From: Steve Grubb <[email protected]>
Date: Mon Apr 3 09:08:13 2006 -0400
The below patch should be applied after the inode and ipc sid patches.
This patch is a reworking of Tim's patch that has been updated to match
the inode and ipc patches since its similar.
[updated:
> Stephen Smalley also wanted to change a variable from isec to tsec in the
> user sid patch. ]
Signed-off-by: Steve Grubb <[email protected]>
Signed-off-by: Al Viro <[email protected]>
---
include/linux/netlink.h | 1 +
include/linux/selinux.h | 16 ++++++++++++++++
kernel/audit.c | 22 +++++++++++++++++++---
net/netlink/af_netlink.c | 2 ++
security/selinux/exports.c | 11 +++++++++++
5 files changed, 49 insertions(+), 3 deletions(-)
e7c3497013a7e5496ce3d5fd3c73b5cf5af7a56e
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index f8f3d1c..87b8a57 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -143,6 +143,7 @@ struct netlink_skb_parms
__u32 dst_group;
kernel_cap_t eff_cap;
__u32 loginuid; /* Login (audit) uid */
+ __u32 sid; /* SELinux security id */
};
#define NETLINK_CB(skb) (*(struct netlink_skb_parms*)&((skb)->cb))
diff --git a/include/linux/selinux.h b/include/linux/selinux.h
index 413d667..4047bcd 100644
--- a/include/linux/selinux.h
+++ b/include/linux/selinux.h
@@ -5,6 +5,7 @@
*
* Copyright (C) 2005 Red Hat, Inc., James Morris <[email protected]>
* Copyright (C) 2006 Trusted Computer Solutions, Inc. <[email protected]>
+ * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <[email protected]>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2,
@@ -108,6 +109,16 @@ void selinux_get_inode_sid(const struct
*/
void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid);
+/**
+ * selinux_get_task_sid - return the SID of task
+ * @tsk: the task whose SID will be returned
+ * @sid: pointer to security context ID to be filled in.
+ *
+ * Returns nothing
+ */
+void selinux_get_task_sid(struct task_struct *tsk, u32 *sid);
+
+
#else
static inline int selinux_audit_rule_init(u32 field, u32 op,
@@ -156,6 +167,11 @@ static inline void selinux_get_ipc_sid(c
*sid = 0;
}
+static inline void selinux_get_task_sid(struct task_struct *tsk, u32 *sid)
+{
+ *sid = 0;
+}
+
#endif /* CONFIG_SECURITY_SELINUX */
#endif /* _LINUX_SELINUX_H */
diff --git a/kernel/audit.c b/kernel/audit.c
index 9060be7..7ec9cca 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -390,7 +390,7 @@ static int audit_netlink_ok(kernel_cap_t
static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
{
- u32 uid, pid, seq;
+ u32 uid, pid, seq, sid;
void *data;
struct audit_status *status_get, status_set;
int err;
@@ -416,6 +416,7 @@ static int audit_receive_msg(struct sk_b
pid = NETLINK_CREDS(skb)->pid;
uid = NETLINK_CREDS(skb)->uid;
loginuid = NETLINK_CB(skb).loginuid;
+ sid = NETLINK_CB(skb).sid;
seq = nlh->nlmsg_seq;
data = NLMSG_DATA(nlh);
@@ -468,8 +469,23 @@ static int audit_receive_msg(struct sk_b
ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
if (ab) {
audit_log_format(ab,
- "user pid=%d uid=%u auid=%u msg='%.1024s'",
- pid, uid, loginuid, (char *)data);
+ "user pid=%d uid=%u auid=%u",
+ pid, uid, loginuid);
+ if (sid) {
+ char *ctx = NULL;
+ u32 len;
+ if (selinux_ctxid_to_string(
+ sid, &ctx, &len)) {
+ audit_log_format(ab,
+ " subj=%u", sid);
+ /* Maybe call audit_panic? */
+ } else
+ audit_log_format(ab,
+ " subj=%s", ctx);
+ kfree(ctx);
+ }
