socket.c | 3
t/mszeredi/vfs.git/log/?h=overlayfs-next
Git version:
https://git.kernel.org/cgit/linux/kernel/git/agruen/linux.git/log/?h=work.selinux
Comments?
Thanks,
Andreas
Andreas Gruenbacher (2):
selinux: Stop looking up dentries from inodes
overlayfs: Make getxattr work with inode only
f
On Thu, Feb 18, 2016 at 2:53 PM, Stephen Smalley wrote:
> On 02/18/2016 06:04 AM, Andreas Gruenbacher wrote:
>>
>> The inode_getsecid hook is called from contexts in which sleeping is not
>> allowed, so we cannot revalidate inode security labels from there. Use
>> th
The inode_getsecid hook is called from contexts in which sleeping is not
allowed, so we cannot revalidate inode security labels from there. Use
the non-validating version of inode_security() instead.
Reported-by: Benjamin Coddington
Signed-off-by: Andreas Gruenbacher
---
security/selinux
roughly the original
performance.
Signed-off-by: Andreas Gruenbacher
---
security/selinux/hooks.c | 10 ++
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 40e071a..f8110cf 100644
--- a/security/selinux/hooks.c
+++ b
On Mon, Nov 2, 2015 at 8:27 PM, Paul Moore wrote:
> On Sunday, November 01, 2015 06:24:32 PM Andreas Gruenbacher wrote:
>> When fetching an inode's security label, check if it is still valid, and
>> try reloading it if it is not. Reloading will fail when we are in RCU
>
reacquiring the glock.
Signed-off-by: Andreas Gruenbacher
Acked-by: Bob Peterson
Acked-by: Steven Whitehouse
Cc: cluster-de...@redhat.com
---
fs/gfs2/glops.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/gfs2/glops.c b/fs/gfs2/glops.c
index 1f6c9c3..0833076 100644
--- a/fs/gfs2/glops.c
(sock) inodes.
This patch queue is also available here:
git://git.kernel.org/pub/scm/linux/kernel/git/agruen/linux.git selinux-wip
Thanks,
Andreas
Andreas Gruenbacher (7):
selinux: Remove unused variable in selinux_inode_init_security
security: Make inode argument of inode_getsecurity non
Make the inode argument of the inode_getsecid hook non-const so that we
can use it to revalidate invalid security labels.
Signed-off-by: Andreas Gruenbacher
Acked-by: Stephen Smalley
---
include/linux/audit.h | 8
include/linux/lsm_hooks.h | 2 +-
include/linux/security.h | 4
Add a hook to invalidate an inode's security label when the cached
information becomes invalid.
Add the new hook in selinux: set a flag when a security label becomes
invalid.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: James Morris
Acked-by: Stephen Smalley
---
include/linux/lsm_ho
a dentry
parameter.) When reloading fails, continue using the old, invalid
label.
Signed-off-by: Andreas Gruenbacher
Acked-by: Stephen Smalley
---
security/selinux/hooks.c | 76 +++-
1 file changed, 68 insertions(+), 8 deletions(-)
diff --git a/security
Paul,
On Sun, Nov 1, 2015 at 1:52 PM, Paul Moore wrote:
> If you want, you can just post a
> "8/7" patch with the extra calls added and I'll apply that on top of
> the v4 patchset.
I've also added the additional Acked-by headers, it's easiest to just
repost (I just did).
Thanks,
Andreas
___
Make the inode argument of the inode_getsecurity hook non-const so that
we can use it to revalidate invalid security labels.
Signed-off-by: Andreas Gruenbacher
Acked-by: Stephen Smalley
---
include/linux/lsm_hooks.h | 2 +-
include/linux/security.h | 4 ++--
security/security.c| 2
Add functions dentry_security and inode_security for accessing
inode->i_security. These functions initially don't do much, but they
will later be used to revalidate the security labels when necessary.
Signed-off-by: Andreas Gruenbacher
Acked-by: Stephen Smalley
---
security/selinux
Signed-off-by: Andreas Gruenbacher
Acked-by: Stephen Smalley
---
security/selinux/hooks.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index e4369d8..fc8f626 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
David,
On Thu, Oct 29, 2015 at 1:47 AM, Andreas Gruenbacher
wrote:
> When fetching an inode's security label, check if it is still valid, and
> try reloading it if it is not. Reloading will fail when we are in RCU
> context which doesn't allow sleeping, or when we can't
On Thu, Oct 29, 2015 at 4:21 PM, Stephen Smalley wrote:
> On 10/28/2015 08:47 PM, Andreas Gruenbacher wrote:
>>
>> When fetching an inode's security label, check if it is still valid, and
>> try reloading it if it is not. Reloading will fail when we are in RCU
>
a dentry
parameter.) When reloading fails, continue using the old, invalid
label.
Signed-off-by: Andreas Gruenbacher
---
security/selinux/hooks.c | 70
1 file changed, 65 insertions(+), 5 deletions(-)
diff --git a/security/selinux/hooks.c b/securi
Add a hook to invalidate an inode's security label when the cached
information becomes invalid.
Add the new hook in selinux: set a flag when a security label becomes
invalid.
Signed-off-by: Andreas Gruenbacher
Reviewed-by: James Morris
---
include/linux/lsm_hooks.h
Make the inode argument of the inode_getsecurity hook non-const so that
we can use it to revalidate invalid security labels.
Signed-off-by: Andreas Gruenbacher
---
include/linux/lsm_hooks.h | 2 +-
include/linux/security.h | 4 ++--
security/security.c| 2 +-
security/selinux/hooks.c
patch queue, the SELinux test suite passes:
https://github.com/SELinuxProject/selinux-testsuite
Could you please review?
