selinux: only filter copy-up xattrs following initialization

Extended attribute copy-up functionality added via 19472b6 ("selinux: Implementation for inode_copy_up_xattr() hook") sees "security.selinux" contexts dropped, instead relying on contexts applied via the inode_copy_up() hook. When copy-up takes place during early boot, prior to selinux initialization / policy load, the context stripping can be unwanted and unexpected. With this change, filtering of "security.selinux" xattrs will only occur after selinux initialization. Signed-off-by: David Disseldorp <[email protected]> Signed-off-by: Paul Moore <[email protected]>
mj22226 · Feb 2, 2024 · 7c655be · 7c655be
1 parent bfda63f
commit 7c655be
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
@@ -3533,9 +3533,10 @@ static int selinux_inode_copy_up_xattr(const char *name)
 {
 	/* The copy_up hook above sets the initial context on an inode, but we
 	 * don't then want to overwrite it by blindly copying all the lower
-	 * xattrs up.  Instead, we have to filter out SELinux-related xattrs.
+	 * xattrs up.  Instead, filter out SELinux-related xattrs following
+	 * policy load.
 	 */
-	if (strcmp(name, XATTR_NAME_SELINUX) == 0)
+	if (selinux_initialized() && strcmp(name, XATTR_NAME_SELINUX) == 0)
 		return 1; /* Discard */
 	/*
 	 * Any other attribute apart from SELINUX is not claimed, supported