Avoid mounting /proc outside of selinux_init_load_policy().

Message ID	1463157070-31643-1-git-send-email-sds@tycho.nsa.gov (mailing list archive)
State	Not Applicable
Headers	show Return-Path: <selinux-bounces@tycho.nsa.gov> IronPort-PHdr: =?us-ascii?q?9a23=3AyMe8TBWpKtrJs/dpCBjnB9Hin+HV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYZhGCt8tkgFKBZ4jH8fUM07OQ6PCxHzZZqsfR+Fk5M7VyFDY9wf?= =?us-ascii?q?0MmAIhBMPXQWbaF9XNKxIAIcJZSVV+9Gu6O0UGUOz3ZlnVv2HgpWVKQka3CwN5?= =?us-ascii?q?K6zPF5LIiIzvjqbpq8yVOVwD1Wr1SIgxBSv1hD2ZjtMRj4pmJ/R54TryiVwMRd?= =?us-ascii?q?5rw3h1L0mYhRf265T41pdi9yNNp6BprJYYAu3HZaBwcZh0RHRjaTh0t4XXskzY?= =?us-ascii?q?QA+O4GYMenkHmRpPRQ7e5Vf1WYminDH9s79GxCSCPcDwBYsxUDCm4rYjHATkkw?= =?us-ascii?q?8bJjU59yfRkcU2g6VF9kHy7ydjypLZNdnGfMF1ebnQKJZAHWc=3D?= From: Stephen Smalley <sds@tycho.nsa.gov> To: selinux@tycho.nsa.gov Subject: [PATCH] Avoid mounting /proc outside of selinux_init_load_policy(). Date: Fri, 13 May 2016 12:31:10 -0400 Message-Id: <1463157070-31643-1-git-send-email-sds@tycho.nsa.gov> Precedence: list Cc: ben.shelton@ni.com, Stephen Smalley <sds@tycho.nsa.gov>, 823184-forwarded@bugs.debian.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>

Message ID

1463157070-31643-1-git-send-email-sds@tycho.nsa.gov (mailing list archive)

State

Not Applicable

Headers

IronPort-PHdr: =?us-ascii?q?9a23=3AyMe8TBWpKtrJs/dpCBjnB9Hin+HV8LGtZVwlr6E/?=
	=?us-ascii?q?grcLSJyIuqrYZhGCt8tkgFKBZ4jH8fUM07OQ6PCxHzZZqsfR+Fk5M7VyFDY9wf?=
	=?us-ascii?q?0MmAIhBMPXQWbaF9XNKxIAIcJZSVV+9Gu6O0UGUOz3ZlnVv2HgpWVKQka3CwN5?=
	=?us-ascii?q?K6zPF5LIiIzvjqbpq8yVOVwD1Wr1SIgxBSv1hD2ZjtMRj4pmJ/R54TryiVwMRd?=
	=?us-ascii?q?5rw3h1L0mYhRf265T41pdi9yNNp6BprJYYAu3HZaBwcZh0RHRjaTh0t4XXskzY?=
	=?us-ascii?q?QA+O4GYMenkHmRpPRQ7e5Vf1WYminDH9s79GxCSCPcDwBYsxUDCm4rYjHATkkw?=
	=?us-ascii?q?8bJjU59yfRkcU2g6VF9kHy7ydjypLZNdnGfMF1ebnQKJZAHWc=3D?=
From: Stephen Smalley <sds@tycho.nsa.gov>
To: selinux@tycho.nsa.gov
Subject: [PATCH] Avoid mounting /proc outside of selinux_init_load_policy().
Date: Fri, 13 May 2016 12:31:10 -0400
Message-Id: <1463157070-31643-1-git-send-email-sds@tycho.nsa.gov>
Precedence: list
Cc: ben.shelton@ni.com, Stephen Smalley <sds@tycho.nsa.gov>,
	823184-forwarded@bugs.debian.org
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>

Commit Message

Stephen Smalley May 13, 2016, 4:31 p.m. UTC

Temporarily mounting /proc within selinuxfs_exists() can cause
problems since it can be called by a libselinux constructor and
therefore may be invoked by every program linked with libselinux.
Since this was only motivated originally by a situation where
selinuxfs_exists() was called from selinux_init_load_policy()
before /proc was mounted, fix it in selinux_init_load_policy() instead.

