On 8/7/2023 7:24 AM, Tetsuo Handa wrote:
> On 2023/08/07 7:01, Steve Grubb wrote:
>> This is where the problem begins. We like to have normalized audit records.
>> Meaning that a type of event defines the fields it contains. In this case
>> subject would be a process label. and there is already a
On 3/3/2023 7:17 AM, Georgia Garcia wrote:
> Hi!
>
> On Tue, 2022-09-27 at 12:53 -0700, Casey Schaufler wrote:
>> Create a struct lsm_id to contain identifying information
>> about Linux Security Modules (LSMs). At inception this contains
>> a single member, which is the
On 1/10/2023 4:08 AM, Anurag Aggarwal wrote:
> Hello All,
>
> I need a method to identify whether the audid version a kernel is
> running supports path based exclusions.
% cat /sys/kernel/security/lsm
This will tell you what security modules are in use. Check whether
any of the modules that use p
On 12/19/2022 9:54 AM, Ondrej Mosnacek wrote:
> Join the two fields that comprise an audit timestamp into a common
> structure. This will be used further in later commits.
Patch 30/39 of my LSM stacking patchset[1] is almost identical to this.
The only significant difference is the structure name.
t is correct. In order to have a LSM identifier token the LSM must
> > be upstream.
>
> at
> https://lkml.kernel.org/r/cahc9vht2azg1f-g3rq4xl7jga3oathafzs1_nvuyeufscj9...@mail.gmail.com
> .
>
> If we can agree that the upstream kernel never refuse to assign LSM ID
On 10/30/2022 9:37 AM, Kees Cook wrote:
> On October 30, 2022 7:02:52 AM PDT, Tetsuo Handa
> wrote:
>> Casey's patchset is trying to provide LSM ID Repository for userspace
>> programs.
>> But an LSM ID value cannot be assigned to that LSM unless that module is
>> available in the upstream kerne
On 10/26/2022 3:19 AM, Tetsuo Handa wrote:
> On 2022/10/26 7:41, Casey Schaufler wrote:
>> You need a built-in LSM that loads and manages loadable
>> security modules.
> That is no longer loadable LSM modules. A loadable LSM module must be capable
> of
> loadin
On 10/25/2022 3:12 PM, Tetsuo Handa wrote:
> On 2022/10/25 23:12, Casey Schaufler wrote:
>> On 10/25/2022 4:20 AM, Tetsuo Handa wrote:
>>> On 2022/10/25 19:26, John Johansen wrote:
>>>> no, Casey is not. He is trying to find a path forward to get LSM
>>>&g
On 10/25/2022 4:20 AM, Tetsuo Handa wrote:
> On 2022/10/25 19:26, John Johansen wrote:
>> no, Casey is not. He is trying to find a path forward to get LSM
>> stacking upstream sooner than later. He has made proposals that
>> admittedly you have not liked, but he has at least tried to propose
>> ide
On 10/12/2022 3:04 PM, Kees Cook wrote:
> On Tue, Sep 27, 2022 at 01:31:55PM -0700, Casey Schaufler wrote:
>> +SYSCALL_DEFINE3(lsm_module_list,
>> + unsigned int __user *, ids,
>> + size_t __user *, size,
>> + int, flags)
> Please
On 10/24/2022 8:13 AM, Tetsuo Handa wrote:
> On 2022/10/24 2:13, Casey Schaufler wrote:
>>> We won't be able to accept whatever LSM modules to upstream, and we won't
>>> be able to enable whatever LSM modules in distributor kernels.
>> A built in module load
On 10/23/2022 3:10 AM, Tetsuo Handa wrote:
> On 2022/10/23 16:27, Tetsuo Handa wrote:
>> On 2022/10/21 8:42, Casey Schaufler wrote:
>>> I will, on the other hand, listen to compelling arguments. It is not the
>>> intention of this code to lock out loadable modules.
