Re: [GIT PULL] Audit patches for v5.15
The pull request you sent on Mon, 30 Aug 2021 12:46:55 -0400: > git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git > tags/audit-pr-20210830 has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/8e0cd9525ca7ab8ba87135d85b10596e61b10e63 Thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/prtracker.html -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit
[PATCH v3 1/3] dm: introduce audit event module for device mapper
To be able to send auditing events to user space, we introduce a generic dm-audit module. It provides helper functions to emit audit events through the kernel audit subsystem. We claim the AUDIT_DM_CTRL type=1336 and AUDIT_DM_EVENT type=1337 out of the audit event messages range in the corresponding userspace api in 'include/uapi/linux/audit.h' for those events. AUDIT_DM_CTRL is used to provide information about creation and destruction of device mapper targets which are triggered by user space admin control actions. AUDIT_DM_EVENT is used to provide information about actual errors during operation of the mapped device, showing e.g. integrity violations in audit log. Following commits to device mapper targets actually will make use of this to emit those events in relevant cases. The audit logs look like this if executing the following simple test: # dd if=/dev/zero of=test.img bs=1M count=1024 # losetup -f test.img # integritysetup -vD format --integrity sha256 -t 32 /dev/loop0 # integritysetup open -D /dev/loop0 --integrity sha256 integritytest # integritysetup status integritytest # integritysetup close integritytest # integritysetup open -D /dev/loop0 --integrity sha256 integritytest # integritysetup status integritytest # dd if=/dev/urandom of=/dev/loop0 bs=512 count=1 seek=10 # dd if=/dev/mapper/integritytest of=/dev/null - audit.log from auditd type=UNKNOWN[1336] msg=audit(1630425039.363:184): module=integrity op=ctr ppid=3807 pid=3819 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425039.471:185): module=integrity op=dtr ppid=3807 pid=3819 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425039.611:186): module=integrity op=ctr ppid=3807 pid=3819 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425054.475:187): module=integrity op=dtr ppid=3807 pid=3819 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425073.171:191): module=integrity op=ctr ppid=3807 pid=3883 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425087.239:192): module=integrity op=dtr ppid=3807 pid=3902 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425093.755:193): module=integrity op=ctr ppid=3807 pid=3906 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1337] msg=audit(1630425112.119:194): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:195): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:196): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:197): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:198): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:199): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:200): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:201): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:202): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:203): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 Signed-off-by: Michael Weiß --- drivers/md/Kconfig | 10 + drivers/md/Makefile| 4 ++ drivers/md/dm-audit.c | 79 ++ drivers/md/dm-audit.h | 62 ++ include/uapi/linux/audit.h | 2 + 5 files changed, 157 insertions(+) create mode 100644 drivers/md/dm-audit.c create mode 100644 drivers/md/dm-audit.h diff --git a/drivers/md/Kconfig b/drivers/md/Kconfig index 0602e8
[PATCH v3 2/3] dm integrity: log audit events for dm-integrity target
dm-integrity signals integrity violations by returning I/O errors
to user space. To identify integrity violations by a controlling
instance, the kernel audit subsystem can be used to emit audit
events to user space. We use the new dm-audit submodule allowing
to emit audit events on relevant I/O errors.
The construction and destruction of integrity device mappings are
also relevant for auditing a system. Thus, those events are also
logged as audit events.
