Skip to content

Commit

Permalink
selinux: fix missing dput() before selinuxfs unmount
Browse files Browse the repository at this point in the history
Commit 0619f0f ("selinux: wrap selinuxfs state") triggers a BUG
when SELinux is runtime-disabled (i.e. systemd or equivalent disables
SELinux before initial policy load via /sys/fs/selinux/disable based on
/etc/selinux/config SELINUX=disabled).

This does not manifest if SELinux is disabled via kernel command line
argument or if SELinux is enabled (permissive or enforcing).

Before:
  SELinux:  Disabled at runtime.
  BUG: Dentry 000000006d77e5c7{i=17,n=null}  still in use (1) [unmount of selinuxfs selinuxfs]

After:
  SELinux:  Disabled at runtime.

Fixes: 0619f0f ("selinux: wrap selinuxfs state")
Reported-by: Tetsuo Handa <[email protected]>
Reported-by: Dmitry Vyukov <[email protected]>
Signed-off-by: Stephen Smalley <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
  • Loading branch information
stephensmalley authored and torvalds committed Apr 9, 2018
1 parent d8312a3 commit fd40ffc
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions security/selinux/selinuxfs.c
Original file line number Diff line number Diff line change
Expand Up @@ -2061,6 +2061,7 @@ __initcall(init_sel_fs);
void exit_sel_fs(void)
{
sysfs_remove_mount_point(fs_kobj, "selinux");
dput(selinux_null.dentry);
kern_unmount(selinuxfs_mount);
unregister_filesystem(&sel_fs_type);
}
Expand Down

0 comments on commit fd40ffc

Please sign in to comment.