On 10/23/2022 12:27 AM, Tetsuo Handa wrote:
> On 2022/10/21 8:42, Casey Schaufler wrote:
>> On 10/13/2022 3:04 AM, Tetsuo Handa wrote:
>>> On 2022/09/28 4:53, Casey Schaufler wrote:
>>>> @@ -483,6 +491,16 @@ void __init security_add_hooks(struct
>>>
On 10/13/2022 3:04 AM, Tetsuo Handa wrote:
> On 2022/09/28 4:53, Casey Schaufler wrote:
>> @@ -483,6 +491,16 @@ void __init security_add_hooks(struct
>> security_hook_list *hooks, int count,
>> {
>> int i;
>>
>> +/*
>> + * A secur
On 10/12/2022 2:14 PM, Mickaël Salaün wrote:
>
> On 27/09/2022 21:53, Casey Schaufler wrote:
>> Add an integer member "id" to the struct lsm_id. This value is
>> a unique identifier associated with each security module. The
>> values are defined in a new UAPI hea
On 10/12/2022 2:19 PM, Mickaël Salaün wrote:
>
> On 27/09/2022 22:31, Casey Schaufler wrote:
>> Create a system call to report the list of Linux Security Modules
>> that are active on the system. The list is provided as an array
>> of LSM ID numbers.
>
> With lsm_sel
On 10/20/2022 8:44 AM, Paul Moore wrote:
> On Tue, Sep 27, 2022 at 3:57 PM Casey Schaufler
> wrote:
>> Create a system call lsm_self_attr() to provide the security
>> module maintained attributes of the current process. Historically
>> these attributes have been exposed t
On 9/14/2022 6:42 AM, Paul Moore wrote:
> On Thu, Sep 8, 2022 at 6:56 PM Casey Schaufler wrote:
>> I am going to start playing with these syscalls. Please help me understand
>> where I have suggested something stoopid.
> Thanks for posting an initial patch that we can use for fu
Create a system call to report the list of Linux Security Modules
that are active on the system. The list is provided as an array
of LSM ID numbers.
Signed-off-by: Casey Schaufler
---
arch/x86/entry/syscalls/syscall_64.tbl | 1 +
include/linux/syscalls.h | 1 +
include/uapi/asm
Add a new boolean function lsm_multiple_contexts() to
identify when multiple security modules provide security
context strings.
Signed-off-by: Casey Schaufler
Acked-by: Paul Moore
Reviewed-by: John Johansen
---
include/linux/security.h | 9 +
1 file changed, 9 insertions(+)
diff
erferes in the multiple LSM case.
Acked-by: Stephen Smalley
Acked-by: John Johansen
Reviewed-by: Kees Cook
Signed-off-by: Casey Schaufler
---
security/apparmor/lsm.c | 20 +---
1 file changed, 1 insertion(+), 19 deletions(-)
diff --git a/security/apparmor/lsm.c b/security/appa
The scaffolding function lsmcontext_init() is no longer used.
Remove it.
Signed-off-by: Casey Schaufler
---
include/linux/security.h | 19 ---
1 file changed, 19 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index c190b9189287..f6a247033556
Remove scaffolding in netlabel audit by keeping subject
lsm information in an lsmblob structure instead of a secid.
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
---
include/net/netlabel.h| 2 +-
net/netlabel/netlabel_unlabeled.c | 4 +---
net/netlabel/netlabel_user.c
Refactor audit_log_task_context(), creating a new
audit_log_subject_context(). This is used in netlabel auditing
to provide multiple subject security contexts as necessary.
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
---
include/linux/audit.h| 7 +++
kernel/audit.c
t;obj=" field in other records in the event will be "obj=?".
An AUDIT_MAC_OBJ_CONTEXTS record is supplied when the system has
multiple security modules that may make access decisions based
on an object security context.
Signed-off-by: Casey Schaufler
Acked-by: Paul Moore
---
i
;subj=" field in other records in the event will be "subj=?".
An AUDIT_MAC_TASK_CONTEXTS record is supplied when the system has
multiple security modules that may make access decisions based
on a subject security context.
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
---
includ
e are currently defined) as have been added
to the list. Functions are created to manage the skb list
in the audit_buffer.
Suggested-by: Paul Moore
Signed-off-by: Casey Schaufler
---
kernel/audit.c | 111 +++--
1 file changed, 89 insertions(+), 22 dele
Replace the timestamp and serial number pair used in audit records
with a structure containing the two elements.
