BUG: selinux policy reload is not atomic wrt selinuxfs

SELinuxProject / selinux-kernel

GitHub mirror of the SELinux kernel repository

https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git

Other

149 stars 60 forks source link

BUG: selinux policy reload is not atomic wrt selinuxfs #52

Closed stephensmalley closed 4 years ago

stephensmalley commented 4 years ago

Presently SELinux policy reload is not atomic wrt updating selinuxfs, so a failure while updating selinuxfs (e.g. while creating the new booleans or class subdirectories) will leave the system in an inconsistent state. Fixing this requires refactoring policy load as per https://lore.kernel.org/selinux/20181002155810.GP32577@ZenIV.linux.org.uk/

pcmoore commented 4 years ago

Related to #51.

pcmoore commented 4 years ago

Adding @dburgener.

stephensmalley commented 4 years ago

Partly fixed via 02a52c5c8c3b8cbad0f12009cde9f36dbefb6972; an error while updating selinuxfs will now leave the system running with the old policy. selinuxfs itself may still be in an inconsistent state; this will be addressed via #51.