selinux: Revalidate invalid inode security labels
authorAndreas Gruenbacher <agruenba@redhat.com>
Thu, 24 Dec 2015 16:09:40 +0000 (11:09 -0500)
committerPaul Moore <pmoore@redhat.com>
Thu, 24 Dec 2015 16:09:40 +0000 (11:09 -0500)
commit5d226df4edfa0eb1e689e7ac2741cf261ff7cbf1
tree3fe85bb21b799df769d9079687c874ba1569a4fa
parent6f3be9f562e3027c77bc4482ccf2cea8600a7f74
selinux: Revalidate invalid inode security labels

When fetching an inode's security label, check if it is still valid, and
try reloading it if it is not. Reloading will fail when we are in RCU
context which doesn't allow sleeping, or when we can't find a dentry for
the inode.  (Reloading happens via iop->getxattr which takes a dentry
parameter.)  When reloading fails, continue using the old, invalid
label.

Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
security/selinux/hooks.c