Signed-off-by: Casey Schaufler
Acked-by: Paul Moore
---
kernel/audit.c | 17 +
kernel/audit.h | 13 +
kernel/auditsc.c | 22 +-
3
Replace the osid field in the audit_names structure
with a lsmblob structure. This accommodates the use
of an lsmblob in security_audit_rule_match() and
security_inode_getsecid().
Signed-off-by: Casey Schaufler
Acked-by: Paul Moore
---
kernel/audit.h | 2 +-
kernel/auditsc.c | 22
ISPLAY
the "interface lsm" is used. If the value is LSMBLOB_FIRST
the first security module providing a hook is used.
The integrity IMA subsystem has chosen to always use the
LSMBLOB_FIRST behavior, regardless of the lsm_display values.
Signed-off-by: Casey Schaufler
---
driv
Send an identifier for the security module interface_lsm
along with the security context. This allows the receiver
to verify that the receiver and the sender agree on which
security module's context is being used. If they don't
agree the message is rejected.
Signed-off-by: Casey
Change netlink netfilter interfaces to use lsmcontext
pointers, and remove scaffolding.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Paul Moore
Acked-by: Stephen Smalley
Acked-by: Pablo Neira Ayuso
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
Cc: netfilter-de
netlabel use the lsm_id.slot to access the
correct secid when using netlabel.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
---
include/net/netlabel.h | 8 +--
net/ipv4
new structure.
Special care is taken in the NFS code, which uses the
same data structure for its own copied labels as it does
for the data which comes from security_dentry_init_security().
In the case of copied labels the data has to be freed, not
released.
Signed-off-by: Casey Schaufler
---
fs
new structure.
security_secid_to_secctx() will now return the length value
if the passed lsmcontext pointer is NULL.
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
Cc: linux-audit@redhat.com
Cc: netfilter-de...@vger.kernel.org
---
drivers/android/binder.c| 26
allocates and destroys
them on each use, whereas Smack provides a pointer to an entry
in a list that never goes away.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Paul Moore
Acked-by: Stephen Smalley
Acked-by: Chuck Lever
Signed-off-by: Casey Schaufler
Cc: linux-integr...@vger.
-by: Chuck Lever
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Signed-off-by: Casey Schaufler
Cc: linux-...@vger.kernel.org
---
fs/nfsd/nfs4xdr.c| 23 +--
include/linux/security.h | 5 +++--
security/security.c | 13 +++--
3 files changed, 23
: Paul Moore
Signed-off-by: Casey Schaufler
Cc: linux-integr...@vger.kernel.org
Cc: linux-audit@redhat.com
---
include/linux/security.h| 13 +++--
kernel/auditsc.c| 6 +-
security/integrity/ima/ima_policy.c | 9 +
security/security.c
: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: linux-integr...@vger.kernel.org
Cc: linux-audit@redhat.com
---
drivers/android/binder.c | 12 +--
include/linux/security.h | 7 ---
kernel/audit.c| 25
security module is
responsible for defining its policy.
AppArmor hook initially provided by John Johansen
. SELinux hook initially provided by
Stephen Smalley
Signed-off-by: Casey Schaufler
---
include/linux/security.h | 17
include/uapi/linux/prctl.h | 4 +
security
Johansen
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: linux-integr...@vger.kernel.org
Cc: linux-audit@redhat.com
Cc: net...@vger.kernel.org
---
drivers/android/binder.c | 6 +--
include/linux/security.h | 31 +++---
kernel
-by: John Johansen
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: linux-audit@redhat.com
---
include/linux/security.h | 7 ---
kernel/auditsc.c | 7 ++-
security/security.c | 12 +---
3 files changed, 19 insertions(+), 7 deletions
a secid to a string, as can occur in the
audit code.
Acked-by: Paul Moore
Reviewed-by: Kees Cook
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
Cc: linux-audit@redhat.com
Cc: netfilter-de...@vger.kernel.org
To: Pablo Neira Ayuso
---
drivers/android/binder.c| 12
lsmblob.
