On Fri, Jan 25, 2019 at 11:15 AM Ondrej Mosnacek wrote:
>
> On Fri, Jan 25, 2019 at 2:49 PM Stephen Smalley wrote:
> > On 1/25/19 5:06 AM, Ondrej Mosnacek wrote:
> > > These BUG_ONs do not really protect from any catastrophic situation so
> > > there is no need to have them there.
> >
> > They ar
On Fri, Jan 25, 2019 at 5:07 AM Ondrej Mosnacek wrote:
>
> In case a file has an invalid context set, in an AVC record generated
> upon access to such file, the target context is always reported as
> unlabeled. This patch adds new optional fields to the AVC record
> (srawcon and trawcon) that repo
On 2019-01-25 16:45, Paul Moore wrote:
> On Wed, Jan 23, 2019 at 1:35 PM Richard Guy Briggs wrote:
> > Don't fetch fcaps when umount2 is called to avoid a process hang while
> > it waits for the missing resource to (possibly never) re-appear.
> >
> > Note the comment above user_path_mountpoint_at(
On Fri, Jan 25, 2019 at 5:07 AM Ondrej Mosnacek wrote:
>
> We don't need to crash the machine in these cases. Let's just detect the
> buggy state early and error out with a warning.
>
> Signed-off-by: Ondrej Mosnacek
> ---
> security/selinux/avc.c | 5 +++--
> 1 file changed, 3 insertions(+), 2
On Fri, Jan 25, 2019 at 5:07 AM Ondrej Mosnacek wrote:
>
> avc_dump_av() and avc_dump_query() are each used only in one place. Get
> rid of them and open code their contents in the call sites.
>
> Signed-off-by: Ondrej Mosnacek
> ---
> security/selinux/avc.c | 140 +--
On Tue, Jan 22, 2019 at 5:08 PM Richard Guy Briggs wrote:
>
> Pull together all the audit syscall watch, mark and tree prototypes and
> stubs into the same ifdef.
>
> Signed-off-by: Richard Guy Briggs
> ---
> kernel/audit.h | 64
> ++
> 1
On Wed, Jan 23, 2019 at 1:35 PM Richard Guy Briggs wrote:
> Don't fetch fcaps when umount2 is called to avoid a process hang while
> it waits for the missing resource to (possibly never) re-appear.
>
> Note the comment above user_path_mountpoint_at():
> * A umount is a special case for path walki
On Wed, Jan 23, 2019 at 1:35 PM Richard Guy Briggs wrote:
> Like commit 42d5e37654e4 ("audit: filter PATH records keyed on
> filesystem magic") that addresses
> https://github.com/linux-audit/audit-kernel/issues/8
>
> Any user or remote filesystem could become unavailable and effectively
> block o
On Wed, Jan 23, 2019 at 9:37 PM Richard Guy Briggs wrote:
>
> V3 namespaced file capabilities were introduced in
> commit 8db6c34f1dbc ("Introduce v3 namespaced file capabilities")
>
> Add support for these by adding the "frootid" field to the existing
> fcaps fields in the NAME and BPRM_FCAPS rec
On 2019-01-22 17:07, Richard Guy Briggs wrote:
> Remove audit_context from struct task_struct and struct audit_buffer
> when CONFIG_AUDIT is enabled but CONFIG_AUDITSYSCALL is not.
>
> Also, audit_log_name() (and supporting inode and fcaps functions) should
> have been put back in auditsc.c when s
On Tue, Jan 22, 2019 at 5:07 PM Richard Guy Briggs wrote:
> loginuid and sessionid (and audit_log_session_info) should be part of
> CONFIG_AUDIT scope and not CONFIG_AUDITSYSCALL since it is used in
> CONFIG_CHANGE, ANOM_LINK, FEATURE_CHANGE (and INTEGRITY_RULE), none of
> which are otherwise depe
On Fri, Jan 25, 2019 at 4:53 AM Ondrej Mosnacek wrote:
> On Tue, Jan 22, 2019 at 8:42 PM Paul Moore wrote:
> > On Mon, Jan 21, 2019 at 10:36 AM Ondrej Mosnacek
> > wrote:
> > > In case a file has an invalid context set, in an AVC record generated
> > > upon access to such file, the target conte
On Fri, Jan 25, 2019 at 2:49 PM Stephen Smalley wrote:
> On 1/25/19 5:06 AM, Ondrej Mosnacek wrote:
> > These BUG_ONs do not really protect from any catastrophic situation so
> > there is no need to have them there.
>
> They are to catch bugs in callers that pass requested==0. That is
> always in
On 1/25/19 5:06 AM, Ondrej Mosnacek wrote:
avc_dump_av() and avc_dump_query() are each used only in one place. Get
rid of them and open code their contents in the call sites.
Signed-off-by: Ondrej Mosnacek
Reviewed-by: Stephen Smalley
---
security/selinux/avc.c | 140 +---
On 1/25/19 5:06 AM, Ondrej Mosnacek wrote:
These BUG_ONs do not really protect from any catastrophic situation so
there is no need to have them there.
They are to catch bugs in callers that pass requested==0. That is
always indicative of a bug in the caller (e.g. failed to correctly
compute
On 1/25/19 5:06 AM, Ondrej Mosnacek wrote:
We don't need to crash the machine in these cases. Let's just detect the
buggy state early and error out with a warning.
Signed-off-by: Ondrej Mosnacek
Reviewed-by: Stephen Smalley
---
security/selinux/avc.c | 5 +++--
1 file changed, 3 inserti
On 1/25/19 5:06 AM, Ondrej Mosnacek wrote:
In case a file has an invalid context set, in an AVC record generated
upon access to such file, the target context is always reported as
unlabeled. This patch adds new optional fields to the AVC record
(srawcon and trawcon) that report the actual context
These BUG_ONs do not really protect from any catastrophic situation so
there is no need to have them there.
Signed-off-by: Ondrej Mosnacek
---
security/selinux/avc.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 5ebad47391c9..478fa421
We don't need to crash the machine in these cases. Let's just detect the
buggy state early and error out with a warning.
Signed-off-by: Ondrej Mosnacek
---
security/selinux/avc.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/security/selinux/avc.c b/security/selinux/av
Changes in v3:
- do some minor refactoring while there
- move new fields to the end of the record
- introduce a new security_sid_to_context_inval() function to get the raw
context instead of (ab)using strcmp() to check if the raw context is
different from the effective one
v2:
https://lore.ke
avc_dump_av() and avc_dump_query() are each used only in one place. Get
rid of them and open code their contents in the call sites.
Signed-off-by: Ondrej Mosnacek
---
security/selinux/avc.c | 140 +
1 file changed, 58 insertions(+), 82 deletions(-)
diff -
In case a file has an invalid context set, in an AVC record generated
upon access to such file, the target context is always reported as
unlabeled. This patch adds new optional fields to the AVC record
(srawcon and trawcon) that report the actual context string if it
differs from the one reported i
On Tue, Jan 22, 2019 at 8:42 PM Paul Moore wrote:
> On Mon, Jan 21, 2019 at 10:36 AM Ondrej Mosnacek wrote:
> > In case a file has an invalid context set, in an AVC record generated
> > upon access to such file, the target context is always reported as
> > unlabeled. This patch adds new optional
23 matches
Mail list logo