Red Hat Bugzilla – Bug 149160
inode labeling race / SELinux
Last modified: 2007-11-30 17:07:16 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007
Description of problem:
There is a race in inode labeling where, during inode creation, the inode becomes available to other threads before the LSM post_create hook is called (where SELinux labeling is done).
The purpose of this BZ entry is to track the status of the issue.
Version-Release number of selected component (if applicable):
all current kernels
Steps to Reproduce:
Using an ext2 or ext3 fs (or likely others with security EAs), run dbench under a very high load.
Actual Results: Sometimes, there will be a race between rmdir and labeling, where a dbench client directory cannot be removed because its inode is yet to be labeled.
Expected Results: inodes should be labeled before being available to other threads
SELinux has a safe fallback for this situation, by default, unlabeled files are treated with a special label internally. However, the overall security may be reduced if people deploy looser policies to workaround the denials which may occur.