On Fri, Jan 17, 2020 at 3:23 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
>
> commit 2db154b3ea8e ("vfs: syscall: Add move_mount(2) to move mounts around")
> introduced a new move_mount(2) system call and a corresponding new LSM
> security_move_mount hook but did not implement this hook for any existing
> LSM. This creates a regression for SELinux with respect to consistent
> checking of mounts; the existing selinux_mount hook checks mounton
> permission to the mount point path. Provide a SELinux hook
> implementation for move_mount that applies this same check for
> consistency. In the future we may wish to add a new move_mount
> filesystem permission and check as well, but this addresses
> the immediate regression.
>
> Fixes: 2db154b3ea8e ("vfs: syscall: Add move_mount(2) to move mounts around")
> Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
> ---
> v2 drops the RFC prefix, changes the subject to make it more evident that
> this is a regression fix, and drops the TBD comment from the hook.
>
> security/selinux/hooks.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
This looks good to me too, thanks Stephen. Because of the nature of
this fix, I'm going to merge this into next now, even though we are at
-rc7. Since we are effectively treating this as another mount
operation, and reusing the file:mounton permission, I don't believe
there should be any widespread access denials on existing distros ...
I assume you've at least tested this on Fedora and everything looked
okay?
It also looks like the fs tests Richard is working on includes tests
for the move_mount() so I think we are covered as far as the
selinux-testsuite is concerned.
--
paul moore
www.paul-moore.com
