[BUG] lsm= with bpf before selinux breaks fscreate with EINVAL

[Vitaly Chikunov <vt@altlinux.org>]

Hi,

We have boot failure when CONFIG_LSM has "bpf" listed before "selinux"
(without bpf lsm scripts loaded). (This also happens with a boot with
"security=selinux" if selinux was not in LSM= list but bpf is.)

systemd reports on the failing boot attempt:

  Failed to set SELinux security context generic_u:object_r:device:s0 for /dev/shm: Invalid argument
  Mounting tmpfs to /dev/shm of type tmpfs with options mode=01777.
  Mounting tmpfs (tmpfs) on /dev/shm (MS_NOSUID|MS_NODEV|MS_STRICTATIME "mode=01777")...
  Failed to mount tmpfs (type tmpfs) on /dev/shm (MS_NOSUID|MS_NODEV|MS_STRICTATIME "mode=01777"): No such file or directory
  Failed to set SELinux security context generic_u:object_r:device:s0 for /dev/pts: Invalid argument
  Mounting devpts to /dev/pts of type devpts with options mode=0620,gid=5.
  Mounting devpts (devpts) on /dev/pts (MS_NOSUID|MS_NOEXEC "mode=0620,gid=5")...
  Failed to mount devpts (type devpts) on /dev/pts (MS_NOSUID|MS_NOEXEC "mode=0620,gid=5"): No such file or directory
  No filesystem is currently mounted on /sys/fs/cgroup.
  Failed to set SELinux security context generic_u:object_r:def_t:s0 for /sys/fs/cgroup: Invalid argument
  Mounting cgroup2 to /sys/fs/cgroup of type cgroup2 with options nsdelegate,memory_recursiveprot.
  Mounting cgroup2 (cgroup2) on /sys/fs/cgroup (MS_NOSUID|MS_NODEV|MS_NOEXEC "nsdelegate,memory_recursiveprot")...
  Failed to set SELinux security context generic_u:object_r:def_t:s0 for /sys/fs/pstore: Invalid argument
  Mounting pstore to /sys/fs/pstore of type pstore with options n/a.
  Mounting pstore (pstore) on /sys/fs/pstore (MS_NOSUID|MS_NODEV|MS_NOEXEC "")...
  Failed to set SELinux security context generic_u:object_r:def_t:s0 for /sys/fs/bpf: Invalid argument
  Mounting bpf to /sys/fs/bpf of type bpf with options mode=0700.
  Mounting bpf (bpf) on /sys/fs/bpf (MS_NOSUID|MS_NODEV|MS_NOEXEC "mode=0700")...
  [!!!!!!] Failed to mount API filesystems.
  Freezing execution

'Invalid arguments' seems from setfscreatecon_raw.

Reproducer:

  Boot with lsm=lockdown,capability,landlock,yama,safesetid,bpf,selinux,ima,evm

  (none):~# cat /proc/thread-self/attr/current
  cat: /proc/thread-self/attr/current: Invalid argument
  (none):~# echo > /proc/thread-self/attr/fscreate
  bash: echo: write error: Invalid argument

This appears to be caused by security_getprocattr / security_setprocattr
iterating until the first hook defined (which is bpf) and returning with
default value -EINVAL before selinux even sees them.

Perhaps, bpf LSM should avoid registering getprocattr/setprocattr hooks
that it does not implement, or the legacy LSM_ID_UNDEF procattr dispatch
should skip LSMs that cannot handle the requested attribute and continue
to seLinux (or whatever).

Thanks,