mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/security/selinux
History
Paul Moore 381595049d selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling 
commit 200ea5a229 upstream.

A previous fix, commit 83370b31a9 ("selinux: fix error initialization
in inode_doinit_with_dentry()"), changed how failures were handled
before a SELinux policy was loaded.  Unfortunately that patch was
potentially problematic for two reasons: it set the isec->initialized
state without holding a lock, and it didn't set the inode's SELinux
label to the "default" for the particular filesystem.  The later can
be a problem if/when a later attempt to revalidate the inode fails
and SELinux reverts to the existing inode label.

This patch should restore the default inode labeling that existed
before the original fix, without affecting the LABEL_INVALID marking
such that revalidation will still be attempted in the future.

Fixes: 83370b31a9 ("selinux: fix error initialization in inode_doinit_with_dentry()")
Reported-by: Sven Schnelle <svens@linux.ibm.com>
Tested-by: Sven Schnelle <svens@linux.ibm.com>
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Alexander Grund <theflamefire89@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2022-08-25 11:09:22 +02:00
..
include selinux: Convert isec->lock into a spinlock 2022-08-25 11:09:21 +02:00
ss selinux: fix double free 2020-06-30 15:38:31 -04:00
.gitignore
Kconfig selinux: drop SECURITY_SELINUX_POLICYDB_VERSION_MAX 2016-08-18 20:01:15 -04:00
Makefile selinux: use absolute path to include directory 2016-01-28 10:37:15 -05:00
avc.c selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC 2021-07-20 16:21:07 +02:00
exports.c
hooks.c selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling 2022-08-25 11:09:22 +02:00
netif.c
netlabel.c calipso: Add a label cache. 2016-06-27 15:06:17 -04:00
netlink.c
netnode.c
netport.c
nlmsgtab.c rtnetlink: add new RTM_GETSTATS message to dump link stats 2016-04-20 15:43:42 -04:00
selinuxfs.c selinux: Minor cleanups 2022-08-25 11:09:21 +02:00
xfrm.c selinux: use correct type for context length 2022-04-20 09:06:38 +02:00