Acked-by: Paul Moore
Reviewed-by: Kees Cook
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
Cc: netfilter-de...@vger.kernel.org
To: Pablo Neira Ayuso
---
include/linux/security.h | 26 ++--
kernel/cred.c | 4 +---
net/netfilter
mblob instead of a secid.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
To: David Howells
---
include/linux/cred.h | 3 ++-
include/linux/security.h | 5 +++--
kernel/cred.c| 10 ++
sec
dropped.
Signed-off-by: Casey Schaufler
Acked-by: Paul Moore
Reviewed-by: John Johansen
Cc: linux-audit@redhat.com
---
include/linux/security.h | 5 +++--
kernel/auditfilter.c | 6 --
kernel/auditsc.c | 16 +++-
security/security.c | 5 +++--
4 files changed, 21
registered module
that supports the audit_rule_match() LSM hook. Allow the user
to specify in the IMA policy an lsm= option to specify the
security module to use for a particular rule.
Signed-off-by: Casey Schaufler
To: Mimi Zohar
To: linux-integr...@vger.kernel.org
---
Documentation/ABI/testing
Provide interfaces to map LSM slot numbers and LSM names.
Update the LSM registration code to save this information.
Acked-by: Paul Moore
Reviewed-by: Kees Cook
Signed-off-by: Casey Schaufler
---
include/linux/security.h | 4
security/security.c | 45
s expanded to use an array of
security module data rather than a single instance.
A new structure audit_lsm_rules is defined to avoid the
confusion which commonly accompanies the use of
void ** parameters.
Signed-off-by: Casey Schaufler
---
include/linux/audit.h| 9 -
include/linux
ore
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Signed-off-by: Casey Schaufler
---
include/linux/lsm_hooks.h | 1 +
security/apparmor/include/net.h | 6 ++-
security/apparmor/lsm.c | 38 --
security/apparmor/net.c |
ctx_len|
--
| unsigned char ctx[ctx_len] |
--
Signed-off-by: Casey Schaufler
---
arch/x86/entry/syscalls/syscall_64.tbl | 1 +
include/linux/syscalls.h | 1 +
include/uapi/asm-generic/unistd.h
ansen
Signed-off-by: Casey Schaufler
To: Mimi Zohar
Cc: linux-integr...@vger.kernel.org
---
include/linux/security.h | 24
security/integrity/ima/ima.h | 26 --
security/security.c | 21 +
3 files changed, 45 inser
will provide a minor performance improvement.
Signed-off-by: Casey Schaufler
---
fs/proc/base.c | 29 +++--
fs/proc/internal.h | 2 +-
include/linux/security.h | 11 +--
security/security.c | 11 +--
4 files changed, 26 insertions(+
As LSMs are registered add their lsm_id pointers to a table.
This will be used later for attribute reporting.
Signed-off-by: Casey Schaufler
---
include/linux/security.h | 17 +
security/security.c | 18 ++
2 files changed, 35 insertions(+)
diff --git a
Add an integer member "features" to the struct lsm_id which
identifies the API related data associated with each security
module. The initial set of features maps to information that
has traditionaly been available in /proc/self/attr.
Signed-off-by: Casey Schaufler
---
include/linux/l
lsm_id and
pass it to security_add_hooks().
Signed-off-by: Casey Schaufler
---
include/linux/lsm_hooks.h| 11 +--
security/apparmor/lsm.c | 6 +-
security/bpf/hooks.c | 11 ++-
security/commoncap.c | 6 +-
security/landlock/cred.c | 2
Add an integer member "id" to the struct lsm_id. This value is
a unique identifier associated with each security module. The
values are defined in a new UAPI header file. Each existing LSM
has been updated to include it's LSMID in the lsm_id.
Signed-off-by: Casey Schaufler
---
s describing what is active on the system.
The Ubuntu project is using an earlier version of this patchset in
their distribution to enable stacking for containers.
Performance measurements to date have the change within the "noise".
The sockperf and dbench results are on the order of 0.2% to
attribute
processing for security_[gs]etprocattr().
Signed-off-by: Casey Schaufler
---
arch/x86/entry/syscalls/syscall_64.tbl | 1 +
fs/proc/base.c | 29 ++---
fs/proc/internal.h | 2 +-
include/linux/lsm_hooks.h | 13 ++-
include/linux
On 9/15/2022 7:27 AM, Tetsuo Handa wrote:
> On 2022/09/14 22:56, Paul Moore wrote:
>> On Fri, Sep 9, 2022 at 7:33 AM Tetsuo Handa
>> wrote:
>>> Inclusion into upstream is far from the goal.
