have no objections to it being merged for 4.12.
If it isn't this change is already queued up for the apparmor 4.13
merge
Acked-by: John Johansen
> ---
> security/apparmor/apparmorfs.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/apparmor
On 10/25/22 02:48, Tetsuo Handa wrote:
On 2022/10/25 1:37, Casey Schaufler wrote:
What I'm insisting is that "warrant the freedom to load
loadable LSM modules without recompiling the whole kernel".
Since security modules are optional and the LSM infrastructure
itself is optional you can't en
On 10/26/22 03:19, Tetsuo Handa wrote:
On 2022/10/26 7:41, Casey Schaufler wrote:
You need a built-in LSM that loads and manages loadable
security modules.
That is no longer loadable LSM modules. A loadable LSM module must be capable of
loading any code and using any interface tha
On 10/29/22 21:03, Tetsuo Handa wrote:
On 2022/10/28 19:14, John Johansen wrote:
On 10/26/22 03:19, Tetsuo Handa wrote:
On 2022/10/26 7:41, Casey Schaufler wrote:
You need a built-in LSM that loads and manages loadable
security modules.
That is no longer loadable LSM modules
nly be one LSM capable
>> of display active. A helper function lsm_task_display() is
>> provided to get the display slot for a task_struct.
>>
>> Setting the "display" requires that all security modules using
>> setprocattr hooks allow the action. Each security
t; correct hook.
>
Reviewed-by: John Johansen
> Acked-by: Stephen Smalley
> Signed-off-by: Casey Schaufler
> ---
> fs/nfsd/nfs4xdr.c| 23 +--
> include/linux/security.h | 5 +++--
> security/security.c | 13 +++--
> 3 files
On 7/24/20 1:32 PM, Casey Schaufler wrote:
> Replace the (secctx,seclen) pointer pair with a single
> lsmcontext pointer to allow return of the LSM identifier
> along with the context and context length. This allows
> security_release_secctx() to know how to release the
> context. Callers have been
ll be removed later in the series when security_secctx_to_secid()
> is undated to provide a lsmblob instead of a secid.
>
fix ^ "undated" to updated
> Reviewed-by: Kees Cook
> Reviewed-by: John Johansen
> Acked-by: Stephen Smalley
> Signed-off-by: Casey Scha
me out when the security_secid_to_secctx()
> code is brought in line with the lsmblob.
>
> Signed-off-by: Casey Schaufler
Reviewed-by: John Johansen
> ---
> include/linux/security.h | 7 +--
> include/net/af_unix.h| 2 +-
> include/net/scm.h| 8 +
t() to use a
> lsmblob instead of a u32 secid. In some other cases there is
> scaffolding where interfaces have yet to be converted.
>
> Reviewed-by: Kees Cook
> Signed-off-by: Casey Schaufler
> Cc: net...@vger.kernel.org
one comment below, but its a nice to have so
Reviewed-by: Joh
anded to use an array of
> security module data rather than a single instance.
> Because IMA uses the audit rule functions it is
> affected as well.
>
assuming the config issue Stephan found is fixed
you can have my
Acked-by: John Johansen
> Acked-by: Stephen Smalley
> Acked-by:
) is
> provided to get the display slot for a task_struct.
>
> Setting the "display" requires that all security modules using
> setprocattr hooks allow the action. Each security module is
> responsible for defining its policy.
>
> AppArmor hook provided by John Johan
On 7/28/20 4:41 PM, Casey Schaufler wrote:
> On 7/28/2020 4:11 AM, John Johansen wrote:
>> On 7/24/20 1:32 PM, Casey Schaufler wrote:
>>> Change security_secctx_to_secid() to fill in a lsmblob instead
>>> of a u32 secid. Multiple LSMs may be able to interpret the
>
On 7/24/20 1:32 PM, Casey Schaufler wrote:
> Verify that the tasks on the ends of a binder transaction
> use the same "display" security module. This prevents confusion
> of security "contexts".
>
Reviewed-by: John Johansen
> Reviewed-by: Kees Cook
> Acke
On 7/24/20 1:32 PM, Casey Schaufler wrote:
> Add an entry /proc/.../attr/context which displays the full
> process security "context" in compound format:
> lsm1\0value\0lsm2\0value\0...
> This entry is not writable.
>
> A security module may decide that its policy does not allow
> this inf
ram AppArmor
> hook as it has no effect in the single LSM case and
> interferes in the multiple LSM case.
