Re: [PATCH] selinux: clean up selinuxfs resources on init failure

[Stephen Smalley]

On Mon, Jun 22, 2026 at 10:37 AM Haoxiang Li <haoxiang_li2024@xxxxxxx> wrote:
>
> init_sel_fs() creates the selinuxfs mount point and registers the
> filesystem before mounting selinuxfs internally. If kern_mount()
> or the subsequent lookup of the null file fails, the function
> returns without undoing the resources that were already registered.
>
> Add the missing error unwinding so the internal mount, filesystem
> registration, and sysfs mount point are released as appropriate.
>
> Signed-off-by: Haoxiang Li <haoxiang_li2024@xxxxxxx>

Any failure here is effectively fatal to SELinux regardless, but:
Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>

> ---
>  security/selinux/selinuxfs.c | 19 +++++++++++++------
>  1 file changed, 13 insertions(+), 6 deletions(-)
>
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index 5aaaf69410bb..c7d91476971c 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -1984,17 +1984,15 @@ int __init init_sel_fs(void)
>                 return err;
>
>         err = register_filesystem(&sel_fs_type);
> -       if (err) {
> -               sysfs_remove_mount_point(fs_kobj, "selinux");
> -               return err;
> -       }
> +       if (err)
> +               goto err_remove_mount_point;
>
>         selinux_null.mnt = kern_mount(&sel_fs_type);
>         if (IS_ERR(selinux_null.mnt)) {
>                 pr_err("selinuxfs:  could not mount!\n");
>                 err = PTR_ERR(selinux_null.mnt);
>                 selinux_null.mnt = NULL;
> -               return err;
> +               goto err_unregister_fs;
>         }
>
>         selinux_null.dentry = try_lookup_noperm(&null_name,
> @@ -2003,7 +2001,7 @@ int __init init_sel_fs(void)
>                 pr_err("selinuxfs:  could not lookup null!\n");
>                 err = PTR_ERR(selinux_null.dentry);
>                 selinux_null.dentry = NULL;
> -               return err;
> +               goto err_unmount;
>         }
>
>         /*
> @@ -2012,5 +2010,14 @@ int __init init_sel_fs(void)
>          */
>         (void) selinux_kernel_status_page();
>
> +       return 0;
> +
> +err_unmount:
> +       kern_unmount(selinux_null.mnt);
> +       selinux_null.mnt = NULL;
> +err_unregister_fs:
> +       unregister_filesystem(&sel_fs_type);
> +err_remove_mount_point:
> +       sysfs_remove_mount_point(fs_kobj, "selinux");
>         return err;
>  }
> --
> 2.25.1
>