>> For better or worse, there is a long history of the upstream Linux
>> Kernel focusing only on in-tree ke
security module is
responsible for defining its policy.
AppArmor hook initially provided by John Johansen
. SELinux hook initially provided by
Stephen Smalley
Signed-off-by: Casey Schaufler
---
include/linux/security.h | 17
include/uapi/linux/prctl.h | 4 +
security
On 9/14/2022 6:57 AM, Tetsuo Handa wrote:
> On 2022/09/13 23:45, Casey Schaufler wrote:
>>> . A security module that manages loadable LSM modules cannot give us a good
>>> answer
>>> if there is a kernel config option to disable the manager security module.
>&
On 9/13/2022 3:47 AM, Tetsuo Handa wrote:
> On 2022/09/13 2:37, Casey Schaufler wrote:
>> That doesn't give us a good answer for loadable modules. The last time I
>> looked
>> seriously at loadable modules I was considering that we'd need a security
>> m
On 9/9/2022 9:17 PM, Tetsuo Handa wrote:
> On 2022/09/09 7:56, Casey Schaufler wrote:
>> Good idea. I'm reading the official how-to-write-a-syscall documentation.
> Can't we use prctl() syscall? We can assign an LSM ID when an (built-in or
> loadable) LSM
> is loaded,
providing the attribute, which
of the possible attributes is provided, the size of the
attribute, and finally the attribute value as a nul terminated
string.
An LSM ID table is introduced to map IDs to security modules.
Signed-off-by: Casey Schaufler
--
arch/x86/entry/syscalls/syscall_64
On 9/8/2022 12:32 PM, Paul Moore wrote:
> On Thu, Sep 8, 2022 at 2:05 PM Casey Schaufler wrote:
>> On 9/7/2022 8:57 PM, Paul Moore wrote:
>>> On Wed, Sep 7, 2022 at 7:53 PM Casey Schaufler
>>> wrote:
>>>> On 9/7/2022 4:27 PM, Paul Moore wrote:
> ..
On 9/7/2022 8:57 PM, Paul Moore wrote:
> On Wed, Sep 7, 2022 at 7:53 PM Casey Schaufler wrote:
>> On 9/7/2022 4:27 PM, Paul Moore wrote:
> ..
>
>>> I
>>> just want an interface that is clearly defined, has reasonable
>>> capacity to be extended in
On 9/8/2022 8:18 AM, Tetsuo Handa wrote:
> On 2022/08/03 9:01, Casey Schaufler wrote:
>> I would like very much to get v38 or v39 of the LSM stacking for Apparmor
>> patch set in the LSM next branch for 6.1. The audit changes have polished
>> up nicely and I believe tha
On 9/7/2022 4:27 PM, Paul Moore wrote:
> On Wed, Sep 7, 2022 at 12:42 PM Casey Schaufler
> wrote:
>> On 9/7/2022 7:41 AM, Paul Moore wrote:
>>> On Tue, Sep 6, 2022 at 8:10 PM John Johansen
>>> wrote:
>>>> On 9/6/22 16:24, Paul Moore wrote:
>>&g
On 9/7/2022 4:04 PM, Paul Moore wrote:
> On Wed, Sep 7, 2022 at 1:08 PM Casey Schaufler wrote:
>> On 9/7/2022 8:13 AM, Paul Moore wrote:
>>> On Tue, Sep 6, 2022 at 8:31 PM Casey Schaufler
>>> wrote:
>>>> On 9/6/2022 4:24 PM, Paul Moore wrote:
>>>&
On 9/7/2022 8:13 AM, Paul Moore wrote:
> On Tue, Sep 6, 2022 at 8:31 PM Casey Schaufler wrote:
>> On 9/6/2022 4:24 PM, Paul Moore wrote:
>>> On Fri, Sep 2, 2022 at 7:14 PM Casey Schaufler
>>> wrote:
>>>> On 9/2/2022 2:30 PM, Paul Moore wrote:
>>
On 9/7/2022 7:41 AM, Paul Moore wrote:
> On Tue, Sep 6, 2022 at 8:10 PM John Johansen
> wrote:
>> On 9/6/22 16:24, Paul Moore wrote:
>>> On Fri, Sep 2, 2022 at 7:14 PM Casey Schaufler
>>> wrote:
>>>> On 9/2/2022 2:30 PM, Paul Moore wrote:
