From patchwork Tue Apr 26 19:36:20 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Seth Forshee X-Patchwork-Id: 8944511 Return-Path: X-Original-To: patchwork-selinux@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id DC0769F441 for ; Tue, 26 Apr 2016 20:12:43 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id C46102014A for ; Tue, 26 Apr 2016 20:12:42 +0000 (UTC) Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) by mail.kernel.org (Postfix) with ESMTP id 7A87D20138 for ; Tue, 26 Apr 2016 20:12:41 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.24,538,1454976000"; d="scan'208";a="15644034" IronPort-PHdr: =?us-ascii?q?9a23=3ANIFd3hNMNunLw3dyIy4l6mtUPXoX/o7sNwtQ0KIM?= =?us-ascii?q?zox0KfXyrarrMEGX3/hxlliBBdydsKIUzbWH+Pm7ByQp2tWojjMrSNR0TRgLiM?= =?us-ascii?q?EbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpQAbFhi3Dwdp?= =?us-ascii?q?POO9QteU1JTnkb/jsMSIPU1hv3mUX/BbFF2OtwLft80b08NJC50a7V/3mEZOYP?= =?us-ascii?q?lc3mhyJFiezF7W78a0+4N/oWwL46pyv+YJa6jxfrw5QLpEF3xmdjltvIy4/SXE?= =?us-ascii?q?GEGi/HoXGlpQ2jBJDgTI9hTzWN255ibwt+dx1TOfFd3zTKsvWDOkqaxsTUmswB?= =?us-ascii?q?8OKjpx1WbQkME42LpSvRaJvxVix8vRZ4aPObx1eaaLOZshWWdZXstXHxdEC4e4?= =?us-ascii?q?YppHW/ENJs5EvoL9oB0IthL4Cg6yUqen5yVJjTfO1Lc7yKx1HBnPxg07N8oHqn?= =?us-ascii?q?XPtNH8P6pUVvq6mvrm1zLGOshbxTe1xo/SaRAsrLnYRr9scYzfzlM0Fw7Ipl6Z?= =?us-ascii?q?r4vjPjic0qIGtG3NvLkobv6ml2Ny81I5mTOo3Mp5z9CR3o8=3D?= X-IPAS-Result: =?us-ascii?q?A2EJBQBzyh9X/wHyM5BeHAGCcCuBULt1IYF2hUVMAQEBAQE?= =?us-ascii?q?BAgJiJ4ItfVs9AQEBAwECDxUTBgEBDCALAQIDCQEBFykICAMBLQMBBQELEQYBB?= =?us-ascii?q?wsFGAQBiAgBpVWBMT4xik+FKAEEjEYBAQEHAQEBARYGCoQNggqIWhEBhXQBjky?= =?us-ascii?q?JSIFVjESJKiWFQI1yMIEOYoI2gVNOAYd4gTUBAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Apr 2016 20:12:40 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3QKCd3P021691; Tue, 26 Apr 2016 16:12:40 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u3QJaxps172297 for ; Tue, 26 Apr 2016 15:36:59 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3QJakxr011587 for ; Tue, 26 Apr 2016 15:36:59 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0A+BQD9wR9X/yQp0Apegw0rgVC3cIQRhg8CgUBMAQEBAQEBZieEQgEBAQMSFRkBATcBD1E0AQUBHAYBEiKICAGlV4ExPjGKT4UoAQSMSgEBAQEBAQEDAgEXBgqEDYIKjmCOTYlIgVWMRIkqhWWNcjCBDmKBeD6BU04BiS0BAQE X-IPAS-Result: A0A+BQD9wR9X/yQp0Apegw0rgVC3cIQRhg8CgUBMAQEBAQEBZieEQgEBAQMSFRkBATcBD1E0AQUBHAYBEiKICAGlV4ExPjGKT4UoAQSMSgEBAQEBAQEDAgEXBgqEDYIKjmCOTYlIgVWMRIkqhWWNcjCBDmKBeD6BU04BiS0BAQE X-IronPort-AV: E=Sophos;i="5.24,537,1454994000"; d="scan'208";a="5410378" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 26 Apr 2016 15:36:59 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AR4g4XhUaLZ1ZCQi5Q1VckycdVG/V8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYZx2Ot8tkgFKBZ4jH8fUM07OQ6PCwHzNRqs/a6DgrS99laVwssY?