[PATCH v4 3/3] selinux: fix overlayfs mmap() and mprotect() access checks
Paul Moore
paul at paul-moore.com
Wed Apr 8 00:35:00 AEST 2026
On Tue, Apr 7, 2026 at 8:14 AM Stephen Smalley
<stephen.smalley.work at gmail.com> wrote:
> On Thu, Apr 2, 2026 at 11:09 PM Paul Moore <paul at paul-moore.com> wrote:
> >
> > The existing SELinux security model for overlayfs is to allow access if
> > the current task is able to access the top level file (the "user" file)
> > and the mounter's credentials are sufficient to access the lower
> > level file (the "backing" file). Unfortunately, the current code does
> > not properly enforce these access controls for both mmap() and mprotect()
> > operations on overlayfs filesystems.
> >
> > This patch makes use of the newly created security_mmap_backing_file()
> > LSM hook to provide the missing backing file enforcement for mmap()
> > operations, and leverages the backing file API and new LSM blob to
> > provide the necessary information to properly enforce the mprotect()
> > access controls.
> >
> > Cc: stable at vger.kernel.org
> > Signed-off-by: Paul Moore <paul at paul-moore.com>
>
> Do you have tests for these changes showing the before and after (i.e.
> failing without your patches, passing with them)? I tried running an
> earlier set from Ondrej but they failed.
A few months ago I sent you and Ondrej some feedback on those early
tests from Ondrej, but yes, I also had problems with Ondrej's tests.
I've been using a hacked up combination of the existing tests, some of
Ondrej's additions, and an additional debug/test patch to ensure the
labeling is correct. It's far from ideal, but I didn't invest time in
test development as I assumed Ondrej would continue his efforts there
(unfortunately it doesn't appear that he has?), and I wanted to focus
on getting a solution as soon as possible for obvious reasons.
--
paul-moore.com
More information about the Linux-erofs
mailing list