>>>
On 9/6/2022 5:10 PM, John Johansen wrote:
> sorry I am wa behind on this, so starting from here
>
> On 9/6/22 16:24, Paul Moore wrote:
>> I can't currently in good conscience defend the kernel/userspace
>> combined label interfaces as "good", especially when we have a very
>> rare opportunity t
On 9/6/2022 4:24 PM, Paul Moore wrote:
> On Fri, Sep 2, 2022 at 7:14 PM Casey Schaufler wrote:
>> On 9/2/2022 2:30 PM, Paul Moore wrote:
>>> On Tue, Aug 2, 2022 at 8:56 PM Paul Moore wrote:
>>>> On Tue, Aug 2, 2022 at 8:01 PM Casey Schaufler
>>>> wrot
On 9/2/2022 4:14 PM, Casey Schaufler wrote:
> On 9/2/2022 2:30 PM, Paul Moore wrote:
> ...
>> I think it's time to think about a proper set of LSM syscalls.
> At the very least we need a liblsm that preforms a number of useful
> functions
Which would include at least th
On 9/2/2022 2:30 PM, Paul Moore wrote:
> On Tue, Aug 2, 2022 at 8:56 PM Paul Moore wrote:
>> On Tue, Aug 2, 2022 at 8:01 PM Casey Schaufler
>> wrote:
>>> I would like very much to get v38 or v39 of the LSM stacking for Apparmor
>>> patch set in the LSM next
On 8/2/2022 5:56 PM, Paul Moore wrote:
> On Tue, Aug 2, 2022 at 8:01 PM Casey Schaufler wrote:
>> I would like very much to get v38 or v39 of the LSM stacking for Apparmor
>> patch set in the LSM next branch for 6.1. The audit changes have polished
>> up nicely and I believe
I would like very much to get v38 or v39 of the LSM stacking for Apparmor
patch set in the LSM next branch for 6.1. The audit changes have polished
up nicely and I believe that all comments on the integrity code have been
addressed. The interface_lsm mechanism has been beaten to a frothy peak.
Ther
On 7/12/2022 2:42 PM, John Johansen wrote:
> On 6/27/22 17:55, Casey Schaufler wrote:
>> This patchset provides the changes required for
>> the AppArmor security module to stack safely with any other.
>> There are additional changes required for SELinux and Smack
>> to c
erferes in the multiple LSM case.
Acked-by: Stephen Smalley
Acked-by: John Johansen
Reviewed-by: Kees Cook
Signed-off-by: Casey Schaufler
---
security/apparmor/lsm.c | 20 +---
1 file changed, 1 insertion(+), 19 deletions(-)
diff --git a/security/apparmor/lsm.c b/security/appa
The scaffolding function lsmcontext_init() is no longer used.
Remove it.
Signed-off-by: Casey Schaufler
---
include/linux/security.h | 19 ---
1 file changed, 19 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index 890a5f9f043c..a7154cc3ffd1
Remove scaffolding in netlabel audit by keeping subject
lsm information in an lsmblob structure instead of a secid.
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
---
include/net/netlabel.h| 2 +-
net/netlabel/netlabel_unlabeled.c | 4 +---
net/netlabel/netlabel_user.c
one of the
information will be displayed.
Reviewed-by: Kees Cook
Acked-by: John Johansen
Signed-off-by: Casey Schaufler
Cc: linux-...@vger.kernel.org
Cc: linux-...@vger.kernel.org
---
Documentation/security/lsm.rst | 14 +
fs/proc/base.c | 1 +
include/linux/l
Refactor audit_log_task_context(), creating a new
audit_log_subject_context(). This is used in netlabel auditing
to provide multiple subject security contexts as necessary.