= =?us-ascii?q?0uhQsuAcqIWwXQDcXBSGgEJvlET0Jv5HqhMEJYS47UblzWpWCuv3ZJQk2sfTR8?= =?us-ascii?q?Kum9IIPOlcP/j7n0oM2DJVoZz2PmOftbF1afk0b4joEum4xsK6I8mFPig0BjXK?= =?us-ascii?q?Bo/15uPk+ZhB3m5829r9ZJ+iVUvO89pYYbCf2pN4xxd7FTDSwnPmYp/4Wr8ECb?= =?us-ascii?q?FUrcrkcbBy87iBtDSzeDpDv7U5v8qC7zsKA1jCSQPMD6QKoxcSSn7rxwSRjuzi?= =?us-ascii?q?wAMmh9uFnel8g4qaVcuh/p8wR23or8eIiIML97eaTHcJURQm8XGo5qSyFZAo66?= =?us-ascii?q?J7AKBu4FMPcQ+5LxvHMSvBC+Ak+qH+qpxThW0Du+8Lc72KwZGBvHx0R0EsoHqn?= =?us-ascii?q?XPhM38LqYJSeS8x6SOyi/MOaB4wzD4vbPFbhBpj/aWRrJ9fIKF0kQzF0XLiU+L?= =?us-ascii?q?qYHoFzic0OMLsmOS66xrUuf52D1vkB14vjX6npRksYLOnI9AjwmcrSg=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0HzAAC5wh9Xj7XfVdFegw2Be7dwhBGCD?= =?us-ascii?q?YQCAoFATAEBAQEBAQICDwEBAQEHCwsJIS+CLX1bPQEBAQMSFRkBATcBD1E0AQU?= =?us-ascii?q?BHAYBEiKICAGlV4ExPjGKT4UoAQSMSgEBAQEBAQEDAgEXBgqEDYIKjmCOTYlIg?= =?us-ascii?q?VWMRIkqhWWNcjCBDoJaHiCBU04BiS0BAQE?= X-IPAS-Result: =?us-ascii?q?A0HzAAC5wh9Xj7XfVdFegw2Be7dwhBGCDYQCAoFATAEBAQE?= =?us-ascii?q?BAQICDwEBAQEHCwsJIS+CLX1bPQEBAQMSFRkBATcBD1E0AQUBHAYBEiKICAGlV?= =?us-ascii?q?4ExPjGKT4UoAQSMSgEBAQEBAQEDAgEXBgqEDYIKjmCOTYlIgVWMRIkqhWWNcjC?= =?us-ascii?q?BDoJaHiCBU04BiS0BAQE?= X-IronPort-AV: E=Sophos;i="5.24,537,1454976000"; d="scan'208";a="13051008" Received: from mail-io0-f181.google.com ([209.85.223.181]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/AES128-GCM-SHA256; 26 Apr 2016 19:36:57 +0000 Received: by mail-io0-f181.google.com with SMTP id d62so26313580iof.2 for ; Tue, 26 Apr 2016 12:36:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Y/fgcBBMAYgRmesrs5+hi7Ak17pghx1n5F8f+cHH+ts=; b=uTffE9ZLfJiOnhL8NhjUkWGwKBakd6ZRUHzYoflCg8b1RXlE9onQuufHcp9ZSvGBLv CQ/pUdKo/GgB62g7ABkvLn0lq5we5/mebmb/LJuyC6eRujNt3tanZLUT9BSC9Bj+H7dX LgHgrLCekR0YCsUiMejSjY87qHpyBAs/z1vNTPARARBO65Z2Gnxyep5c9Ji0qQNx4jmG JjVYGDAUeCt+m9C4GPux5tmHp2dJiqQ5G0fXG+AkXdD2HzYEYd6IfuKKUCIfG5yRqSkE T+O3Dmn41FHfrNSUIoKvEZoSYvs+JFWbiHrF1/5ASb17e/0ghQOdFD1u8qDPiGpldJ6w ri8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Y/fgcBBMAYgRmesrs5+hi7Ak17pghx1n5F8f+cHH+ts=; b=G8XXpvI4W2rU+oEFjTajuFxIvjyuVdox5vFSrzpDKDJPmkoCXtxz4e8btlOHsNDGbM WpccuLB3vRAkjQRpiUGqzdNlTzgTctX8TiLwZ7y4/Vxook79p1nra8Jb7NuvE5oHMQPd 70Q8UmuM9ypsZWeKCcT1nuOB7mGffRr21IK6gUXRCpgcw5L6GzgoJoDZwnobTIPrTDNV xUqRB1NZCNar8zEXn1IYr8xVzgSB2noOZgAnT4jHr6INQz67QDaeQds7qrY9IB7Y9K+4 Wa3qrD+r6YU/Tx3QxVvb+RvDYV2D45ZOhDpZmzuc5BlNdCtiJQzWpQTZypgachhYQs6U eqIg== X-Gm-Message-State: AOPr4FVaB0p/4NdRonwp4q6Iykx14Q0ktANcbgeKrvsRJOkTYN99DLR30GiFrJJ3OWi/O2s/ X-Received: by 10.107.142.18 with SMTP id q18mr5758923iod.84.1461699416563; Tue, 26 Apr 2016 12:36:56 -0700 (PDT) Received: from localhost ([2605:a601:aab:f920:39a1:5bcf:aa:5b00]) by smtp.gmail.com with ESMTPSA id i9sm2350821ioo.38.2016.04.26.12.36.