[GIT PULL] lsm/lsm-pr-20260410
Paul Moore
paul at paul-moore.com
Fri Apr 10 23:26:05 UTC 2026
Linus,
We only have five patches in the LSM tree, but three of the five are for
an important bugfix relating to overlayfs and the mmap() and mprotect()
access controls for LSMs. Highlights below:
- Fix problems with the mmap() and mprotect() LSM hooks on overlayfs
As we are dealing with problems both in mmap() and mprotect() there are
essentially two components to this fix, spread across three patches with
all marked for stable.
The simplest portion of the fix is the creation of a new LSM hook,
security_mmap_backing_file(), that is used to enforce LSM mmap() access
controls on backing files in the stacked/overlayfs case. The existing
security_mmap_file() does not have visibility past the user file. You
can see from the associated SELinux hook callback the code is fairly
straightforward.
The mprotect() fix is a bit more complicated as there is no way in the
mprotect() code path to inspect both the user and backing files, and
bolting on a second file reference to vm_area_struct wasn't really an
option. The solution taken here adds a LSM security blob and associated
hooks to the backing_file struct that LSMs can use to capture and store
relevant information from the user file. While the necessary SELinux
information is relatively small, a single u32, I expect other LSMs to
require more than that, and a dedicated backing_file LSM blob provides
a storage mechanism without negatively impacting other filesystems.
I want to note that other LSMs beyond SELinux have been involved in the
discussion of the fixes presented here and they are working on their own
related changes using these new hooks, but due to other issues those
patches will be coming at a later date.
- Use kstrdup_const()/kfree_const() for securityfs symlink targets
- Resolve a handful of kernel-doc warnings in cred.h
Paul
--
The following changes since commit 6de23f81a5e08be8fbf5e8d7e9febc72a5b5f27f:
Linux 7.0-rc1 (2026-02-22 13:18:59 -0800)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git
tags/lsm-pr-20260410
for you to fetch changes up to 82544d36b1729153c8aeb179e84750f0c085d3b1:
selinux: fix overlayfs mmap() and mprotect() access checks
(2026-04-03 16:53:50 -0400)
----------------------------------------------------------------
lsm/stable-7.1 PR 20260410
----------------------------------------------------------------
Amir Goldstein (1):
fs: prepare for adding LSM blob to backing_file
Dmitry Antipov (1):
securityfs: use kstrdup_const() to manage symlink targets
Paul Moore (2):
lsm: add backing_file LSM hooks
selinux: fix overlayfs mmap() and mprotect() access checks
Randy Dunlap (1):
cred: fix kernel-doc warnings in cred.h
fs/backing-file.c | 18 +-
fs/erofs/ishare.c | 10 +
fs/file_table.c | 43 ++++-
fs/fuse/passthrough.c | 2
fs/internal.h | 3
fs/overlayfs/dir.c | 2
fs/overlayfs/file.c | 2
include/linux/backing-file.h | 4
include/linux/cred.h | 10 -
include/linux/fs.h | 13 +
include/linux/lsm_audit.h | 2
include/linux/lsm_hook_defs.h | 5
include/linux/lsm_hooks.h | 1
include/linux/security.h | 22 ++
security/inode.c | 10 -
security/lsm.h | 1
security/lsm_init.c | 9 +
security/security.c | 102 +++++++++++
security/selinux/hooks.c | 256 +++++++++++++++++++++---------
security/selinux/include/objsec.h | 11 +
20 files changed, 431 insertions(+), 95 deletions(-)
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list