+ audit_log_format(ab, " msg='%.1024s'",
+ (char *)data);
audit_set_pid(ab, pid);
audit_log_end(ab);
}
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 2a233ff..09fbc4b 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -56,6 +56,7 @@ #include <linux/bitops.h>
#include <linux/mm.h>
#include <linux/types.h>
#include <linux/audit.h>
+#include <linux/selinux.h>
#include <net/sock.h>
#include <net/scm.h>
@@ -1157,6 +1158,7 @@ static int netlink_sendmsg(struct kiocb
NETLINK_CB(skb).dst_pid = dst_pid;
NETLINK_CB(skb).dst_group = dst_group;
NETLINK_CB(skb).loginuid = audit_get_loginuid(current->audit_context);
+ selinux_get_task_sid(current, &(NETLINK_CB(skb).sid));
memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
/* What can I do? Netlink is asynchronous, so that
diff --git a/security/selinux/exports.c b/security/selinux/exports.c
index 7357cf2..ae4c73e 100644
--- a/security/selinux/exports.c
+++ b/security/selinux/exports.c
@@ -5,6 +5,7 @@
*
* Copyright (C) 2005 Red Hat, Inc., James Morris <[email protected]>
* Copyright (C) 2006 Trusted Computer Solutions, Inc. <[email protected]>
+ * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <[email protected]>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2,
@@ -61,3 +62,13 @@ void selinux_get_ipc_sid(const struct ke
*sid = 0;
}
+void selinux_get_task_sid(struct task_struct *tsk, u32 *sid)
+{
+ if (selinux_enabled) {
+ struct task_security_struct *tsec = tsk->security;
+ *sid = tsec->sid;
+ return;
+ }
+ *sid = 0;
+}
+
--
1.3.0.g0080f
Something seems to be wrong in selinux_get_task_sid. I am getting
thousands of these and can't boot the kernel.
May 3 08:51:53 jonsmirl kernel: Code: 00 00 c3 83 3d 60 c3 32 c0 00
74 09 8b 40 24 8b 40 08 89 02 c3 c7 02 00 00 00 00 c3 83 3d 60 c3 32
c0 00 74 0c 8b 80 90 04 00 00 <8b> 40 08 89 02 c3 c7 02 00 00 00 00 c3
83 3d 60 c3 32 c0 00 74
May 3 08:51:53 jonsmirl kernel: EIP: [<c01b3918>]
selinux_get_task_sid+0xf/0x1c SS:ESP 0068:e9b5cd9c
May 3 08:51:53 jonsmirl kernel: <1>BUG: unable to handle kernel NULL
pointer dereference at virtual address 00000008
May 3 08:51:53 jonsmirl kernel: printing eip:
May 3 08:51:53 jonsmirl kernel: c01b3918
May 3 08:51:53 jonsmirl kernel: *pde = 00000000
May 3 08:51:53 jonsmirl kernel: Oops: 0000 [#25]
May 3 08:51:53 jonsmirl kernel: SMP
May 3 08:51:53 jonsmirl kernel: Modules linked in: af_packet
xt_length ipt_ttl xt_tcpmss ipt_TCPMSS iptable_mangle xt_multiport
xt_limit ipt_tos nfsd exportfs lockd sunrpc ipv6 autofs4 snd_usb_audio
snd_seq_oss snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss
snd_pcm snd_timer snd_page_alloc snd_usb_lib snd_rawmidi
snd_seq_device snd_hwdep snd soundcore ip_conntrack_netbios_ns
ipt_REJECT xt_state ip_conntrack nfnetlink xt_tcpudp iptable_filter
ip_tables x_tables nls_iso8859_1 nls_cp437 vfat fat evdev usbhid video
thermal processor fan button battery ac lp parport_pc parport floppy
ohci1394 ieee1394 uhci_hcd ehci_hcd e1000 i2c_i801 i2c_core
i82875p_edac hw_random edac_mc rtc usbcore unix
May 3 08:51:53 jonsmirl kernel: CPU: 0
May 3 08:51:53 jonsmirl kernel: EIP: 0060:[<c01b3918>] Not tainted VLI
May 3 08:51:53 jonsmirl kernel: EFLAGS: 00010202 (2.6.17-rc3 #122)
May 3 08:51:53 jonsmirl kernel: EIP is at selinux_get_task_sid+0xf/0x1c
May 3 08:51:53 jonsmirl kernel: eax: 00000000 ebx: e944e000 ecx:
00000000 edx: f7bb9428