>
probably should change this to
Acked-by: John Johansen
> Acked-by: Stephen Smalley
> Reviewed-by: Kees Cook
> Reviewed-by: John Johansen
> Signed-off-by: C
On 7/30/20 1:44 PM, Casey Schaufler wrote:
> On 7/30/2020 3:03 AM, John Johansen wrote:
>> On 7/24/20 1:32 PM, Casey Schaufler wrote:
>>> Add an entry /proc/.../attr/context which displays the full
>>> process security "context" in compound format:
&
On 9/3/20 9:32 AM, James Morris wrote:
> On Wed, 26 Aug 2020, Casey Schaufler wrote:
>
>> Create a new audit record type to contain the subject information
>> when there are multiple security modules that require such data.
>> This record is linked with the same timestamp and serial number.
>> The
On 9/5/20 11:13 AM, Casey Schaufler wrote:
> On 9/5/2020 6:25 AM, Paul Moore wrote:
>> On Fri, Sep 4, 2020 at 7:58 PM Casey Schaufler
>> wrote:
>>> On 9/4/2020 2:53 PM, Paul Moore wrote:
On Fri, Sep 4, 2020 at 5:35 PM Casey Schaufler
wrote:
> On 9/4/2020 1:08 PM, Paul Moore wrote:
On 9/8/20 6:35 AM, Stephen Smalley wrote:
> On Mon, Sep 7, 2020 at 9:28 PM Stephen Smalley
> wrote:
>>
>> On Sat, Sep 5, 2020 at 3:07 PM John Johansen
>> wrote:
>>>
>>> On 9/5/20 11:13 AM, Casey Schaufler wrote:
>>>> On 9/5/2020 6:25 AM,
On 9/8/20 4:37 PM, Casey Schaufler wrote:
> On 9/8/2020 6:35 AM, Stephen Smalley wrote:
>> On Mon, Sep 7, 2020 at 9:28 PM Stephen Smalley
>> wrote:
>>> On Sat, Sep 5, 2020 at 3:07 PM John Johansen
>>> wrote:
>>>> On 9/5/20 11:13 AM, Casey Schaufler
On 9/9/20 11:19 AM, Casey Schaufler wrote:
> On 9/9/2020 6:19 AM, Stephen Smalley wrote:
>> On Tue, Sep 8, 2020 at 8:21 PM John Johansen
>> wrote:
>>> On 9/8/20 4:37 PM, Casey Schaufler wrote:
>>>> On 9/8/2020 6:35 AM, Stephen Smalley wrote:
>>>>
On 9/9/20 6:19 AM, Stephen Smalley wrote:
> On Tue, Sep 8, 2020 at 8:21 PM John Johansen
> wrote:
>>
>> On 9/8/20 4:37 PM, Casey Schaufler wrote:
>>> On 9/8/2020 6:35 AM, Stephen Smalley wrote:
>>>> On Mon, Sep 7, 2020 at 9:28 PM Stephen Smalley
>>&g
A backport of v20 of this series has landed in the ubuntu 20.10 kernel.
It defaults to just apparmor as the major LSM so stacking of apparmor
with selinux or smack is not being tested by default, but it is
exercising the LSM changes.
On 10/12/20 1:19 PM, Casey Schaufler wrote:
> This patchset pro
t;>> provided to get the display slot for a task_struct.
>>>>
>>>> Setting the "display" requires that all security modules using
>>>> setprocattr hooks allow the action. Each security module is
>>>> responsible for defining its policy.
On 11/9/20 2:28 PM, Casey Schaufler wrote:
> On 11/7/2020 2:05 PM, John Johansen wrote:
>> On 11/7/20 1:15 AM, Greg KH wrote:
>>> On Fri, Nov 06, 2020 at 04:20:43PM -0800, Casey Schaufler wrote:
>>>> On 11/5/2020 1:22 AM, Greg KH wrote:
>>>>> On
On 2/19/21 3:29 PM, Paul Moore wrote:
> With the split of the security_task_getsecid() into subjective and
> objective variants it's time to update Smack to ensure it is using
> the correct task creds.
>
> Signed-off-by: Paul Moore
first pass looks good to me
> ---
> security/smack/smack.h
On 2/19/21 3:29 PM, Paul Moore wrote:
> SELinux has a function, task_sid(), which returns the task's
> objective credentials, but unfortunately is used in a few places
> where the subjective task credentials should be used. Most notably
> in the new security_task_getsecid_subj() LSM hook.
>
> Thi
On 2/19/21 3:29 PM, Paul Moore wrote:
> With the split of the security_task_getsecid() into subjective and
> objective variants it's time to update AppArmor to ensure it is
> using the correct task creds.
