On Wed, Aug 12, 2020 at 10:09 AM Daniel Burgener
<dburgener@xxxxxxxxxxxxxxxxxxx> wrote:
>
> In the current implementation, on policy load /sys/fs/selinux is updated
> by deleting the previous contents of
> /sys/fs/selinux/{class,booleans,policy_capabilities} and then recreating
> them. This means that there is a period of time when the contents of
> these directories do not exist which can cause race conditions as
> userspace relies on them for information about the policy. In addition,
> it means that error recovery in the event of failure is challenging.
I haven't looked closely yet, but note that my patches stopped
removing the policy_capabilities directory entries altogether and only
create them during initialization of the mount, because the set of
directory entries is not policy-dependent (only the values read from
them are policy-dependent, not the names themselves). It was a
mistake to ever re-create those entries in the first place. So you
only need to deal with the class and booleans directories in your
patches. Also, I would recommend cc'ing viro and linux-fsdevel on
your patch set in addition to selinux so that they can look at it from
a vfs point of view.