May 3 08:51:53 jonsmirl kernel: esi: e944eebc edi: f7bb9408 ebp:
f7bb93d8 esp: e944ed9c
May 3 08:51:53 jonsmirl kernel: ds: 007b es: 007b ss: 0068
May 3 08:51:53 jonsmirl kernel: Process gdm-binary (pid: 3159,
threadinfo=e944e000 task=f7d9e580)
May 3 08:51:53 jonsmirl kernel: Stack: <0>c02622c8 00000004 e944ee46
e944ef3c c17fa8ac 00000000 00000000 e944ee60
May 3 08:51:53 jonsmirl kernel: 00000c57 00000000 00000000
00000000 00000000 c029fda0 e9b50904 00000078
May 3 08:51:53 jonsmirl kernel: e944ef3c c024db1c 00000078
c01627af e944ee58 00000000 00000001 ffffffff
May 3 08:51:53 jonsmirl kernel: Call Trace:
May 3 08:51:53 jonsmirl kernel: <c02622c8>
netlink_sendmsg+0x19f/0x280 <c024db1c> sock_sendmsg+0xd4/0xef
May 3 08:51:53 jonsmirl kernel: <c01627af> __d_lookup+0x96/0xd5
<c0127b5c> autoremove_wake_function+0x0/0x35
May 3 08:51:53 jonsmirl kernel: <c015bfb5>
__link_path_walk+0xbab/0xce8 <c0159ed6> do_lookup+0x4f/0x135
May 3 08:51:53 jonsmirl kernel: <c017cbbf>
proc_pid_readlink+0x102/0x10c <c024ebda> sys_sendto+0x116/0x140
May 3 08:51:53 jonsmirl kernel: <c013a014> __alloc_pages+0x55/0x26c
<c013ffee> __handle_mm_fault+0x168/0x6d9
May 3 08:51:53 jonsmirl kernel: <c024f5db>
sys_socketcall+0x17b/0x261 <c0102813> sysenter_past_esp+0x54/0x75
On 5/1/06, Al Viro <[email protected]> wrote:
> From: Steve Grubb <[email protected]>
> Date: Mon Apr 3 09:08:13 2006 -0400
>
> The below patch should be applied after the inode and ipc sid patches.
> This patch is a reworking of Tim's patch that has been updated to match
> the inode and ipc patches since its similar.
>
> [updated:
> > Stephen Smalley also wanted to change a variable from isec to tsec in the
> > user sid patch. ]
>
> Signed-off-by: Steve Grubb <[email protected]>
> Signed-off-by: Al Viro <[email protected]>
>
> ---
>
> include/linux/netlink.h | 1 +
> include/linux/selinux.h | 16 ++++++++++++++++
> kernel/audit.c | 22 +++++++++++++++++++---
> net/netlink/af_netlink.c | 2 ++
> security/selinux/exports.c | 11 +++++++++++
> 5 files changed, 49 insertions(+), 3 deletions(-)
>
> e7c3497013a7e5496ce3d5fd3c73b5cf5af7a56e
> diff --git a/include/linux/netlink.h b/include/linux/netlink.h
> index f8f3d1c..87b8a57 100644
> --- a/include/linux/netlink.h
> +++ b/include/linux/netlink.h
> @@ -143,6 +143,7 @@ struct netlink_skb_parms
> __u32 dst_group;
> kernel_cap_t eff_cap;
> __u32 loginuid; /* Login (audit) uid */
> + __u32 sid; /* SELinux security id */
> };
>
> #define NETLINK_CB(skb) (*(struct netlink_skb_parms*)&((skb)->cb))
> diff --git a/include/linux/selinux.h b/include/linux/selinux.h
> index 413d667..4047bcd 100644
> --- a/include/linux/selinux.h
> +++ b/include/linux/selinux.h
> @@ -5,6 +5,7 @@
> *
> * Copyright (C) 2005 Red Hat, Inc., James Morris <[email protected]>
> * Copyright (C) 2006 Trusted Computer Solutions, Inc. <[email protected]>
> + * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <[email protected]>
> *
> * This program is free software; you can redistribute it and/or modify
> * it under the terms of the GNU General Public License version 2,
> @@ -108,6 +109,16 @@ void selinux_get_inode_sid(const struct
> */
> void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid);
>
> +/**
> + * selinux_get_task_sid - return the SID of task
> + * @tsk: the task whose SID will be returned
> + * @sid: pointer to security context ID to be filled in.
