From patchwork Tue Nov 17 16:39:08 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 7640021 Return-Path: X-Original-To: patchwork-selinux@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id A94169F392 for ; Tue, 17 Nov 2015 17:22:00 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 00CA42049E for ; Tue, 17 Nov 2015 17:22:00 +0000 (UTC) Received: from emvm-gh1-uea09.nsa.gov (emvm-gh1-uea09.nsa.gov [63.239.67.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B4529204EC for ; Tue, 17 Nov 2015 17:21:58 +0000 (UTC) X-TM-IMSS-Message-ID: <324eba130005219f@nsa.gov> Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by nsa.gov ([63.239.67.10]) with ESMTP (TREND IMSS SMTP Service 7.1) id 324eba130005219f ; Tue, 17 Nov 2015 12:21:01 -0500 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id tAHHJVla009744; Tue, 17 Nov 2015 12:19:35 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id tAHGeDKb018600 for ; Tue, 17 Nov 2015 11:40:13 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id tAHGeCpj005521 for ; Tue, 17 Nov 2015 11:40:13 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1B9AACOVktWla/fVdFeGQEBAQEPAQEBAYRNvEeEDYYPAoFQTAEBAQEBARIBAQEBBw0JCR+EZQEBAQMSFRkBATcBD1E0AQUBHAYBEiKIDAWeCIExPjGKV4VUAQWLTwEBAQEBBQIBGgYKhDqCEI43jhaIOJY4kWs2gReCZyOBfFMBhQkBAQE X-IPAS-Result: A1B9AACOVktWla/fVdFeGQEBAQEPAQEBAYRNvEeEDYYPAoFQTAEBAQEBARIBAQEBBw0JCR+EZQEBAQMSFRkBATcBD1E0AQUBHAYBEiKIDAWeCIExPjGKV4VUAQWLTwEBAQEBBQIBGgYKhDqCEI43jhaIOJY4kWs2gReCZyOBfFMBhQkBAQE X-IronPort-AV: E=Sophos;i="5.20,308,1444708800"; d="scan'208";a="4940873" Received: from emvm-gh1-uea09.nsa.gov ([63.239.67.10]) by goalie.tycho.ncsc.mil with ESMTP; 17 Nov 2015 11:40:11 -0500 X-TM-IMSS-Message-ID: <322a7d0300051603@nsa.gov> Received: from mail-io0-f175.google.com (mail-io0-f175.google.com [209.85.223.175]) by nsa.gov ([63.239.67.10]) with ESMTP (TREND IMSS SMTP Service 7.1; TLSv1/SSLv3 AES128-SHA (128/128)) id 322a7d0300051603 ; Tue, 17 Nov 2015 11:41:26 -0500 Received: by ioc74 with SMTP id 74so24214936ioc.2 for ; Tue, 17 Nov 2015 08:40:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical_com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=MnTbGMV/up3aLu5fuzRuRtdQ9Ijj8JkbYYmCQjfKwY4=; b=M2r1J/KUJ3sWy2VEzHHJEidMyG+YpRAMMSOs9/5HguXMe5YuQ3VQdWD/WGnzmdmuRP 12KoiNzISOofa14aGQpVObJuSI4MPS5ls1ZIIr9obXJqYmyUei2Ynpb5U0SdI9QNVUOW 9UmR9wj8Akxgk8XxcocD8ewr1htGRtO23knvfrwObWlVm/WGxEBRb6w9MydctCbAZQbd q8zjAUdedFquNuY5EZWdJ/JgKfQtcMKc7S3pmYnTnFRIEXkSzwx7FEjTyiMCa58hocL1 xEQPoHj+2TyeiBVai/xLTs7r1DFCLigGT+hXywCOjzXR9rm2Jnvhhniq+YS6PTA3H1e+ oNlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=MnTbGMV/up3aLu5fuzRuRtdQ9Ijj8JkbYYmCQjfKwY4=; b=exw270oeaXjGELnQLO5q41T4yVDoz3zXJe77L4eY6yNT0FxQUnA/4s0VAuzLP1Awq9 Bz8yGoEqbJExJEASWxea92tzZRH6SDxDhaK97B3Kaiu/9CGR4/abyZGM/N59rGz+6qkR 0iNJcHOCFvH5gaSX02UFQ/MyoVPM5bT0W7tNJZhHE+oB0wK7pCpfAcNHHcXLp3YKJ+td C49xOds+Y1PjUt0rQ0ufMIlHzbYiktRI0dMaAZ2rURjlsfNNlKf6NeFxfF6ze7KkEC8g nYAhit+viHwt/GZDmNUWiVIfrVyU/dKlvEgrPU7zmOu+RJkMBqLlKw5Mb2Ac9f7SaHVp TJyA== X-Gm-Message-State: ALoCoQlm+I1pLuSJHeDlosu0VoqM95qlWoXpkVOtkFpYpWhOesJ1mHibexsgrebh1QmG0zSSHxg6 X-Received: by 10.107.3.101 with SMTP id 98mr43944490iod.182.1447778410258; Tue, 17 Nov 2015 08:40:10 -0800 (PST) Received: from localhost (199-87-125-144.dyn.kc.surewest.net. [199.87.125.144]) by smtp.gmail.com with ESMTPSA id wc5sm10000519igb.1.2015.11.17.08.40.09 (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Tue, 17 Nov 2015 08:40:09 -0800 (PST) From: Seth Forshee To: "Eric W. Biederman" , Paul Moore , Stephen Smalley , Eric Paris Subject: [PATCH v3 5/7] selinux: Add support for unprivileged mounts from user namespaces Date: Tue, 17 Nov 2015 10:39:08 -0600 Message-Id: <1447778351-118699-6-git-send-email-seth.forshee@canonical.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1447778351-118699-1-git-send-email-seth.forshee@canonical.com> References: <1447778351-118699-1-git-send-email-seth.forshee@canonical.com> X-TM-AS-MML: disable X-Mailman-Approved-At: Tue, 17 Nov 2015 12:08:00 -0500 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: Serge Hallyn , James Morris , linux-security-module@vger.kernel.org, dm-devel@redhat.com, linux-kernel@vger.kernel.org, linux-raid@vger.kernel.org, Seth Forshee , linux-bcache@vger.kernel.org, linux-mtd@lists.infradead.org, Alexander Viro , selinux@tycho.nsa.gov, linux-fsdevel@vger.kernel.org, Andy Lutomirski MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Security labels from unprivileged mounts in user namespaces must be ignored. Force superblocks from user namespaces whose labeling behavior is to use xattrs to use mountpoint labeling instead. For the mountpoint label, default to converting the current task context into a form suitable for file objects, but also allow the policy writer to specify a different label through policy transition rules. Pieced together from code snippets provided by Stephen Smalley. Signed-off-by: Seth Forshee Acked-by: Stephen Smalley Acked-by: James Morris --- security/selinux/hooks.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index de05207eb665..09be1dc21e58 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -756,6 +756,28 @@ static int selinux_set_mnt_opts(struct super_block *sb, goto out; } } + + /* + * If this is a user namespace mount, no contexts are allowed + * on the command line and security labels must be ignored. + */ + if (sb->s_user_ns != &init_user_ns) { + if (context_sid || fscontext_sid || rootcontext_sid || + defcontext_sid) { + rc = -EACCES; + goto out; + } + if (sbsec->behavior == SECURITY_FS_USE_XATTR) { + sbsec->behavior = SECURITY_FS_USE_MNTPOINT; + rc = security_transition_sid(current_sid(), current_sid(), + SECCLASS_FILE, NULL, + &sbsec->mntpoint_sid); + if (rc) + goto out; + } + goto out_set_opts; + } + /* sets the context of the superblock for the fs being mounted. */ if (fscontext_sid) { rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred); @@ -824,6 +846,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, sbsec->def_sid = defcontext_sid; } +out_set_opts: rc = sb_finish_set_opts(sb); out: mutex_unlock(&sbsec->lock);