This reverts commit 5a8d8c499b2ef80eaa7b5abe2ec68d7101e613bf
("libselinux: only mount /proc if necessary") and
commit 9df498884665d79474b79f0f30d1cd67df11bd3e
("libselinux: Mount procfs before checking /proc/filesystems").

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 libselinux/src/init.c        | 27 +++------------------------
 libselinux/src/load_policy.c | 15 ++++++++++-----
 2 files changed, 13 insertions(+), 29 deletions(-)

diff --git a/libselinux/src/init.c b/libselinux/src/init.c
index 3530594..3c687a2 100644
--- a/libselinux/src/init.c
+++ b/libselinux/src/init.c
@@ -11,8 +11,6 @@ 
 #include <sys/vfs.h>
 #include <stdint.h>
 #include <limits.h>
-#include <sys/mount.h>
-#include <linux/magic.h>
 
 #include "dso.h"
 #include "policy.h"
@@ -58,26 +56,15 @@  static int verify_selinuxmnt(const char *mnt)
 
 int selinuxfs_exists(void)
 {
-	int exists = 0, mnt_rc = -1, rc;
-	struct statfs sb;
+	int exists = 0;
 	FILE *fp = NULL;
 	char *buf = NULL;
 	size_t len;
 	ssize_t num;
 
-	do {
-		rc = statfs("/proc", &sb);
-	} while (rc < 0 && errno == EINTR);
-
-	if (rc == 0 && ((uint32_t)sb.f_type != (uint32_t)PROC_SUPER_MAGIC))
-		mnt_rc = mount("proc", "/proc", "proc", 0, 0);
-
 	fp = fopen("/proc/filesystems", "r");
-	if (!fp) {
-		exists = 1; /* Fail as if it exists */
-		goto out;
-	}
-
+	if (!fp)
+		return 1; /* Fail as if it exists */
 	__fsetlocking(fp, FSETLOCKING_BYCALLER);
 
 	num = getline(&buf, &len, fp);
@@ -91,14 +78,6 @@  int selinuxfs_exists(void)
 
 	free(buf);
 	fclose(fp);
-
-out:
-#ifndef MNT_DETACH
-#define MNT_DETACH 2
-#endif
-	if (mnt_rc == 0)
-		umount2("/proc", MNT_DETACH);
-
 	return exists;
 }
 hidden_def(selinuxfs_exists)
diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
index 21ee58b..4f39fc7 100644
--- a/libselinux/src/load_policy.c
+++ b/libselinux/src/load_policy.c
@@ -17,6 +17,10 @@ 
 #include "policy.h"
 #include <limits.h>
 
+#ifndef MNT_DETACH
+#define MNT_DETACH 2
+#endif
+
 int security_load_policy(void *data, size_t len)
 {
 	char path[PATH_MAX];
@@ -348,11 +352,6 @@  int selinux_init_load_policy(int *enforce)
 		fclose(cfg);
 		free(buf);
 	}
-#ifndef MNT_DETACH
-#define MNT_DETACH 2
-#endif
-	if (rc == 0)
-		umount2("/proc", MNT_DETACH);
 
 	/* 
 	 * Determine the final desired mode.
@@ -400,11 +399,17 @@  int selinux_init_load_policy(int *enforce)
 			/* Only emit this error if selinux was not disabled */
 			fprintf(stderr, "Mount failed for selinuxfs on %s:  %s\n", SELINUXMNT, strerror(errno));
 		}
+
+		if (rc == 0)
+			umount2("/proc", MNT_DETACH);
                 
 		goto noload;
 	}
 	set_selinuxmnt(mntpoint);
 
+	if (rc == 0)
+		umount2("/proc", MNT_DETACH);
+
 	/*
 	 * Note:  The following code depends on having selinuxfs 
 	 * already mounted and selinuxmnt set above.

Avoid mounting /proc outside of selinux_init_load_policy().

Commit Message

Patch