> + *
> + * Returns nothing
> + */
> +void selinux_get_task_sid(struct task_struct *tsk, u32 *sid);
> +
> +
> #else
>
> static inline int selinux_audit_rule_init(u32 field, u32 op,
> @@ -156,6 +167,11 @@ static inline void selinux_get_ipc_sid(c
> *sid = 0;
> }
>
> +static inline void selinux_get_task_sid(struct task_struct *tsk, u32 *sid)
> +{
> + *sid = 0;
> +}
> +
> #endif /* CONFIG_SECURITY_SELINUX */
>
> #endif /* _LINUX_SELINUX_H */
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 9060be7..7ec9cca 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -390,7 +390,7 @@ static int audit_netlink_ok(kernel_cap_t
>
> static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
> {
> - u32 uid, pid, seq;
> + u32 uid, pid, seq, sid;
> void *data;
> struct audit_status *status_get, status_set;
> int err;
> @@ -416,6 +416,7 @@ static int audit_receive_msg(struct sk_b
> pid = NETLINK_CREDS(skb)->pid;
> uid = NETLINK_CREDS(skb)->uid;
> loginuid = NETLINK_CB(skb).loginuid;
> + sid = NETLINK_CB(skb).sid;
> seq = nlh->nlmsg_seq;
> data = NLMSG_DATA(nlh);
>
> @@ -468,8 +469,23 @@ static int audit_receive_msg(struct sk_b
> ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
> if (ab) {
> audit_log_format(ab,
> - "user pid=%d uid=%u auid=%u msg='%.1024s'",
> - pid, uid, loginuid, (char *)data);
> + "user pid=%d uid=%u auid=%u",
> + pid, uid, loginuid);
> + if (sid) {
> + char *ctx = NULL;
> + u32 len;
> + if (selinux_ctxid_to_string(
> + sid, &ctx, &len)) {
> + audit_log_format(ab,
> + " subj=%u", sid);
> + /* Maybe call audit_panic? */
> + } else
> + audit_log_format(ab,
> + " subj=%s", ctx);
> + kfree(ctx);
> + }
> + audit_log_format(ab, " msg='%.1024s'",
> + (char *)data);
> audit_set_pid(ab, pid);
> audit_log_end(ab);
> }
> diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
> index 2a233ff..09fbc4b 100644
> --- a/net/netlink/af_netlink.c
> +++ b/net/netlink/af_netlink.c
> @@ -56,6 +56,7 @@ #include <linux/bitops.h>
> #include <linux/mm.h>
> #include <linux/types.h>
> #include <linux/audit.h>
> +#include <linux/selinux.h>
>
> #include <net/sock.h>
> #include <net/scm.h>
> @@ -1157,6 +1158,7 @@ static int netlink_sendmsg(struct kiocb
> NETLINK_CB(skb).dst_pid = dst_pid;
> NETLINK_CB(skb).dst_group = dst_group;
> NETLINK_CB(skb).loginuid = audit_get_loginuid(current->audit_context);
> + selinux_get_task_sid(current, &(NETLINK_CB(skb).sid));
> memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
>
> /* What can I do? Netlink is asynchronous, so that
> diff --git a/security/selinux/exports.c b/security/selinux/exports.c
> index 7357cf2..ae4c73e 100644
> --- a/security/selinux/exports.c
> +++ b/security/selinux/exports.c
> @@ -5,6 +5,7 @@
> *
> * Copyright (C) 2005 Red Hat, Inc., James Morris <[email protected]>
> * Copyright (C) 2006 Trusted Computer Solutions, Inc. <[email protected]>
> + * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <[email protected]>
> *
> * This program is free software; you can redistribute it and/or modify
> * it under the terms of the GNU General Public License version 2,
> @@ -61,3 +62,13 @@ void selinux_get_ipc_sid(const struct ke
> *sid = 0;
> }
>
> +void selinux_get_task_sid(struct task_struct *tsk, u32 *sid)
> +{
> + if (selinux_enabled) {
> + struct task_security_struct *tsec = tsk->security;
> + *sid = tsec->sid;
> + return;
> + }
> + *sid = 0;
> +}
> +
> --
> 1.3.0.g0080f
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
--
Jon Smirl
[email protected]
On Wed, May 03, 2006 at 10:11:52AM -0400, Jon Smirl wrote:
> Something seems to be wrong in selinux_get_task_sid. I am getting
> thousands of these and can't boot the kernel.
