[PATCH v2 35/50] convert selinuxfs
Stephen Smalley
stephen.smalley.work at gmail.com
Thu Oct 30 02:06:58 AEDT 2025
On Tue, Oct 28, 2025 at 2:00 PM Al Viro <viro at zeniv.linux.org.uk> wrote:
>
> Tree has invariant part + two subtrees that get replaced upon each
> policy load. Invariant parts stay for the lifetime of filesystem,
> these two subdirs - from policy load to policy load (serialized
> on lock_rename(root, ...)).
>
> All object creations are via d_alloc_name()+d_add() inside selinuxfs,
> all removals are via simple_recursive_removal().
>
> Turn those d_add() into d_make_persistent()+dput() and that's mostly it.
>
> Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
I took this series for a spin and didn't see any problems with the
selinux-testsuite.
Also re-based my WIP selinux namespaces patch series [1] on top, which
introduces multiple selinuxfs instances (one per selinux namespace),
and didn't see any problems.
Reviewed-by: Stephen Smalley <stephen.smalley.work at gmail.com>
Tested-by: Stephen Smalley <stephen.smalley.work at gmail.com>
[1] https://lore.kernel.org/selinux/20250814132637.1659-1-stephen.smalley.work@gmail.com/
> ---
> security/selinux/selinuxfs.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index f088776dbbd3..eae565358db4 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -1205,7 +1205,8 @@ static struct dentry *sel_attach(struct dentry *parent, const char *name,
> iput(inode);
> return ERR_PTR(-ENOMEM);
> }
> - d_add(dentry, inode);
> + d_make_persistent(dentry, inode);
> + dput(dentry);
> return dentry;
> }
>
> @@ -1934,10 +1935,11 @@ static struct dentry *sel_make_swapover_dir(struct super_block *sb,
> /* directory inodes start off with i_nlink == 2 (for "." entry) */
> inc_nlink(inode);
> inode_lock(sb->s_root->d_inode);
> - d_add(dentry, inode);
> + d_make_persistent(dentry, inode);
> inc_nlink(sb->s_root->d_inode);
> inode_unlock(sb->s_root->d_inode);
> - return dentry;
> + dput(dentry);
> + return dentry; // borrowed
> }
>
> #define NULL_FILE_NAME "null"
> @@ -2080,7 +2082,7 @@ static int sel_init_fs_context(struct fs_context *fc)
> static void sel_kill_sb(struct super_block *sb)
> {
> selinux_fs_info_free(sb);
> - kill_litter_super(sb);
> + kill_anon_super(sb);
> }
>
> static struct file_system_type sel_fs_type = {
> --
> 2.47.3
>
>
More information about the Linuxppc-dev
mailing list