This is a third iteration of the attempt to fix a race condition in SELinux runtime disable. [1] [2] This version takes the approach of removing the security_delete_hooks() function (and CONFIG_SECURITY_WRITABLE_HOOKS) and just returning from the hooks early when SELinux has been disabled on runtime. Note that the runtime disable functionality is being deprecated and this is only a temporary solution. The first patch is an SMP semantics cleanup in SELinux; the second one builds on top of it and does the actual conversion. Tested on Fedora Rawhide by running selinux-testsuite with SELinux enabled + boot tested with SELINUX=disabled. Also compile-tested with all LSMs enabled in config. [1] https://lore.kernel.org/selinux/20191211140833.939845-1-omosnace@xxxxxxxxxx/T/ [2] https://lore.kernel.org/selinux/20191209075756.123157-1-omosnace@xxxxxxxxxx/T/ Ondrej Mosnacek (2): selinux: treat atomic flags more carefully security,selinux: get rid of security_delete_hooks() include/linux/lsm_hooks.h | 31 -- security/Kconfig | 5 - security/apparmor/lsm.c | 6 +- security/commoncap.c | 2 +- security/loadpin/loadpin.c | 2 +- security/lockdown/lockdown.c | 2 +- security/security.c | 5 +- security/selinux/Kconfig | 6 - security/selinux/hooks.c | 763 ++++++++++++++++++++++++---- security/selinux/include/security.h | 33 +- security/selinux/ss/services.c | 38 +- security/smack/smack_lsm.c | 4 +- security/tomoyo/tomoyo.c | 6 +- security/yama/yama_lsm.c | 2 +- 14 files changed, 715 insertions(+), 190 deletions(-) -- 2.24.1