It's actually in security/selinux/hooks.c::selinux_disable() and gets
triggered if you have selinux enabled and explicitly disable afterwards.
Stephen Smalley had done a fix yesterday, basically adding
selinux_enabled = 0;
after
selinux_disabled = 1;
in there. selinux_get_task_sid() happens to step on that in visible way
and nobody had caught that while this stuff was sitting in -mm ;-/
The only question I have about that patch: what would happen if we do not
have CONFIG_SECURITY_SELINUX_BOOTPARAM? In that case selinux_enabled is
defined to 1, so...
On 5/3/06, Al Viro <[email protected]> wrote:
> On Wed, May 03, 2006 at 10:11:52AM -0400, Jon Smirl wrote:
> > Something seems to be wrong in selinux_get_task_sid. I am getting
> > thousands of these and can't boot the kernel.
>
> It's actually in security/selinux/hooks.c::selinux_disable() and gets
> triggered if you have selinux enabled and explicitly disable afterwards.
> Stephen Smalley had done a fix yesterday, basically adding
> selinux_enabled = 0;
> after
> selinux_disabled = 1;
> in there. selinux_get_task_sid() happens to step on that in visible way
> and nobody had caught that while this stuff was sitting in -mm ;-/
>
> The only question I have about that patch: what would happen if we do not
> have CONFIG_SECURITY_SELINUX_BOOTPARAM? In that case selinux_enabled is
> defined to 1, so...
I have these config options set:
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
SELinux needs to be built in or FC5 won't run.
--
Jon Smirl
[email protected]
On Wed, 2006-05-03 at 15:28 +0100, Al Viro wrote:
> On Wed, May 03, 2006 at 10:11:52AM -0400, Jon Smirl wrote:
> > Something seems to be wrong in selinux_get_task_sid. I am getting
> > thousands of these and can't boot the kernel.
>
> It's actually in security/selinux/hooks.c::selinux_disable() and gets
> triggered if you have selinux enabled and explicitly disable afterwards.
> Stephen Smalley had done a fix yesterday, basically adding
> selinux_enabled = 0;
> after
> selinux_disabled = 1;
> in there. selinux_get_task_sid() happens to step on that in visible way
> and nobody had caught that while this stuff was sitting in -mm ;-/
>
> The only question I have about that patch: what would happen if we do not
> have CONFIG_SECURITY_SELINUX_BOOTPARAM? In that case selinux_enabled is
> defined to 1, so...
Good point. Ok, take two.
[patch 1/1] selinux: Clear selinux_enabled flag upon runtime disable.
Clear selinux_enabled flag upon runtime disable of SELinux by userspace,
and make sure it is defined even if selinux= boot parameter support is
not enabled in configuration.
