linux/security/selinux
Stephen Smalley fd40ffc72e selinux: fix missing dput() before selinuxfs unmount
Commit 0619f0f5e3 ("selinux: wrap selinuxfs state") triggers a BUG
when SELinux is runtime-disabled (i.e. systemd or equivalent disables
SELinux before initial policy load via /sys/fs/selinux/disable based on
/etc/selinux/config SELINUX=disabled).

This does not manifest if SELinux is disabled via kernel command line
argument or if SELinux is enabled (permissive or enforcing).

Before:
  SELinux:  Disabled at runtime.
  BUG: Dentry 000000006d77e5c7{i=17,n=null}  still in use (1) [unmount of selinuxfs selinuxfs]

After:
  SELinux:  Disabled at runtime.

Fixes: 0619f0f5e3 ("selinux: wrap selinuxfs state")
Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-04-09 11:52:56 -07:00
..
include selinux/stable-4.17 PR 20180403 2018-04-06 15:39:26 -07:00
ss selinux: wrap AVC state 2018-03-20 16:58:17 -04:00
.gitignore
avc.c selinux: wrap AVC state 2018-03-20 16:58:17 -04:00
exports.c selinux: sparse fix: include selinux.h in exports.c 2011-09-09 16:56:32 -07:00
hooks.c Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2018-04-07 16:53:59 -07:00
ibpkey.c selinux: wrap global selinux state 2018-03-01 18:48:02 -05:00
Kconfig security: introduce CONFIG_SECURITY_WRITABLE_HOOKS 2017-03-06 11:00:12 +11:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
netif.c selinux: wrap global selinux state 2018-03-01 18:48:02 -05:00
netlabel.c selinux: wrap AVC state 2018-03-20 16:58:17 -04:00
netlink.c selinux: replace obsolete NLMSG_* with type safe nlmsg_* 2013-03-28 14:25:49 -04:00
netnode.c selinux: wrap global selinux state 2018-03-01 18:48:02 -05:00
netport.c selinux: wrap global selinux state 2018-03-01 18:48:02 -05:00
nlmsgtab.c rtnetlink: add NEWCACHEREPORT message type 2017-06-21 11:22:52 -04:00
selinuxfs.c selinux: fix missing dput() before selinuxfs unmount 2018-04-09 11:52:56 -07:00
xfrm.c selinux: wrap AVC state 2018-03-20 16:58:17 -04:00