On 8/12/20 2:51 PM, Stephen Smalley wrote:
On Wed, Aug 12, 2020 at 10:09 AM Daniel Burgener
<dburgener@xxxxxxxxxxxxxxxxxxx> wrote:
In the current implementation, on policy load /sys/fs/selinux is updated
by deleting the previous contents of
/sys/fs/selinux/{class,booleans,policy_capabilities} and then recreating
them. This means that there is a period of time when the contents of
these directories do not exist which can cause race conditions as
userspace relies on them for information about the policy. In addition,
it means that error recovery in the event of failure is challenging.
I haven't looked closely yet, but note that my patches stopped
removing the policy_capabilities directory entries altogether and only
create them during initialization of the mount, because the set of
directory entries is not policy-dependent (only the values read from
them are policy-dependent, not the names themselves). It was a
mistake to ever re-create those entries in the first place. So you
only need to deal with the class and booleans directories in your
patches. Also, I would recommend cc'ing viro and linux-fsdevel on
your patch set in addition to selinux so that they can look at it from
a vfs point of view.
Oops, that was a mistake in the fixing up of the cover letter. When I
rebased
on your patches I fixed that issue in code and in the commit message for
the second
patch in the series, but it looks like I missed it here and in the other
commit messages.
I'll clean that up and resend with the additional ccs. Thanks!
-Daniel