>
> Signed-off-by: Paul Moore
This has a couple problems, that I will work on addressing
On 2/19/21 3:29 PM, Paul Moore wrote:
> Of the three LSMs that implement the security_task_getsecid() LSM
> hook, all three LSMs provide the task's objective security
> credentials. This turns out to be unfortunate as most of the hook's
> callers seem to expect the task's subjective credentials, a
On 3/9/21 4:28 PM, Paul Moore wrote:
> On Wed, Mar 3, 2021 at 7:44 PM Paul Moore wrote:
>> On Sun, Feb 21, 2021 at 7:51 AM John Johansen
>> wrote:
>>> On 2/19/21 3:29 PM, Paul Moore wrote:
>>>> Of the three LSMs that implement the security_task_getsecid() L
l be up to the latter
> LSM specific patches in this series to change the hook
> implementations and return the correct credentials.
>
> Signed-off-by: Paul Moore
Reviewed-by: John Johansen
> ---
> drivers/android/binder.c |2 +-
> include/linux/cred.
On 2/19/21 3:29 PM, Paul Moore wrote:
> With the split of the security_task_getsecid() into subjective and
> objective variants it's time to update Smack to ensure it is using
> the correct task creds.
>
> Signed-off-by: Paul Moore
Reviewed-by: John Johansen
> ---
&g
On 2/19/21 3:29 PM, Paul Moore wrote:
> SELinux has a function, task_sid(), which returns the task's
> objective credentials, but unfortunately is used in a few places
> where the subjective task credentials should be used. Most notably
> in the new security_task_getsecid_subj() LSM hook.
>
> Thi
ule to apply
> filters to. If not specified, use the first registered module
> that supports the audit_rule_match() LSM hook. Allow the user
> to specify in the IMA policy an lsm= option to specify the
> security module to use for a particular rule.
>
> Signed-off-by: Casey
t
> want exported.
>
> Signed-off-by: Casey Schaufler
> Acked-by: Paul Moore
Reviewed-by: John Johansen
> ---
> include/linux/security.h | 24
> security/integrity/ima/ima.h | 26 --
> security/security.c | 21 +++
o use the blob structure later in the series.
> At the point the use of lsmblob_init() is dropped.
>
> Signed-off-by: Casey Schaufler
> Acked-by: Paul Moore
Reviewed-by: John Johansen
> Cc: linux-audit@redhat.com
> ---
> include/linux/security.h | 5 +++--
> ke
On 4/18/22 07:59, Casey Schaufler wrote:
> Provide interfaces to map LSM slot numbers and LSM names.
> Update the LSM registration code to save this information.
>
> Acked-by: Paul Moore
> Reviewed-by: Kees Cook
> Signed-off-by: Casey Schaufler
Reviewed-by: John Johansen
policy does not allow
> this information to be displayed. In this case none of the
> information will be displayed.
>
> Reviewed-by: Kees Cook
> Signed-off-by: Casey Schaufler
Acked-by: John Johansen
> Cc: linux-...@vger.kernel.org
> Cc: linux-...@vger.kernel.org
> ---
>
On 4/18/22 07:59, Casey Schaufler wrote:
> Add a new boolean function lsm_multiple_contexts() to
> identify when multiple security modules provide security
> context strings.
>
> Signed-off-by: Casey Schaufler
Reviewed-by: John Johansen
> ---
> include/linux/security
On 4/18/22 07:59, Casey Schaufler wrote:
> Replace the osid field in the audit_names structure
> with a lsmblob structure. This accomodates the use
> of an lsmblob in security_audit_rule_match() and
> security_inode_getsecid().
>
> Signed-off-by: Casey Schaufler
> Acked-by: Paul Moore
> ---
> k
On 4/18/22 07:59, Casey Schaufler wrote:
> Replace the timestamp and serial number pair used in audit records
> with a structure containing the two elements.
>
> Signed-off-by: Casey Schaufler
> Acked-by: Paul Moore
> ---
> kernel/audit.c | 17 +
> kernel/audit.h | 12 ++
On 4/18/22 07:59, Casey Schaufler wrote:
> Add a parameter to security_secid_to_secctx() to identify
> which of the security modules that may be active should
> provide the security context. If the parameter is greater
> than or equal to zero, the security module associated with
> that LSM "slot" i
ased
> on a subject security context.
>
> Functions are created to manage the skb list in the audit_buffer.
