diff options
| author | Paul Moore <pmoore@redhat.com> | 2013-12-13 14:49:53 -0500 |
|---|---|---|
| committer | Paul Moore <pmoore@redhat.com> | 2013-12-13 14:52:25 -0500 |
| commit | 4d546f81717d253ab67643bf072c6d8821a9249c (patch) | |
| tree | 2bfae32c5e42b7b57cab82efbe71f522db79af60 /security/selinux/ss/services.c | |
| parent | 598cdbcf861825692fe7905e0fd662c7d06bae58 (diff) | |
| download | linux-stable-4d546f81717d253ab67643bf072c6d8821a9249c.tar.gz linux-stable-4d546f81717d253ab67643bf072c6d8821a9249c.tar.bz2 linux-stable-4d546f81717d253ab67643bf072c6d8821a9249c.zip | |
selinux: revert 102aefdda4d8275ce7d7100bc16c88c74272b260
Revert "selinux: consider filesystem subtype in policies"
This reverts commit 102aefdda4d8275ce7d7100bc16c88c74272b260.
Explanation from Eric Paris:
SELinux policy can specify if it should use a filesystem's
xattrs or not. In current policy we have a specification that
fuse should not use xattrs but fuse.glusterfs should use
xattrs. This patch has a bug in which non-glusterfs
filesystems would match the rule saying fuse.glusterfs should
use xattrs. If both fuse and the particular filesystem in
question are not written to handle xattr calls during the mount
command, they will deadlock.
I have fixed the bug to do proper matching, however I believe a
revert is still the correct solution. The reason I believe
that is because the code still does not work. The s_subtype is
not set until after the SELinux hook which attempts to match on
the ".gluster" portion of the rule. So we cannot match on the
rule in question. The code is useless.
Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'security/selinux/ss/services.c')
| -rw-r--r-- | security/selinux/ss/services.c | 42 |
1 files changed, 4 insertions, 38 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 6db5546717eb..fc5a63a05a1c 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -2344,50 +2344,16 @@ int security_fs_use(struct super_block *sb) struct ocontext *c; struct superblock_security_struct *sbsec = sb->s_security; const char *fstype = sb->s_type->name; - const char *subtype = (sb->s_subtype && sb->s_subtype[0]) ? sb->s_subtype : NULL; - struct ocontext *base = NULL; read_lock(&policy_rwlock); - for (c = policydb.ocontexts[OCON_FSUSE]; c; c = c->next) { - char *sub; - int baselen; - - baselen = strlen(fstype); - - /* if base does not match, this is not the one */ - if (strncmp(fstype, c->u.name, baselen)) - continue; - - /* if there is no subtype, this is the one! */ - if (!subtype) - break; - - /* skip past the base in this entry */ - sub = c->u.name + baselen; - - /* entry is only a base. save it. keep looking for subtype */ - if (sub[0] == '\0') { - base = c; - continue; - } - - /* entry is not followed by a subtype, so it is not a match */ - if (sub[0] != '.') - continue; - - /* whew, we found a subtype of this fstype */ - sub++; /* move past '.' */ - - /* exact match of fstype AND subtype */ - if (!strcmp(subtype, sub)) + c = policydb.ocontexts[OCON_FSUSE]; + while (c) { + if (strcmp(fstype, c->u.name) == 0) break; + c = c->next; } - /* in case we had found an fstype match but no subtype match */ - if (!c) - c = base; - if (c) { sbsec->behavior = c->v.behavior; if (!c->sid[0]) { |