Signed-off-by: Stephen Smalley <[email protected]>
---
security/selinux/hooks.c | 3 +++
security/selinux/include/security.h | 5 -----
2 files changed, 3 insertions(+), 5 deletions(-)
diff -X /home/sds/dontdiff -rup linux-2.6.17-rc3-mm1/security/selinux/hooks.c linux-2.6.17-rc3-mm1-x2/security/selinux/hooks.c
--- linux-2.6.17-rc3-mm1/security/selinux/hooks.c 2006-05-02 09:08:02.000000000 -0400
+++ linux-2.6.17-rc3-mm1-x2/security/selinux/hooks.c 2006-05-03 10:26:43.000000000 -0400
@@ -101,6 +101,8 @@ static int __init selinux_enabled_setup(
return 1;
}
__setup("selinux=", selinux_enabled_setup);
+#else
+int selinux_enabled = 1;
#endif
/* Original (dummy) security module. */
@@ -4535,6 +4537,7 @@ int selinux_disable(void)
printk(KERN_INFO "SELinux: Disabled at runtime.\n");
selinux_disabled = 1;
+ selinux_enabled = 0;
/* Reset security_ops to the secondary module, dummy or capability. */
security_ops = secondary_ops;
diff -X /home/sds/dontdiff -rup linux-2.6.17-rc3-mm1/security/selinux/include/security.h linux-2.6.17-rc3-mm1-x2/security/selinux/include/security.h
--- linux-2.6.17-rc3-mm1/security/selinux/include/security.h 2006-03-20 00:53:29.000000000 -0500
+++ linux-2.6.17-rc3-mm1-x2/security/selinux/include/security.h 2006-05-03 10:25:39.000000000 -0400
@@ -29,12 +29,7 @@
#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
#define POLICYDB_VERSION_MAX POLICYDB_VERSION_AVTAB
-#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
extern int selinux_enabled;
-#else
-#define selinux_enabled 1
-#endif
-
extern int selinux_mls_enabled;
int security_load_policy(void * data, size_t len);
--
Stephen Smalley
National Security Agency
On Wed, 3 May 2006, Stephen Smalley wrote:
> [patch 1/1] selinux: Clear selinux_enabled flag upon runtime disable.
>
> Clear selinux_enabled flag upon runtime disable of SELinux by userspace,
> and make sure it is defined even if selinux= boot parameter support is
> not enabled in configuration.
>
> Signed-off-by: Stephen Smalley <[email protected]>
Acked-by: James Morris <[email protected]>
--
James Morris
<[email protected]>
On Wed, May 03, 2006 at 10:40:19AM -0400, Jon Smirl wrote:
> On 5/3/06, Al Viro <[email protected]> wrote:
> >On Wed, May 03, 2006 at 10:11:52AM -0400, Jon Smirl wrote:
> >> Something seems to be wrong in selinux_get_task_sid. I am getting
> >> thousands of these and can't boot the kernel.
> >
> >It's actually in security/selinux/hooks.c::selinux_disable() and gets
> >triggered if you have selinux enabled and explicitly disable afterwards.
> >Stephen Smalley had done a fix yesterday, basically adding
> > selinux_enabled = 0;
> >after
> > selinux_disabled = 1;
> >in there. selinux_get_task_sid() happens to step on that in visible way
> >and nobody had caught that while this stuff was sitting in -mm ;-/
> >
> >The only question I have about that patch: what would happen if we do not
> >have CONFIG_SECURITY_SELINUX_BOOTPARAM? In that case selinux_enabled is
> >defined to 1, so...
>
> I have these config options set:
>
> CONFIG_SECURITY_SELINUX=y
> CONFIG_SECURITY_SELINUX_BOOTPARAM=y
> CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
> CONFIG_SECURITY_SELINUX_DISABLE=y
> CONFIG_SECURITY_SELINUX_DEVELOP=y
> CONFIG_SECURITY_SELINUX_AVC_STATS=y
> CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
>
> SELinux needs to be built in or FC5 won't run.
Then add the assignment above (selinux_enabled = 0;) in selinux_disable()
and see if that fixes your problem.
I can boot again with this patch...
On 5/3/06, Stephen Smalley <[email protected]> wrote:
> On Wed, 2006-05-03 at 15:28 +0100, Al Viro wrote:
> > On Wed, May 03, 2006 at 10:11:52AM -0400, Jon Smirl wrote:
> > > Something seems to be wrong in selinux_get_task_sid. I am getting
> > > thousands of these and can't boot the kernel.
> >
> > It's actually in security/selinux/hooks.c::selinux_disable() and gets
> > triggered if you have selinux enabled and explicitly disable afterwards.
> > Stephen Smalley had done a fix yesterday, basically adding
> > selinux_enabled = 0;
> > after
> > selinux_disabled = 1;
> > in there. selinux_get_task_sid() happens to step on that in visible way
> > and nobody had caught that while this stuff was sitting in -mm ;-/
> >
> > The only question I have about that patch: what would happen if we do not
> > have CONFIG_SECURITY_SELINUX_BOOTPARAM? In that case selinux_enabled is
> > defined to 1, so...
>
> Good point. Ok, take two.
>
> [patch 1/1] selinux: Clear selinux_enabled flag upon runtime disable.
>
> Clear selinux_enabled flag upon runtime disable of SELinux by userspace,
> and make sure it is defined even if selinux= boot parameter support is
> not enabled in configuration.
>
> Signed-off-by: Stephen Smalley <[email protected]>
>
> ---
>
> security/selinux/hooks.c | 3 +++
> security/selinux/include/security.h | 5 -----
> 2 files changed, 3 insertions(+), 5 deletions(-)
>
> diff -X /home/sds/dontdiff -rup linux-2.6.17-rc3-mm1/security/selinux/hooks.c linux-2.6.17-rc3-mm1-x2/security/selinux/hooks.c
> --- linux-2.6.17-rc3-mm1/security/selinux/hooks.c 2006-05-02 09:08:02.000000000 -0400
> +++ linux-2.6.17-rc3-mm1-x2/security/selinux/hooks.c 2006-05-03 10:26:43.000000000 -0400
> @@ -101,6 +101,8 @@ static int __init selinux_enabled_setup(
> return 1;
> }
> __setup("selinux=", selinux_enabled_setup);
> +#else
> +int selinux_enabled = 1;
> #endif
>
> /* Original (dummy) security module. */
> @@ -4535,6 +4537,7 @@ int selinux_disable(void)
> printk(KERN_INFO "SELinux: Disabled at runtime.\n");
>
> selinux_disabled = 1;
> + selinux_enabled = 0;
>
> /* Reset security_ops to the secondary module, dummy or capability. */
> security_ops = secondary_ops;
> diff -X /home/sds/dontdiff -rup linux-2.6.17-rc3-mm1/security/selinux/include/security.h linux-2.6.17-rc3-mm1-x2/security/selinux/include/security.h
> --- linux-2.6.17-rc3-mm1/security/selinux/include/security.h 2006-03-20 00:53:29.000000000 -0500
> +++ linux-2.6.17-rc3-mm1-x2/security/selinux/include/security.h 2006-05-03 10:25:39.000000000 -0400
> @@ -29,12 +29,7 @@
> #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
> #define POLICYDB_VERSION_MAX POLICYDB_VERSION_AVTAB
>
> -#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM
> extern int selinux_enabled;
> -#else
> -#define selinux_enabled 1
> -#endif
> -
> extern int selinux_mls_enabled;
>
> int security_load_policy(void * data, size_t len);
>
>
> --
> Stephen Smalley
> National Security Agency
>
>
--
Jon Smirl
[email protected]
On Wed, May 03, 2006 at 10:52:36AM -0400, Stephen Smalley wrote:
> On Wed, 2006-05-03 at 15:28 +0100, Al Viro wrote:
> > On Wed, May 03, 2006 at 10:11:52AM -0400, Jon Smirl wrote:
> > > Something seems to be wrong in selinux_get_task_sid. I am getting
> > > thousands of these and can't boot the kernel.
> >
> > It's actually in security/selinux/hooks.c::selinux_disable() and gets
> > triggered if you have selinux enabled and explicitly disable afterwards.
> > Stephen Smalley had done a fix yesterday, basically adding
> > selinux_enabled = 0;
> > after
> > selinux_disabled = 1;
> > in there. selinux_get_task_sid() happens to step on that in visible way
> > and nobody had caught that while this stuff was sitting in -mm ;-/
> >
> > The only question I have about that patch: what would happen if we do not
> > have CONFIG_SECURITY_SELINUX_BOOTPARAM? In that case selinux_enabled is
> > defined to 1, so...
>
> Good point. Ok, take two.
>
> [patch 1/1] selinux: Clear selinux_enabled flag upon runtime disable.
>
> Clear selinux_enabled flag upon runtime disable of SELinux by userspace,
> and make sure it is defined even if selinux= boot parameter support is
> not enabled in configuration.
>
> Signed-off-by: Stephen Smalley <[email protected]>
Acked-by: Al Viro <[email protected]>