Signed-off-by: Michael Weiß
---
drivers/md/dm-integrity.c | 25 +
1 file changed, 21 insertions(+), 4 deletions(-)
diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index 20f2510db1f6..a881ead4b506 100644
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md/dm-integrity.c
@@ -23,6 +23,8 @@
#include
#include
+#include "dm-audit.h"
+
#define DM_MSG_PREFIX "integrity"
#define DEFAULT_INTERLEAVE_SECTORS 32768
@@ -539,6 +541,7 @@ static int sb_mac(struct dm_integrity_c *ic, bool wr)
}
if (memcmp((__u8 *)ic->sb + (1 << SECTOR_SHIFT) - size, result,
size)) {
dm_integrity_io_error(ic, "superblock mac", -EILSEQ);
+ dm_audit_log_target(DM_MSG_PREFIX, "mac-superblock",
ic->ti, 0);
return -EILSEQ;
}
}
@@ -876,8 +879,10 @@ static void rw_section_mac(struct dm_integrity_c *ic,
unsigned section, bool wr)
if (likely(wr))
memcpy(&js->mac, result + (j * JOURNAL_MAC_PER_SECTOR),
JOURNAL_MAC_PER_SECTOR);
else {
- if (memcmp(&js->mac, result + (j *
JOURNAL_MAC_PER_SECTOR), JOURNAL_MAC_PER_SECTOR))
+ if (memcmp(&js->mac, result + (j *
JOURNAL_MAC_PER_SECTOR), JOURNAL_MAC_PER_SECTOR)) {
dm_integrity_io_error(ic, "journal mac",
-EILSEQ);
+ dm_audit_log_target(DM_MSG_PREFIX,
"mac-journal", ic->ti, 0);
+ }
}
}
}
@@ -1782,10 +1787,15 @@ static void integrity_metadata(struct work_struct *w)
if (unlikely(r)) {
if (r > 0) {
char b[BDEVNAME_SIZE];
- DMERR_LIMIT("%s: Checksum failed at
sector 0x%llx", bio_devname(bio, b),
- (sector - ((r +
ic->tag_size - 1) / ic->tag_size)));
+ sector_t s;
+
+ s = sector - ((r + ic->tag_size - 1) /
ic->tag_size);
+ DMERR_LIMIT("%s: Checksum failed at
sector 0x%llx",
+ bio_devname(bio, b), s);
r = -EILSEQ;
atomic64_inc(&ic->number_of_mismatches);
+ dm_audit_log_bio(DM_MSG_PREFIX,
"integrity-checksum",
+bio, s, 0);
}
if (likely(checksums != checksums_onstack))
kfree(checksums);
@@ -1991,6 +2001,8 @@ static bool __journal_read_write(struct dm_integrity_io
*dio, struct bio *bio,
if (unlikely(memcmp(checksums_onstack,
journal_entry_tag(ic, je), ic->tag_size))) {
DMERR_LIMIT("Checksum failed
when reading from journal, at sector 0x%llx",
logical_sector);
+ dm_audit_log_bio(DM_MSG_PREFIX,
"journal-checksum",
+bio,
logical_sector, 0);
}
}
#endif
@@ -2534,8 +2546,10 @@ static void do_journal_write(struct dm_integrity_c *ic,
unsigned write_start,
integrity_sector_checksum(ic, sec + ((l
- j) << ic->sb->log2_sectors_per_block),
(char
*)access_journal_data(ic, i, l), test_tag);
- if (unlikely(memcmp(test_tag,
journal_entry_tag(ic, je2), ic->tag_size)))
+ if (unlikely(memcmp(test_tag,
journal_entry_tag(ic, je2), ic->tag_size))) {
dm_integrity_io_error(ic, "tag
mismatch when replaying journal", -EILSEQ);
+
dm_audit_log_target(DM_MSG_PREFIX, "integrity-replay-journal", ic->ti, 0);
+ }
}
journal_entry_set_unused(je2);
@@ -4490,9 +4504,11 @@ static int
[PATCH v3 3/3] dm crypt: log aead integrity violations to audit subsystem
Since dm-crypt target can be stacked on dm-integrity targets to
provide authenticated encryption, integrity violations are recognized
here during aead computation. We use the dm-audit submodule to
signal those events to user space, too.
The construction and destruction of crypt device mappings are also
logged as audit events.
Signed-off-by: Michael Weiß
---
drivers/md/dm-crypt.c | 22 ++
1 file changed, 18 insertions(+), 4 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 50f4cbd600d5..5e02002345fa 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -41,6 +41,8 @@
#include
+#include "dm-audit.h"
+
#define DM_MSG_PREFIX "crypt"
/*
@@ -1362,8 +1364,12 @@ static int crypt_convert_block_aead(struct crypt_config
*cc,
if (r == -EBADMSG) {
char b[BDEVNAME_SIZE];
- DMERR_LIMIT("%s: INTEGRITY AEAD ERROR, sector %llu",
bio_devname(ctx->bio_in, b),
- (unsigned long long)le64_to_cpu(*sector));
+ sector_t s = le64_to_cpu(*sector);
+
+ DMERR_LIMIT("%s: INTEGRITY AEAD ERROR, sector %llu",
+ bio_devname(ctx->bio_in, b), s);
+ dm_audit_log_bio(DM_MSG_PREFIX, "integrity-aead",
+ctx->bio_in, s, 0);
}
if (!r && cc->iv_gen_ops && cc->iv_gen_ops->post)
@@ -2173,8 +2179,12 @@ static void kcryptd_async_done(struct
crypto_async_request *async_req,
if (error == -EBADMSG) {
char b[BDEVNAME_SIZE];
- DMERR_LIMIT("%s: INTEGRITY AEAD ERROR, sector %llu",
bio_devname(ctx->bio_in, b),
- (unsigned long
long)le64_to_cpu(*org_sector_of_dmreq(cc, dmreq)));
+ sector_t s = le64_to_cpu(*org_sector_of_dmreq(cc, dmreq));
+
+ DMERR_LIMIT("%s: INTEGRITY AEAD ERROR, sector %llu",
+ bio_devname(ctx->bio_in, b), s);
+ dm_audit_log_bio(DM_MSG_PREFIX, "integrity-aead",
+ctx->bio_in, s, 0);
io->error = BLK_STS_PROTECTION;
} else if (error < 0)
io->error = BLK_STS_IOERR;
@@ -2729,6 +2739,8 @@ static void crypt_dtr(struct dm_target *ti)
dm_crypt_clients_n--;
crypt_calculate_pages_per_client();
spin_unlock(&dm_crypt_clients_lock);
+
+ dm_audit_log_dtr(DM_MSG_PREFIX, ti, 1);
}
static int crypt_ctr_ivmode(struct dm_target *ti, const char *ivmode)
@@ -3357,9 +3369,11 @@ static int crypt_ctr(struct dm_target *ti, unsigned int
