selinux: only filter copy-up xattrs following initialization

Extended attribute copy-up functionality added via 19472b69d639d
("selinux: Implementation for inode_copy_up_xattr() hook") sees
"security.selinux" contexts dropped, instead relying on contexts
applied via the inode_copy_up() hook.

When copy-up takes place during early boot, prior to selinux
initialization / policy load, the context stripping can be unwanted
and unexpected.

With this change, filtering of "security.selinux" xattrs will only occur
after selinux initialization.

Signed-off-by: David Disseldorp <ddiss@suse.de>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 630ada3d208c84fb8a1c997c6da63300ac65292f..a0fde0641f778f007825f01380b86fca464905e6 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3533,9 +3533,10 @@ static int selinux_inode_copy_up_xattr(const char *name)
 {
        /* The copy_up hook above sets the initial context on an inode, but we
         * don't then want to overwrite it by blindly copying all the lower
-        * xattrs up.  Instead, we have to filter out SELinux-related xattrs.
+        * xattrs up.  Instead, filter out SELinux-related xattrs following
+        * policy load.
         */
-       if (strcmp(name, XATTR_NAME_SELINUX) == 0)
+       if (selinux_initialized() && strcmp(name, XATTR_NAME_SELINUX) == 0)
                return 1; /* Discard */
        /*
         * Any other attribute apart from SELINUX is not claimed, supported