On Fri, May 1, 2020 at 8:55 AM Chirantan Ekbote <chirantan@xxxxxxxxxxxx> wrote: > > Hello, > > I noticed that the fuse module doesn't currently call > security_inode_init_security and I was wondering if there is a > specific reason for that. I found a patch from 2013[1] that would > change fuse so that it would call that function but it doesn't appear > that the patch was merged. > > For background: I currently have a virtio-fs server with a guest VM > that wants to use selinux. I was able to enable selinux support > without much issue by adding > > fs_use_xattr virtiofs u:object_r:labeledfs:s0; > > to the selinux policy in the guest. This works for the most part > except that `setfscreatecon` doesn't appear to work. From what I can > tell, this ends up writing to `/proc/[pid]/attr/fscreate` and the > attributes actually get set via the `inode_init_security` lsm hook in > selinux. However, since fuse doesn't call > `security_inode_init_security` the hook never runs so the > file/directory doesn't have the right attributes. > > Is it safe to just call `security_inode_init_security` whenever fuse > creates a new inode? How does this affect non-virtiofs fuse servers? Not sure, Adding more Cc's. I know there's a deadlock scenario with getxattr called on root inode before mount returns, which causes a deadlock unless mount is run in the background. Current libfuse doesn't handle this, but I think some fuse fs work around this by not using libfuse, or at least have some special setup code (glusterfs? ceph-fuse? not sure...). I also don't know whether the ->inode_init_security hook is related to this or not. Thanks, Miklos