argc, char **argv)
ti->num_flush_bios = 1;
ti->limit_swap_bios = true;
+ dm_audit_log_ctr(DM_MSG_PREFIX, ti, 1);
return 0;
bad:
+ dm_audit_log_ctr(DM_MSG_PREFIX, ti, 0);
crypt_dtr(ti);
return ret;
}
--
2.20.1
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
[PATCH v3 0/3] dm: audit event logging
dm integrity and also stacked dm crypt devices track integrity violations internally. Thus, integrity violations could be polled from user space, e.g., by 'integritysetup status'. >From an auditing perspective, we only could see that there were a number of integrity violations, but not when and where the violation exactly was taking place. The current error log to the kernel ring buffer, contains those information, time stamp and sector on device. However, for auditing the audit subsystem provides a separate logging mechanism which meets certain criteria for secure audit logging. With this small series we make use of the kernel audit framework and extend the dm driver to log audit events in case of such integrity violations. Further, we also log construction and destruction of the device mappings. We focus on dm-integrity and stacked dm-crypt devices for now. However, the helper functions to log audit messages should be applicable to dm-verity too. The first patch introduce generic audit wrapper functions. The second patch makes use of the audit wrapper functions in the dm-integrity.c. The third patch uses the wrapper functions in dm-crypt.c. The audit logs look like this if executing the following simple test: # dd if=/dev/zero of=test.img bs=1M count=1024 # losetup -f test.img # integritysetup -vD format --integrity sha256 -t 32 /dev/loop0 # integritysetup open -D /dev/loop0 --integrity sha256 integritytest # integritysetup status integritytest # integritysetup close integritytest # integritysetup open -D /dev/loop0 --integrity sha256 integritytest # integritysetup status integritytest # dd if=/dev/urandom of=/dev/loop0 bs=512 count=1 seek=10 # dd if=/dev/mapper/integritytest of=/dev/null - audit.log from auditd type=UNKNOWN[1336] msg=audit(1630425039.363:184): module=integrity op=ctr ppid=3807 pid=3819 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425039.471:185): module=integrity op=dtr ppid=3807 pid=3819 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425039.611:186): module=integrity op=ctr ppid=3807 pid=3819 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425054.475:187): module=integrity op=dtr ppid=3807 pid=3819 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425073.171:191): module=integrity op=ctr ppid=3807 pid=3883 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425087.239:192): module=integrity op=dtr ppid=3807 pid=3902 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1336] msg=audit(1630425093.755:193): module=integrity op=ctr ppid=3807 pid=3906 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=3 comm="integritysetup" exe="/sbin/integritysetup" subj==unconfined dev=254:3 error_msg='success' res=1 type=UNKNOWN[1337] msg=audit(1630425112.119:194): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:195): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:196): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:197): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:198): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:199): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:200): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:201): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:202): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 type=UNKNOWN[1337] msg=audit(1630425112.119:203): module=integrity op=integrity-checksum dev=254:3 sector 77480 res=0 v3 Changes: - Use of two audit event types AUDIT_DM_EVENT und AUDIT_DM_CTRL - Additionally use audit_l
Re: [RFC PATCH v2 9/9] Smack: Brutalist io_uring support with debug
On Tue, Aug 31, 2021 at 11:03 AM Casey Schaufler wrote: > On 8/31/2021 7:44 AM, Paul Moore wrote: > > > > Casey, with the idea of posting a v3 towards the end of the merge > > window next week, without the RFC tag and with the intention of > > merging it into -next during the first/second week of the -rcX phase, > > do you have any objections to me removing the debug code (#if 1 ... > > #endif) from your patch? Did you have any other changes? > > I have no other changes. And yes, the debug code should be stripped. > Thank you. Great, I'll remove that code for the v3 dump. -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit
Re: [RFC PATCH v2 9/9] Smack: Brutalist io_uring support with debug
On 8/31/2021 7:44 AM, Paul Moore wrote:
> On Wed, Aug 11, 2021 at 4:49 PM Paul Moore wrote:
>> From: Casey Schaufler
>>
>> Add Smack privilege checks for io_uring. Use CAP_MAC_OVERRIDE
>> for the override_creds case and CAP_MAC_ADMIN for creating a
>> polling thread. These choices are based on conjecture regarding
>> the intent of the surrounding code.
