[PATCH 0/2] LSM: Drop security_delete_hooks()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a third iteration of the attempt to fix a race condition in
SELinux runtime disable. [1] [2]

This version takes the approach of removing the security_delete_hooks()
function (and CONFIG_SECURITY_WRITABLE_HOOKS) and just returning from
the hooks early when SELinux has been disabled on runtime. Note that the
runtime disable functionality is being deprecated and this is only a
temporary solution.

The first patch is an SMP semantics cleanup in SELinux; the second one
builds on top of it and does the actual conversion.

Tested on Fedora Rawhide by running selinux-testsuite with SELinux
enabled + boot tested with SELINUX=disabled. Also compile-tested with
all LSMs enabled in config.

[1] https://lore.kernel.org/selinux/20191211140833.939845-1-omosnace@xxxxxxxxxx/T/
[2] https://lore.kernel.org/selinux/20191209075756.123157-1-omosnace@xxxxxxxxxx/T/

Ondrej Mosnacek (2):
  selinux: treat atomic flags more carefully
  security,selinux: get rid of security_delete_hooks()

 include/linux/lsm_hooks.h           |  31 --
 security/Kconfig                    |   5 -
 security/apparmor/lsm.c             |   6 +-
 security/commoncap.c                |   2 +-
 security/loadpin/loadpin.c          |   2 +-
 security/lockdown/lockdown.c        |   2 +-
 security/security.c                 |   5 +-
 security/selinux/Kconfig            |   6 -
 security/selinux/hooks.c            | 763 ++++++++++++++++++++++++----
 security/selinux/include/security.h |  33 +-
 security/selinux/ss/services.c      |  38 +-
 security/smack/smack_lsm.c          |   4 +-
 security/tomoyo/tomoyo.c            |   6 +-
 security/yama/yama_lsm.c            |   2 +-
 14 files changed, 715 insertions(+), 190 deletions(-)

-- 
2.24.1




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux