mount: new option to set security context of root inode of in-memory filesystems #1830
Comments
|
The ideal solution would be to talk with the kernel/SELinux guys :-) (not sure if anyone is on GitHub) I'd like to avoid FS-specific solutions -- for example, automatically adding rootcontext= when ramfs of tmpfs detected. It would be better to keep things in users' hands. It means the user has to specify that any automation is wanted. Keeping such a thing in the kernel (like your Maybe we could introduce some placeholder string that will be interpreted by libmount, for example, rootcontext=auto, and then replace |
|
The most obvious place in the kernel seems to be the if (rootcontext_sid) {
rc = may_context_mount_inode_relabel(rootcontext_sid, sbsec,
cred);
if (rc)
goto out;
root_isec->sid = rootcontext_sid;
root_isec->initialized = LABEL_INITIALIZED;
}but that hook is unaware of the mountpoint, so its context is not available. I am not sure whether a special value, |
|
My suggestion was to interpret rootcontext=auto in libmount (userspace), so replace "auto" with a current mountpoint SELinux context. Maybe it would be possible to do the same in the kernel, but I have doubts kernel devels will agree with it :-) Note that libmount already translates mount contexts from human-readable to raw format, see |
Add a special value for rootcontext=, namely `!auto`, to set the root context of the new filesystem to the current context of the target mountpoint. Useful for im-memory filesystems, like tmpfs and ramfs. Closes: util-linux#1830
Add a special value for rootcontext=, namely `!auto`, to set the root context of the new filesystem to the current context of the target mountpoint. Useful for im-memory filesystems, like tmpfs and ramfs. Closes: util-linux#1830
|
Sorry for the delay, my network access has been limited lately. @cgzones, it might be a good idea to bring this to the SELinux mailing list as it might get more attention there. At the very least I would need to spend a little time looking at the existing mount hooks (they are pretty messy due to the existence of both the "old" and "new" styles of mounting filesystems) to see if this is possible. |
Add a special value for rootcontext=, namely `$auto`, to set the root context of the new filesystem to the current context of the target mountpoint. Useful for im-memory filesystems, like tmpfs and ramfs. Closes: util-linux#1830
Add a special value for rootcontext=, namely `$auto`, to set the root context of the new filesystem to the current context of the target mountpoint. Useful for im-memory filesystems, like tmpfs and ramfs. Closes: util-linux#1830
Add a special value for rootcontext=, namely `@target`, to set the root context of the new filesystem to the current context of the target mountpoint. Useful for in-memory filesystems, like tmpfs and ramfs. Closes: util-linux#1830
Add a special value for rootcontext=, namely `@target`, to set the root context of the new filesystem to the current context of the target mountpoint. Useful for in-memory filesystems, like tmpfs and ramfs. Closes: util-linux#1830
By default the root inode of a in-memory filesystem, like
ramfsortmpfs, gets the default security context for that filesystem type. (E.g. via afs_use_trans1/2 statement in a SELinux policy.) For SELinux file context definitions are path based, so whether/srv/datais a sub-directory of the root filesystem or the root directory of a nested filesystem, it should have the same context. Thus when mounting a in-memory filesystem the root node has most likely the wrong context and needs to be relabeled. This for example affects mount units within systemd (systemd/systemd#24917).Some possible solutions (with an addition of a new mount(8) command line flag):
rootcontext=option to the mount flags containing the current context of the mountpoint directory.rootcontextauto?, on which LSMs can e.g. set the context of the new root inode to the context of the mountpoint.Current example behavior:
The text was updated successfully, but these errors were encountered: