On 8/19/20 9:45 AM, Stephen Smalley wrote:
Certain SELinux security server functions (e.g. security_port_sid,
called during bind) were not explicitly testing to see if SELinux
has been initialized (i.e. initial policy loaded) and handling
the no-policy-loaded case. In the past this happened to work
because the policydb was statically allocated and could always
be accessed, but with the recent encapsulation of policy state
and conversion to dynamic allocation, we can no longer access
the policy state prior to initialization. Add a test of
!selinux_initialized(state) to all of the exported functions that
were missing them and handle appropriately.
Fixes: 461698026ffa ("selinux: encapsulate policy state, refactor policy load")
Reported-by: Naresh Kamboju <naresh.kamboju@xxxxxxxxxx>
Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
To test this with no policy loaded, you can do the following on Fedora:
dnf remove selinux-policy-targeted
rm /etc/selinux/config
reboot
It is important to do it in that order; removing selinux-policy-targeted
creates an /etc/selinux/config with SELINUX=disabled, which you must
remove to keep SELinux enabled but with no policy. Also removing
/etc/selinux/config is necessary to cause libselinux to report that
SELinux is disabled to userspace, thereby avoiding all kinds of
userspace breakage.