>>
>> Signed-off-by: Casey Schaufler
>> [PM: make the smack_uring_* funcs static]
>> Signed-off-by: Paul Moore
>>
>> ---
>> v2:
>> - made the smack_uring_* funcs static
>> v1:
>> - initial draft
>> ---
>> security/smack/smack_lsm.c | 64
>>
>> 1 file changed, 64 insertions(+)
>>
>> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
>> index 223a6da0e6dc..7fb094098f38 100644
>> --- a/security/smack/smack_lsm.c
>> +++ b/security/smack/smack_lsm.c
>> @@ -4691,6 +4691,66 @@ static int smack_dentry_create_files_as(struct dentry
>> *dentry, int mode,
>> return 0;
>> }
>>
>> +#ifdef CONFIG_IO_URING
>> +/**
>> + * smack_uring_override_creds - Is io_uring cred override allowed?
>> + * @new: the target creds
>> + *
>> + * Check to see if the current task is allowed to override it's credentials
>> + * to service an io_uring operation.
>> + */
>> +static int smack_uring_override_creds(const struct cred *new)
>> +{
>> + struct task_smack *tsp = smack_cred(current_cred());
>> + struct task_smack *nsp = smack_cred(new);
>> +
>> +#if 1
>> + if (tsp->smk_task == nsp->smk_task)
>> + pr_info("%s: Smack matches %s\n", __func__,
>> + tsp->smk_task->smk_known);
>> + else
>> + pr_info("%s: Smack override check %s to %s\n", __func__,
>> + tsp->smk_task->smk_known, nsp->smk_task->smk_known);
>> +#endif
> Casey, with the idea of posting a v3 towards the end of the merge
> window next week, without the RFC tag and with the intention of
> merging it into -next during the first/second week of the -rcX phase,
> do you have any objections to me removing the debug code (#if 1 ...
> #endif) from your patch? Did you have any other changes?
I have no other changes. And yes, the debug code should be stripped.
Thank you.
>
>
> --
> paul moore
> www.paul-moore.com
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
Re: [RFC PATCH v2 9/9] Smack: Brutalist io_uring support with debug
On Wed, Aug 11, 2021 at 4:49 PM Paul Moore wrote:
>
> From: Casey Schaufler
>
> Add Smack privilege checks for io_uring. Use CAP_MAC_OVERRIDE
> for the override_creds case and CAP_MAC_ADMIN for creating a
> polling thread. These choices are based on conjecture regarding
> the intent of the surrounding code.
>
> Signed-off-by: Casey Schaufler
> [PM: make the smack_uring_* funcs static]
> Signed-off-by: Paul Moore
>
> ---
> v2:
> - made the smack_uring_* funcs static
> v1:
> - initial draft
> ---
> security/smack/smack_lsm.c | 64
>
> 1 file changed, 64 insertions(+)
>
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 223a6da0e6dc..7fb094098f38 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -4691,6 +4691,66 @@ static int smack_dentry_create_files_as(struct dentry
> *dentry, int mode,
> return 0;
> }
>
> +#ifdef CONFIG_IO_URING
> +/**
> + * smack_uring_override_creds - Is io_uring cred override allowed?
> + * @new: the target creds
> + *
> + * Check to see if the current task is allowed to override it's credentials
> + * to service an io_uring operation.
> + */
> +static int smack_uring_override_creds(const struct cred *new)
> +{
> + struct task_smack *tsp = smack_cred(current_cred());
> + struct task_smack *nsp = smack_cred(new);
> +
> +#if 1
> + if (tsp->smk_task == nsp->smk_task)
> + pr_info("%s: Smack matches %s\n", __func__,
> + tsp->smk_task->smk_known);
> + else
> + pr_info("%s: Smack override check %s to %s\n", __func__,
> + tsp->smk_task->smk_known, nsp->smk_task->smk_known);
> +#endif
Casey, with the idea of posting a v3 towards the end of the merge
window next week, without the RFC tag and with the intention of
merging it into -next during the first/second week of the -rcX phase,
do you have any objections to me removing the debug code (#if 1 ...
#endif) from your patch? Did you have any other changes?
--
paul moore
www.paul-moore.com
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