>
> Signed-off-by: Casey Schaufler
Besides moving the aux fns, and the whining below
Reviewed-by: John Johansen
> ---
> include/uapi/linux/audit.h | 1 +
> kernel/au
On 4/18/22 07:59, Casey Schaufler wrote:
> Replace the single skb pointer in an audit_buffer with
> a list of skb pointers. Add the audit_stamp information
> to the audit_buffer as there's no guarantee that there
> will be an audit_context containing the stamp associated
> with the event. At audit_
On 4/18/22 07:59, Casey Schaufler wrote:
> Create a new audit record AUDIT_MAC_OBJ_CONTEXTS.
> An example of the MAC_OBJ_CONTEXTS (1421) record is:
>
> type=MAC_OBJ_CONTEXTS[1421]
> msg=audit(1601152467.009:1050):
> obj_selinux=unconfined_u:object_r:user_home_t:s0
>
> When an audit ev
On 4/26/22 11:03, Paul Moore wrote:
> On Mon, Apr 25, 2022 at 7:31 PM John Johansen
> wrote:
>> On 4/18/22 07:59, Casey Schaufler wrote:
>>> Replace the timestamp and serial number pair used in audit records
>>> with a structure containing the two elements.
>>
On 4/26/22 11:12, Paul Moore wrote:
> On Mon, Apr 25, 2022 at 9:06 PM John Johansen
> wrote:
>> On 4/18/22 07:59, Casey Schaufler wrote:
>>> Replace the single skb pointer in an audit_buffer with
>>> a list of skb pointers. Add the audit_stamp information
>>
On 4/26/22 11:15, Paul Moore wrote:
> On Mon, Apr 25, 2022 at 9:08 PM John Johansen
> wrote:
>> On 4/18/22 07:59, Casey Schaufler wrote:
>>> Create a new audit record AUDIT_MAC_TASK_CONTEXTS.
>>> An example of the MAC_TASK_CONTEXTS (1420) record is:
>>&
On 4/26/22 11:57, Paul Moore wrote:
> On Mon, Apr 25, 2022 at 11:38 PM John Johansen
> wrote:
>> On 4/18/22 07:59, Casey Schaufler wrote:
>>> Create a new audit record AUDIT_MAC_OBJ_CONTEXTS.
>>> An example of the MAC_OBJ_CONTEXTS (1421) record is:
>>
a secid.
> The infrastructure passes the correct entry from the lsmblob.
>
> Acked-by: Paul Moore
> Reviewed-by: Kees Cook
> Signed-off-by: Casey Schaufler
> Cc: net...@vger.kernel.org
> Cc: netfilter-de...@vger.kernel.org
> To: Pablo Neira Ayuso
Reviewed-by: John Johan
to use an array of
> security module data rather than a single instance.
> A new structure audit_lsm_rules is defined to avoid the
> confusion which commonly accompanies the use of
> void ** parameters.
>
> Signed-off-by: Casey Schaufler
> Reviewed-by: Mickaël Salaün
s
On 6/27/22 17:55, Casey Schaufler wrote:
This patchset provides the changes required for
the AppArmor security module to stack safely with any other.
There are additional changes required for SELinux and Smack
to coexist. These are primarily in the networking code and
will be addressed after thes
On 8/2/22 17:56, Paul Moore wrote:
On Tue, Aug 2, 2022 at 8:01 PM Casey Schaufler wrote:
I would like very much to get v38 or v39 of the LSM stacking for Apparmor
patch set in the LSM next branch for 6.1. The audit changes have polished
up nicely and I believe that all comments on the integrity
On 9/6/22 17:39, Casey Schaufler wrote:
On 9/6/2022 5:10 PM, John Johansen wrote:
sorry I am wa behind on this, so starting from here
On 9/6/22 16:24, Paul Moore wrote:
I can't currently in good conscience defend the kernel/userspace
combined label interfaces as "good", esp
sorry I am wa behind on this, so starting from here
On 9/6/22 16:24, Paul Moore wrote:
On Fri, Sep 2, 2022 at 7:14 PM Casey Schaufler wrote:
On 9/2/2022 2:30 PM, Paul Moore wrote:
On Tue, Aug 2, 2022 at 8:56 PM Paul Moore wrote:
On Tue, Aug 2, 2022 at 8:01 PM Casey Schaufler wrote:
I
On 9/7/22 09:41, Casey Schaufler wrote:
On 9/7/2022 7:41 AM, Paul Moore wrote:
On Tue, Sep 6, 2022 at 8:10 PM John Johansen
wrote:
On 9/6/22 16:24, Paul Moore wrote:
On Fri, Sep 2, 2022 at 7:14 PM Casey Schaufler wrote:
On 9/2/2022 2:30 PM, Paul Moore wrote:
On Tue, Aug 2, 2022 at 8:56 PM
On 9/7/22 16:53, Casey Schaufler wrote:
On 9/7/2022 4:27 PM, Paul Moore wrote:
On Wed, Sep 7, 2022 at 12:42 PM Casey Schaufler wrote:
On 9/7/2022 7:41 AM, Paul Moore wrote:
On Tue, Sep 6, 2022 at 8:10 PM John Johansen
wrote:
On 9/6/22 16:24, Paul Moore wrote:
On Fri, Sep 2, 2022 at 7:14
On 9/8/22 11:05, Casey Schaufler wrote:
On 9/7/2022 8:57 PM, Paul Moore wrote:
On Wed, Sep 7, 2022 at 7:53 PM Casey Schaufler wrote:
On 9/7/2022 4:27 PM, Paul Moore wrote:
..