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 Apr 2016 12:36:56 -0700 (PDT) From: Seth Forshee To: "Eric W. Biederman" , Paul Moore , Stephen Smalley , Eric Paris Subject: [PATCH v4 07/21] selinux: Add support for unprivileged mounts from user namespaces Date: Tue, 26 Apr 2016 14:36:20 -0500 Message-Id: <1461699396-33000-8-git-send-email-seth.forshee@canonical.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1461699396-33000-1-git-send-email-seth.forshee@canonical.com> References: <1461699396-33000-1-git-send-email-seth.forshee@canonical.com> X-Mailman-Approved-At: Tue, 26 Apr 2016 16:11:01 -0400 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: linux-bcache@vger.kernel.org, Serge Hallyn , Seth Forshee , James Morris , dm-devel@redhat.com, Miklos Szeredi , Richard Weinberger , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-raid@vger.kernel.org, fuse-devel@lists.sourceforge.net, Austin S Hemmelgarn , linux-mtd@lists.infradead.org, Alexander Viro , selinux@tycho.nsa.gov, linux-fsdevel@vger.kernel.org, cgroups@vger.kernel.org, Pavel Tikhomirov MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Security labels from unprivileged mounts in user namespaces must be ignored. Force superblocks from user namespaces whose labeling behavior is to use xattrs to use mountpoint labeling instead. For the mountpoint label, default to converting the current task context into a form suitable for file objects, but also allow the policy writer to specify a different label through policy transition rules. Pieced together from code snippets provided by Stephen Smalley. Signed-off-by: Seth Forshee Acked-by: Stephen Smalley Acked-by: James Morris --- security/selinux/hooks.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1350167635cb..33beed3ac589 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -820,6 +820,28 @@ static int selinux_set_mnt_opts(struct super_block *sb, goto out; } } + + /* + * If this is a user namespace mount, no contexts are allowed + * on the command line and security labels must be ignored. + */ + if (sb->s_user_ns != &init_user_ns) { + if (context_sid || fscontext_sid || rootcontext_sid || + defcontext_sid) { + rc = -EACCES; + goto out; + } + if (sbsec->behavior == SECURITY_FS_USE_XATTR) { + sbsec->behavior = SECURITY_FS_USE_MNTPOINT; + rc = security_transition_sid(current_sid(), current_sid(), + SECCLASS_FILE, NULL, + &sbsec->mntpoint_sid); + if (rc) + goto out; + } + goto out_set_opts; + } + /* sets the context of the superblock for the fs being mounted. */ if (fscontext_sid) { rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred); @@ -888,6 +910,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, sbsec->def_sid = defcontext_sid; } +out_set_opts: rc = sb_finish_set_opts(sb); out: mutex_unlock(&sbsec->lock);