Thanks,
Andreas
Andreas Gruenbacher (7):
selinux: Remove unused variable in selinux_inode_init_security
security: Make inode argument of inode_getsecurity non-const
Make the inode argument of the inode_getsecid hook non-const so that we
can use it to revalidate invalid security labels.
Signed-off-by: Andreas Gruenbacher
---
include/linux/audit.h | 8
include/linux/lsm_hooks.h | 2 +-
include/linux/security.h | 4 ++--
kernel/audit.c
reacquiring the glock.
Signed-off-by: Andreas Gruenbacher
Cc: Steven Whitehouse
Cc: Bob Peterson
Cc: cluster-de...@redhat.com
---
fs/gfs2/glops.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/gfs2/glops.c b/fs/gfs2/glops.c
index 1f6c9c3..0833076 100644
--- a/fs/gfs2/glops.c
+++ b/fs/gfs2
Add functions dentry_security and inode_security for accessing
inode->i_security. These functions initially don't do much, but they
will later be used to revalidate the security labels when necessary.
Signed-off-by: Andreas Gruenbacher
---
security/selinux/hook
On Wed, Oct 28, 2015 at 7:56 PM, Stephen Smalley wrote:
> On 10/28/2015 01:31 PM, Stephen Smalley wrote:
>>
>> On 10/28/2015 07:48 AM, Andreas Gruenbacher wrote:
>>>
>>> On Tue, Oct 27, 2015 at 5:40 PM, Stephen Smalley
>>> wrote:
>>>>
Signed-off-by: Andreas Gruenbacher
Acked-by: Stephen Smalley
---
security/selinux/hooks.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index e4369d8..fc8f626 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
On Wed, Oct 28, 2015 at 10:12 PM, Paul Moore wrote:
> On Mon, Oct 26, 2015 at 5:15 PM, Andreas Gruenbacher
> wrote:
>> Here is another version of the patch queue to make gfs2 and similar file
>> systems work with SELinux. As suggested by Stephen Smalley [*], the relevan
On Tue, Oct 27, 2015 at 6:20 PM, Stephen Smalley wrote:
> On 10/26/2015 05:15 PM, Andreas Gruenbacher wrote:
>> @@ -2217,7 +2231,7 @@ static int selinux_bprm_set_creds(struct
>> linux_binprm *bprm)
>>
>> old_tsec = current_security();
>>
On Tue, Oct 27, 2015 at 5:40 PM, Stephen Smalley wrote:
> On 10/26/2015 05:15 PM, Andreas Gruenbacher wrote:
>>
>> Use path_has_perm directly instead.
>
>
> This reverts:
>
> commit 13f8e9810bff12d01807b6f92329111f45218235
> Author: David Howells
> Da
reacquiring the glock.
Signed-off-by: Andreas Gruenbacher
Cc: Steven Whitehouse
Cc: Bob Peterson
Cc: cluster-de...@redhat.com
---
fs/gfs2/glops.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/gfs2/glops.c b/fs/gfs2/glops.c
index 1f6c9c3..0833076 100644
--- a/fs/gfs2/glops.c
+++ b/fs/gfs2
If an inode does not have any dentries attached, we cannot reload its
security label because we cannot use the getxattr inode operation. In that
case, continue using the old, invalid label until a dentry becomes
available.
Signed-off-by: Andreas Gruenbacher
---
include/linux/lsm_hooks.h
Use path_has_perm directly instead.
Signed-off-by: Andreas Gruenbacher
---
security/selinux/hooks.c | 18 +++---
1 file changed, 3 insertions(+), 15 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 65e8689..d6b4dc9 100644
--- a/security/selinux
Add functions dentry_security and inode_security for accessing
inode->i_security. These functions initially don't do much, but they
will later be used to revalidate the security labels when necessary.
Signed-off-by: Andreas Gruenbacher
---
security/selinux/hooks
a dentry parameter.)
Signed-off-by: Andreas Gruenbacher
---
security/selinux/hooks.c | 47 +++
1 file changed, 39 insertions(+), 8 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f93dafd..61aead9 100644
--- a/securi
l&m=144416710207686&w=2
The patches are looking good from my point of view; is there anything else that
needs addressing?
Does SELinux have test suites that these patches could be tested agains?
Thanks,
Andreas
Andreas Gruenbacher (7):
selinux: Remove unused variable in selinux_inode_init_securit
In dentry_has_perm, path_has_perm, and file_has_perm, push the dentry down
to before avc_has_perm so that dentry_security can be used instead of
inode_security. Since inode_has_perm now takes a dentry, rename it to
__dentry_has_perm.
Signed-off-by: Andreas Gruenbacher
---
security/selinux
Signed-off-by: Andreas Gruenbacher
---
security/selinux/hooks.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index e4369d8..fc8f626 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2756,13 +2756,11 @@ static int
On Mon, Oct 5, 2015 at 5:08 PM, Stephen Smalley wrote:
> Not fond of these magic initialized values.
That should be a solvable problem.
> Is it always safe to call inode_doinit() from all callers of
> inode_has_perm()?
As long as inode_has_perm is only used in contexts in which a file
permissio
On Mon, Oct 5, 2015 at 8:24 PM, Casey Schaufler wrote:
> On 10/4/2015 12:19 PM, Andreas Gruenbacher wrote:
>> Add a hook to invalidate an inode's security label when the cached
>> information becomes invalid.
>
> Where is this used?
See the next patch in this patch qu
If an inode does not have any dentries attached, we cannot reload its
security label because we cannot use the getxattr inode operation. In that
case, continue using the old, invalid label until a dentry becomes
available.
Signed-off-by: Andreas Gruenbacher
Cc: Paul Moore
Cc: Stephen Smalley
Cc:
49 matches
Mail list logo