Re: [PATCH] procfs: add smack subdir to attrs

On Thu, 1 Jun 2017 16:59:24 -0700 Casey Schaufler wrote: > On 6/1/2017 4:38 PM, James Morris wrote: > > On Thu, 1 Jun 2017, Casey Schaufler wrote: > > > >> Subject: [PATCH] procfs: add smack subdir to attrs > > Is there value in this without major stacking support?

Re: [PATCH] procfs: add smack subdir to attrs

On Thu, 1 Jun 2017 16:59:24 -0700 Casey Schaufler wrote: > On 6/1/2017 4:38 PM, James Morris wrote: > > On Thu, 1 Jun 2017, Casey Schaufler wrote: > > > >> Subject: [PATCH] procfs: add smack subdir to attrs > > Is there value in this without major stacking support? > > Yes. If a Smack

Re: [PATCH] LSM: Convert security_hook_heads into explicit array of struct list_head

On Tue, 30 May 2017 23:29:10 +0900 Tetsuo Handa wrote: > James Morris wrote: > > On Sun, 28 May 2017, Tetsuo Handa wrote: > > > > > can afford enabling". And we know that we cannot merge all > > > security modules into mainline. Thus, allowing LKM-based LSM

Re: [PATCH] LSM: Convert security_hook_heads into explicit array of struct list_head

On Tue, 30 May 2017 23:29:10 +0900 Tetsuo Handa wrote: > James Morris wrote: > > On Sun, 28 May 2017, Tetsuo Handa wrote: > > > > > can afford enabling". And we know that we cannot merge all > > > security modules into mainline. Thus, allowing LKM-based LSM > > > modules is inevitable. > >

Re: [RFC DRAFT] Adds PUI: process unic identifier

kind of clock+pid(ns) would be able to replace at lower resource cost what I proposed. That leads to use of 128 bits puids but without changing anything in {pid,pid_namespace}.[ch]. Great! But I still have to check. I wanted to get advices first so I didn't sent the fs part of pui because it is not still existing. This fs part will allow access to task by their pui. I'll probably send an update in a month or more. Best regards José Bollo

Re: [RFC DRAFT] Adds PUI: process unic identifier

kind of clock+pid(ns) would be able to replace at lower resource cost what I proposed. That leads to use of 128 bits puids but without changing anything in {pid,pid_namespace}.[ch]. Great! But I still have to check. I wanted to get advices first so I didn't sent the fs part of pui because it is not still existing. This fs part will allow access to task by their pui. I'll probably send an update in a month or more. Best regards José Bollo

Re: [RFC 1/1] LSM ptags: Add tagging of processes

Le lundi 28 novembre 2016 à 22:41 +0900, Tetsuo Handa a écrit : > Jose Bollo wrote: > > The fact is that ptags is seat behind the implementation of the > > special > > files in /proc/PID/attr/.. Thus, it has to return an allocated > > buffer. > > I'm not aware of what kind of allocation is

Re: [RFC 1/1] LSM ptags: Add tagging of processes

Le lundi 28 novembre 2016 à 22:41 +0900, Tetsuo Handa a écrit : > Jose Bollo wrote: > > The fact is that ptags is seat behind the implementation of the > > special > > files in /proc/PID/attr/.. Thus, it has to return an allocated > > buffer. > > I'm not aware of what kind of allocation is

Re: [RFC 1/1] LSM ptags: Add tagging of processes

Le samedi 26 novembre 2016 à 13:25 +0900, Tetsuo Handa a écrit : > Jose Bollo wrote: > > +/** > > + * is_valid_utf8 - Is buffer a valid utf8 string? snip > Do we really need to check UTF-8 inside kernel? What do you do if > people start using UTF-32 in the future? There was a discussion > about

Re: [RFC 1/1] LSM ptags: Add tagging of processes

Le samedi 26 novembre 2016 à 13:25 +0900, Tetsuo Handa a écrit : > Jose Bollo wrote: > > +/** > > + * is_valid_utf8 - Is buffer a valid utf8 string? snip > Do we really need to check UTF-8 inside kernel? What do you do if > people start using UTF-32 in the future? There was a discussion > about

Re: [PATCH 1/2] ext4: use XATTR_*_PREFIX_LEN instead sizeof(...)

