Bug 149160 - inode labeling race / SELinux
inode labeling race / SELinux
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
All Linux
high Severity medium
: ---
: ---
Assigned To: James Morris
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2005-02-19 11:44 EST by James Morris
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-06-02 00:00:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description James Morris 2005-02-19 11:44:58 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007

Description of problem:
There is a race in inode labeling where, during inode creation, the inode becomes available to other threads before the LSM post_create hook is called (where SELinux labeling is done).

The purpose of this BZ entry is to track the status of the issue.

Version-Release number of selected component (if applicable):
all current kernels

How reproducible:

Steps to Reproduce:
Using an ext2 or ext3 fs (or likely others with security EAs), run dbench under a very high load.


Actual Results:  Sometimes, there will be a race between rmdir and labeling, where a dbench client directory cannot be removed because its inode is yet to be labeled.

Expected Results:  inodes should be labeled before being available to other threads

Additional info:

SELinux has a safe fallback for this situation, by default, unlabeled files are treated with a special label internally.  However, the overall security may be reduced if people deploy looser policies to workaround the denials which may occur.

Note You need to log in before you can comment on or make changes to this bug.