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
---
include/linux/audit.h| 7 +++
kernel/audit.c
t;obj=" field in other records in the event will be "obj=?".
An AUDIT_MAC_OBJ_CONTEXTS record is supplied when the system has
multiple security modules that may make access decisions based
on an object security context.
Signed-off-by: Casey Schaufler
Acked-by: Paul Moore
---
i
;subj=" field in other records in the event will be "subj=?".
An AUDIT_MAC_TASK_CONTEXTS record is supplied when the system has
multiple security modules that may make access decisions based
on a subject security context.
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
---
includ
Add a new boolean function lsm_multiple_contexts() to
identify when multiple security modules provide security
context strings.
Signed-off-by: Casey Schaufler
Acked-by: Paul Moore
Reviewed-by: John Johansen
---
include/linux/security.h | 9 +
1 file changed, 9 insertions(+)
diff
e are currently defined) as have been added
to the list. Functions are created to manage the skb list
in the audit_buffer.
Suggested-by: Paul Moore
Signed-off-by: Casey Schaufler
---
kernel/audit.c | 111 +++--
1 file changed, 89 insertions(+), 22 dele
Replace the timestamp and serial number pair used in audit records
with a structure containing the two elements.
Signed-off-by: Casey Schaufler
Acked-by: Paul Moore
---
kernel/audit.c | 17 +
kernel/audit.h | 13 +
kernel/auditsc.c | 22 +-
3
Replace the osid field in the audit_names structure
with a lsmblob structure. This accommodates the use
of an lsmblob in security_audit_rule_match() and
security_inode_getsecid().
Signed-off-by: Casey Schaufler
Acked-by: Paul Moore
---
kernel/audit.h | 2 +-
kernel/auditsc.c | 22
Send an identifier for the security module interface_lsm
along with the security context. This allows the receiver
to verify that the receiver and the sender agree on which
security module's context is being used. If they don't
agree the message is rejected.
Signed-off-by: Casey
ISPLAY
the "interface lsm" is used. If the value is LSMBLOB_FIRST
the first security module providing a hook is used.
The integrity IMA subsystem has chosen to always use the
LSMBLOB_FIRST behavior, regardless of the lsm_display values.
Signed-off-by: Casey Schaufler
---
driv
netlabel use the lsm_id.slot to access the
correct secid when using netlabel.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
---
include/net/netlabel.h | 8 +--
net/ipv4
Change netlink netfilter interfaces to use lsmcontext
pointers, and remove scaffolding.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Paul Moore
Acked-by: Stephen Smalley
Acked-by: Pablo Neira Ayuso
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
Cc: netfilter-de
new structure.
Special care is taken in the NFS code, which uses the
same data structure for its own copied labels as it does
for the data which comes from security_dentry_init_security().
In the case of copied labels the data has to be freed, not
released.
Signed-off-by: Casey Schaufler
---
fs
-by: Chuck Lever
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Signed-off-by: Casey Schaufler
Cc: linux-...@vger.kernel.org
---
fs/nfsd/nfs4xdr.c| 23 +--
include/linux/security.h | 5 +++--
security/security.c | 13 +++--
3 files changed, 23
new structure.
security_secid_to_secctx() will now return the length value
if the passed lsmcontext pointer is NULL.
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
Cc: linux-audit@redhat.com
Cc: netfilter-de...@vger.kernel.org
---
drivers/android/binder.c| 26
allocates and destroys
them on each use, whereas Smack provides a pointer to an entry
in a list that never goes away.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Paul Moore
Acked-by: Stephen Smalley
Acked-by: Chuck Lever
Signed-off-by: Casey Schaufler
Cc: linux-integr...@vger.
ot;interface_lsm" requires that all security modules using
setprocattr hooks allow the action. Each security module is
responsible for defining its policy.
AppArmor hook provided by John Johansen
SELinux hook provided by Stephen Smalley
Signed-off-by: Casey Schaufler
Cc: Kees Cook
Cc: S
: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: linux-integr...@vger.kernel.org
Cc: linux-audit@redhat.com
---
drivers/android/binder.c | 12 +--
include/linux/security.h | 7 ---
kernel/audit.c| 25
1 - 100 of 965 matches
Mail list logo