I
just want an interface that is clearly defined, has reasonable
capacity to be extended in the future as needed,
On 9/14/22 06:57, Tetsuo Handa wrote:
On 2022/09/13 23:45, Casey Schaufler wrote:
. A security module that manages loadable LSM modules cannot give us a good
answer
if there is a kernel config option to disable the manager security module.
The community that is absolutely opposed to loadable
On 9/15/22 07:27, Tetsuo Handa wrote:
On 2022/09/15 0:50, Casey Schaufler wrote:
On 9/14/2022 6:57 AM, Tetsuo Handa wrote:
Please distinguish the difference between "enable" and "support" at
https://bugzilla.redhat.com/show_bug.cgi?id=542986#c7 . (By the way,
I hate the word "support", for nobo
Currently audit drops the audit type when an audit message goes through
printk instead of the audit deamon. This is a minor annoyance in
that the audit type is no longer part of the message and the information
the audit type conveys needs to be carried in, or derived from the
message data.
The a
The reporting of the parent task info is a vestage from old versions of
apparmor. The need for this information was removed by unique null-
profiles before apparmor was upstreamed so remove this info from logging.
Signed-off-by: John Johansen
---
security/apparmor/audit.c | 6
Mediation is based off of the cred but auditing includes the current
task which may not be related to the actual request.
Signed-off-by: John Johansen
---
security/apparmor/capability.c | 15 +--
security/apparmor/domain.c | 2 +-
security/apparmor/include
On 08/30/2013 12:56 PM, Richard Guy Briggs wrote:
> On Tue, Aug 27, 2013 at 07:21:55PM +0200, Oleg Nesterov wrote:
>> On 08/20, Richard Guy Briggs wrote:
>>>
>>> Added the functions
>>> task_ppid()
>>> task_ppid_nr_ns()
>>> task_ppid_nr_init_ns()
>>> to safely abstract the l
Now that aa_capabile no longer sets the task field it can be removed
and the lsm_audit version of the field can be used.
Signed-off-by: John Johansen
---
security/apparmor/audit.c | 10 ++
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/security/apparmor/audit.c b/security
On 12/11/2013 06:47 AM, Richard Guy Briggs wrote:
> On Tue, Sep 03, 2013 at 02:31:59PM -0400, Richard Guy Briggs wrote:
>> On Fri, Aug 30, 2013 at 01:37:09PM -0700, John Johansen wrote:
>>> On 08/30/2013 12:56 PM, Richard Guy Briggs wrote:
>>>> On Tue, Aug 27,
On 6/24/19 6:46 PM, Paul Moore wrote:
> On Mon, Jun 24, 2019 at 9:01 PM Casey Schaufler
> wrote:
>> On 6/24/2019 2:33 PM, John Johansen wrote:
>>> On 6/21/19 11:52 AM, Casey Schaufler wrote:
>>>> Change the audit code to store full lsmblob data instead of
>>
On 7/9/19 2:34 PM, Stephen Smalley wrote:
> On 7/9/19 5:18 PM, Casey Schaufler wrote:
>> On 7/9/2019 11:12 AM, Stephen Smalley wrote:
>>> On 7/9/19 1:51 PM, Casey Schaufler wrote:
On 7/9/2019 10:13 AM, Stephen Smalley wrote:
> On 7/3/19 5:25 PM, Casey Schaufler wrote:
>> Create a new e
On 7/21/20 8:19 AM, Paul Moore wrote:
> On Tue, Jul 14, 2020 at 5:00 PM Richard Guy Briggs wrote:
>> On 2020-07-14 16:29, Paul Moore wrote:
>>> On Tue, Jul 14, 2020 at 1:44 PM Richard Guy Briggs wrote:
On 2020-07-14 12:21, Paul Moore wrote:
> On Mon, Jul 13, 2020 at 3:52 PM Richard Guy B
70 matches
Mail list logo
