selinux: fix missing dput() before selinuxfs unmount
Commit0619f0f5e3
("selinux: wrap selinuxfs state") triggers a BUG when SELinux is runtime-disabled (i.e. systemd or equivalent disables SELinux before initial policy load via /sys/fs/selinux/disable based on /etc/selinux/config SELINUX=disabled). This does not manifest if SELinux is disabled via kernel command line argument or if SELinux is enabled (permissive or enforcing). Before: SELinux: Disabled at runtime. BUG: Dentry 000000006d77e5c7{i=17,n=null} still in use (1) [unmount of selinuxfs selinuxfs] After: SELinux: Disabled at runtime. Fixes:0619f0f5e3
("selinux: wrap selinuxfs state") Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> Reported-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
d8312a3f61
commit
fd40ffc72e
@ -2061,6 +2061,7 @@ __initcall(init_sel_fs);
|
|||||||
void exit_sel_fs(void)
|
void exit_sel_fs(void)
|
||||||
{
|
{
|
||||||
sysfs_remove_mount_point(fs_kobj, "selinux");
|
sysfs_remove_mount_point(fs_kobj, "selinux");
|
||||||
|
dput(selinux_null.dentry);
|
||||||
kern_unmount(selinuxfs_mount);
|
kern_unmount(selinuxfs_mount);
|
||||||
unregister_filesystem(&sel_fs_type);
|
unregister_filesystem(&sel_fs_type);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user