I prefer the use of sizeof that can't be faked even by error but why not Le dimanche 03 janvier 2016 à 20:56 +0100, Toralf Förster a écrit : > use the definition in include/uapi/linux/xattr.h > > Signed-off-by: Toralf Förster > --- > fs/ext4/xattr_security.c | 2 +- > 1 file changed, 1

Re: [PATCH 1/2] ext4: use XATTR_*_PREFIX_LEN instead sizeof(...)

I prefer the use of sizeof that can't be faked even by error but why not Le dimanche 03 janvier 2016 à 20:56 +0100, Toralf Förster a écrit : > use the definition in include/uapi/linux/xattr.h > > Signed-off-by: Toralf Förster > --- > fs/ext4/xattr_security.c | 2 +- > 1

[PATCH v2 1/1] Tags: Adding tagging feature to security modules

he tags that are not specials; - otherwise, processes only keep tags that are prefixed with the character * (star). Because changes only occur through tag files accesses, the notifications might be available to any possible observer. Signed-off-by: José Bollo --- fs/proc/base.c

[PATCH v2 0/1] Tagging: a new Security Module

Security [2] https://wiki.tizen.org/wiki/Security/Tizen_3.X_Cynara [3] https://github.com/jobol/keyzen [4] https://archive.fosdem.org/2015/schedule/event/sec_enforcement/ José Bollo (1): Tags: Adding tagging feature to security modules fs/proc/base.c | 3 + security/Kcon

[PATCH v2 1/1] Tags: Adding tagging feature to security modules

he tags that are not specials; - otherwise, processes only keep tags that are prefixed with the character * (star). Because changes only occur through tag files accesses, the notifications might be available to any possible observer. Signed-off-by: José Bollo <jo...@nonadev.net> --- fs

[PATCH v2 0/1] Tagging: a new Security Module

Security [2] https://wiki.tizen.org/wiki/Security/Tizen_3.X_Cynara [3] https://github.com/jobol/keyzen [4] https://archive.fosdem.org/2015/schedule/event/sec_enforcement/ José Bollo (1): Tags: Adding tagging feature to security modules fs/proc/base.c | 3 + security/Kcon

[PATCH] Smack: getting the Smack security context of keys

With this commit, the LSM Smack implements the LSM side part of the system call keyctl with the action code KEYCTL_GET_SECURITY. It is now possible to get the context of, for example, the user session key using the command "keyctl security @s". Signed-off-by: José Bollo --- secu

[PATCH] Smack: getting the Smack security context of keys

With this commit, the LSM Smack implements the LSM side part of the system call keyctl with the action code KEYCTL_GET_SECURITY. It is now possible to get the context of, for example, the user session key using the command keyctl security @s. Signed-off-by: José Bollo jose.bo

[PATCH] retrieving smack context of keys

ding: 8bit Change-Id: I140648f08dd8fd991be6a9b3a2e649a3677c1be5 Signed-off-by: José Bollo --- security/smack/smack_lsm.c | 30 ++ 1 file changed, 30 insertions(+) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 47ed6a4..285d908 100644 ---

[PATCH] retrieving smack context of keys

reasons of some system failures. For example, it is currently impossible to get the context of the user session key using the command keyctl security @s. This patch (attached) is obvious, it simply implements the missing part of the LSM Smack. I tested and it works fine. Best regards José bollo

[PATCH 1/1] SMACK: Fix handling value==NULL in post setxattr

Signed-off-by: José Bollo --- security/smack/smack_lsm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 3f01cf5..28d482c 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -893,18 +893,20

[PATCH 1/1] SMACK: Fix handling value==NULL in post setxattr

Signed-off-by: José Bollo jose.bo...@open.eurogiciel.org --- security/smack/smack_lsm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 3f01cf5..28d482c 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack