On Mon, Dec 18, 2023 at 12:21 PM Stephen Smalley
wrote:
> On Tue, Dec 12, 2023 at 8:17 AM Maxime Coquelin
> wrote:
> > This patch introduces a LSM hook for devices creation,
> > destruction (ioctl()) and opening (open()) operations,
> > checking the application is allowed to perform these
> >
On Oct 20, 2023 "Michael S. Tsirkin" wrote:
>
> This patch introduces LSM hooks for devices creation,
> destruction and opening operations, checking the
> application is allowed to perform these operations for
> the Virtio device type.
>
> Signed-off-by: Maxime Coquelin
> ---
>
array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> functions).
>
> As found with Coccinelle[1], add __counted_by for struct sidtab_str_cache.
>
> [1]
> https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
>
> Cc: Paul Moore
> C
On Aug 17, 2023 Paul Moore wrote:
>
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
> (for
/sidtab.c | 21 +
security/selinux/ss/sidtab.h | 4 +
6 files changed, 185 insertions(+), 112 deletions(-)
--
paul moore
www.paul-moore.com
On Sat, Apr 3, 2021 at 11:21 AM Ondrej Mosnacek wrote:
> On Sat, Apr 3, 2021 at 4:33 PM Paul Moore wrote:
> > On Fri, Apr 2, 2021 at 6:35 PM Vijay Balakrishna
> > wrote:
> > >
> > > Seeing oops in 5.4.83 sidtab_context_to_sid(). I checked with Tyler
that Vijay could try?
--
paul moore
www.paul-moore.com
command which causes a
> warning. Documentation/ABI/README describes the valid fields.
>
> Reported-by: Mauro Carvalho Chehab
> Signed-off-by: Richard Guy Briggs
> ---
> .../ABI/stable/procfs-audit_loginuid | 22 +--
> 1 file changed, 11 insertions(+), 11 de
invalid. Line
> Format: %u
>
> You should either drop it or add it to the parser and to the README
> file, if the ABI maintainers are ok with such new field.
Thanks Mauro, I didn't realize there were tools that parsed these files.
Richard, please post a patch that drops the 'Format:' line from the
newly added audit files as soon as possible so I can merge it into
audit/next.
--
paul moore
www.paul-moore.com
On Tue, Mar 30, 2021 at 6:53 PM Pablo Neira Ayuso wrote:
> On Sun, Mar 28, 2021 at 08:50:45PM -0400, Paul Moore wrote:
> [...]
> > Netfilter folks, were you planning to pull this via your tree/netdev
> > or would you like me to merge this via the audit tree? If the latter,
>
you planning to pull this via your tree/netdev
or would you like me to merge this via the audit tree? If the latter,
I would appreciate it if I could get an ACK from one of you; if the
former, my ACK is below.
Acked-by: Paul Moore
--
paul moore
www.paul-moore.com
[NFT_MSG_NEWFLOWTABLE] = AUDIT_NFT_OP_FLOWTABLE_REGISTER,
> + [NFT_MSG_GETFLOWTABLE] = AUDIT_NFT_OP_INVALID,
> + [NFT_MSG_DELFLOWTABLE] = AUDIT_NFT_OP_FLOWTABLE_UNREGISTER,
> +};
The previously reported problem with this as a static still exists,
correct? It does seem like this should live in nf_tables_api.c
doesn't it?
--
paul moore
www.paul-moore.com
do { } while (0)" instead, and change a
> few more that were (void)0, for consistency.
>
> Signed-off-by: Arnd Bergmann
> ---
> v2: convert two more macros
> ---
> kernel/audit.h | 12 ++--
> 1 file changed, 6 insertions(+), 6 deletions(-)
Merged into audit/next, thanks.
--
paul moore
www.paul-moore.com
/services.c | 63 +
3 files changed, 59 insertions(+), 41 deletions(-)
--
paul moore
www.paul-moore.com
d-off-by: Richard Guy Briggs
> ---
> Documentation/ABI/stable/procfs-audit_loginuid | 12
> 1 file changed, 12 insertions(+)
Merged into audit/next, thanks.
--
paul moore
www.paul-moore.com
iggs
> ---
> Documentation/ABI/stable/procfs-audit_loginuid | 15 +++
> 1 file changed, 15 insertions(+)
> create mode 100644 Documentation/ABI/stable/procfs-audit_loginuid
Merged into audit/next, thanks.
--
paul moore
www.paul-moore.com
u...@redhat.com
> +Format:%u (u32)
> +Users: auditd, libaudit, audit-testsuite, login
> +Description:
> + The /proc/$pid/sessionid pseudofile is read to get the
> + audit login session ID of process $pid. It is set
> + automatically, serially assigned with each new login.
> +
--
paul moore
www.paul-moore.com
e
tools/libraries here. I recognize that you like the specificity, but
I do not, and I fear that it will become invalid over time either due
to deprecation of old packages or omission of new ones; the fact that
we are just now adding an entry from 2005 shows how this area of
Documentation can oft
ptions that caused the need for this specificity.
>
> Signed-off-by: Richard Guy Briggs
> ---
> MAINTAINERS | 2 ++
> 1 file changed, 2 insertions(+)
Merged into audit/next, thanks.
--
paul moore
www.paul-moore.com
which gets us back to
this function looking like a reimplementation of
selinux_sk_clone_security(), minus the peer_sid and sclass
initializations (which should be important things to have).
I strongly suggest you try making use of the existing
security_sk_clone() hook in the vsock code, it seems like a better way
to solve this problem.
--
paul moore
www.paul-moore.com
On Tue, Mar 16, 2021 at 10:30 AM Peter Zijlstra wrote:
> On Tue, Mar 16, 2021 at 09:53:21AM -0400, Paul Moore wrote:
> > On Wed, Feb 24, 2021 at 4:59 PM Ondrej Mosnacek wrote:
> > >
> > > Currently, the lockdown state is queried unconditionally, even though
&g
uot;lockdown: Lock down perf when in confidentiality mode")
> Signed-off-by: Ondrej Mosnacek
> ---
> kernel/events/core.c | 12 ++--
> 1 file changed, 6 insertions(+), 6 deletions(-)
Perf/core folks, do you want to pull this in via your tree? If I
don't hear anything
e/asm-generic/audit_*.h
> F: include/linux/audit.h
> F: include/uapi/linux/audit.h
> F: kernel/audit*
> +F: lib/*audit.c
>
> AUXILIARY DISPLAY DRIVERS
> M: Miguel Ojeda Sandonis
> --
> 2.27.0
--
paul moore
www.paul-moore.com
filter")
>
> Signed-off-by: Richard Guy Briggs
> ---
> kernel/auditsc.c | 11 ---
> 1 file changed, 4 insertions(+), 7 deletions(-)
Looks good, merged. Thanks.
--
paul moore
www.paul-moore.com
u32
> +Users: auditd, libaudit, audit-testsuite, login
This should be obvious, but just to be safe - my comment from patch
1/2 also applies here.
> +Description:
> + The /proc/$pid/sessionid pseudofile is read to get the
> + audit login session ID
f
> + AUDIT_FEATURE_LOGINUID_IMMUTABLE is enabled. It cannot be
> + unset if AUDIT_FEATURE_ONLY_UNSET_LOGINUID is enabled.
--
paul moore
www.paul-moore.com
gt;
> Signed-off-by: Xiong Zhenwu
> ---
> security/selinux/include/security.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Merged, thanks.
--
paul moore
www.paul-moore.com
-by: Xiong Zhenwu
> ---
> security/selinux/ss/hashtab.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Merged, thanks.
--
paul moore
www.paul-moore.com
On Fri, Mar 5, 2021 at 2:29 PM Lakshmi Ramasubramanian
wrote:
> On 3/5/21 11:22 AM, Paul Moore wrote:
>
> Hi Paul,
>
> > On Fri, Mar 5, 2021 at 12:57 PM James Bottomley
> > wrote:
> >> On Fri, 2021-03-05 at 12:52 -0500, Paul Moore wrote:
> >&g
On Fri, Mar 5, 2021 at 12:57 PM James Bottomley
wrote:
> On Fri, 2021-03-05 at 12:52 -0500, Paul Moore wrote:
> [...]
> > This draft seems fine to me, but there is a small logistical blocker
> > at the moment which means I can't merge this until -rc2 is released,
>
then whatever policy capabilities are actually
> set in the expected policy (which can be extracted from the policy
> itself via seinfo, for example).
>
> Signed-off-by: Lakshmi Ramasubramanian
> Suggested-by: Stephen Smalley
> Suggested-by: Paul Moore
> ---
> security/selinux
pointers inside I think we should be okay (the
access decision cache pointed to by selinux_state->avc could change
frequently). Have you done any performance measurements of this
change? Assuming they are not terrible, I have no objections to this
patch from a SELinux perspective.
--
paul moore
www.paul-moore.com
ow just closed earlier this week, and there were a
handful of bugs that needed to be addressed before I could look at
this patch. If I don't get a chance to review this patch tonight, I
will try to get to it this weekend or early next week.
--
paul moore
www.paul-moore.com
On Wed, Mar 3, 2021 at 11:20 AM Paul Moore wrote:
> On Wed, Mar 3, 2021 at 10:53 AM syzbot
> wrote:
> >
> > Hello,
> >
> > syzbot found the following issue on:
> >
> > HEAD commit:7a7fd0de Merge branch 'kmap-conversion-for-5.12' of git://..
>
f8880179ecb18 by task syz-executor.5/20110
Almost surely the same problem as the others, I'm currently chasing
down a few remaining spots to make sure the fix I'm working on is
correct.
--
paul moore
www.paul-moore.com
t.
> Does it make any sense?
Looking at it quickly, the logic above seems sane. I wrote this code
a *long* time ago, so let me get my head back into it and make sure
that still holds.
--
paul moore
www.paul-moore.com
.
It's also worth adding that this code really hasn't changed much in a
*long* time, not that this means it isn't broken, just that it might
also be worth looking at other odd memory bugs to see if there is
chance they are wandering around and stomping on memory ...
--
paul moore
www.paul-moore.com
On Mon, Mar 1, 2021 at 5:36 AM Ondrej Mosnacek wrote:
> On Sun, Feb 28, 2021 at 8:21 PM Paul Moore wrote:
> > On Fri, Feb 26, 2021 at 6:12 AM Ondrej Mosnacek wrote:
> > > On Fri, Feb 26, 2021 at 2:07 AM Paul Moore wrote:
> > > > On Wed, Feb 24, 2021 at 4:35 AM O
On Mon, Mar 1, 2021 at 1:08 AM Feng Tang wrote:
>
> Hi Paul,
>
> On Wed, Feb 10, 2021 at 02:21:41AM +0800, Paul Moore wrote:
> > On Tue, Feb 9, 2021 at 1:09 PM kernel test robot wrote:
> > > tree:
> > > https://git.kernel.org/pub/scm/linux/kernel/git/n
On Fri, Feb 26, 2021 at 6:12 AM Ondrej Mosnacek wrote:
> On Fri, Feb 26, 2021 at 2:07 AM Paul Moore wrote:
> > On Wed, Feb 24, 2021 at 4:35 AM Ondrej Mosnacek wrote:
> > > After the switch to RCU, we now have:
> > > 1. Start live conversion of new entries.
> &
out, "/* This file is automatically generated. Do not edit.
> */\n");
> - fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define
> _SELINUX_AV_PERMISSIONS_H_\n\n");
>
> for (i = 0; secclass_map[i].name; i++) {
> struct security_class_mapping *map = _map[i];
> @@ -136,7 +135,6 @@ int main(int argc, char *argv[])
> }
> }
>
> - fprintf(fout, "\n#endif\n");
> fclose(fout);
> exit(0);
> }
> --
> 2.29.2
--
paul moore
www.paul-moore.com
w_sidtab->lock when adding entries to the new_sidtab *should* solve
the problem.
Did I miss something important? ;)
--
paul moore
www.paul-moore.com
y excited about switching back to the read-write lock so quickly,
I'd rather we spend some additional time looking into resolving issues
with the current RCU code.
--
paul moore
www.paul-moore.com
; change here:
>
> https://lore.kernel.org/selinux/20210212185930.130477-3-omosn...@redhat.com/
>
> I'll put these changes through a validation run (the only place that I
> can seem to reproduce this crash) and see how it looks.
Thanks, please let us know what you find out.
--
paul moore
www.paul-moore.com
On Sun, Feb 21, 2021 at 8:07 PM Linus Torvalds
wrote:
>
> On Mon, Feb 15, 2021 at 1:57 PM Paul Moore wrote:
> >
> > - Add support for labeling anonymous inodes, and extend this new
> > support to userfaultfd.
>
> I've pulled this, but I just have to note how mu
() return void
Zheng Yongjun (1):
kernel/audit: convert comma to semicolon
kernel/audit.c | 4 ++--
kernel/auditsc.c | 16
2 files changed, 10 insertions(+), 10 deletions(-)
--
paul moore
www.paul-moore.com
/selinux/ss/hashtab.c | 2 +-
security/selinux/ss/services.c | 10 +--
security/selinux/xfrm.c | 2 +-
23 files changed, 294 insertions(+), 105 deletions(-)
--
paul moore
www.paul-moore.com
better off with ipset IMHO.
>
> Unlike nft monitor, auditd is not designed to be disabled "at will". So
> turning it off for performance-critical workloads is no option.
Patches are always welcome, but it might be wise to get to the bottom
of the certification requirements first.
--
paul moore
www.paul-moore.com
then whatever policy capabilities are actually
> set in the expected policy (which can be extracted from the policy
> itself via seinfo, for example).
>
> Signed-off-by: Lakshmi Ramasubramanian
> Suggested-by: Stephen Smalley
> Suggested-by: Paul Moore
> ---
> security/selinux
On Tue, Feb 2, 2021 at 4:44 PM Daniel Walker (danielwa)
wrote:
> On Tue, Feb 02, 2021 at 04:35:42PM -0500, Paul Moore wrote:
> > On Tue, Feb 2, 2021 at 4:29 PM Daniel Walker wrote:
> > > From: Victor Kamensky
> > >
> > > To efficiently find out wher
various
fork()/exec() syscalls to get an understanding of the various process
(sub)trees on the system. It would require a bit of work to sift
through the audit log and reconstruct the events that led to a process
being started, and generating the AVC you are interested in debugging,
but folks who live The Audit Life supposedly do this sort of thing a
lot (this sort of thing being tracing a process/session).
--
paul moore
www.paul-moore.com
and other audit
> messages ...
Have you tried the new perf tracepoint for SELinux AVC decisions that
trigger an audit event? It's a new feature for v5.10 and looks to
accomplish most of what you are looking for with this patch.
* https://www.paul-moore.com/blog/d/2020/12/linux_v510.html
--
paul moore
www.paul-moore.com
On Sun, Jan 24, 2021 at 12:04 PM Lakshmi Ramasubramanian
wrote:
> On 1/22/21 1:21 PM, Paul Moore wrote:
...
> >> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> >> index 644b17ec9e63..879a0d90615d 100644
> >> --- a/security/selinux/hooks.c
>
().
>
> Signed-off-by: Yang Yang
> Reviewed-by: Richard Guy Briggs
> ---
> kernel/auditsc.c | 16
> 1 file changed, 8 insertions(+), 8 deletions(-)
This is a simple enough patch so I think merging it during -rc5 should
be okay; merged into audit/next - thanks!
--
paul moore
www.paul-moore.com
reduce the number of audit_in_mask()
calls. Actually looking a bit closer there are a number of
improvements that could likely be made, some might have some
performance impacts.
Let me know if you are going to pursue the suggestion above about
reordering the audit_filter_*() functions as I'll hold off on the
other changes.
--
paul moore
www.paul-moore.com
ine with me.
I'm not sure if there is one perfect way. I typically see either a
"From: " line if the author is different from the submitter, or in
more complex cases such as this it seems like a simple note giving
credit in the description might be the best option.
--
paul moore
www.paul-moore.com
onst char __user *buf,
> selinux_status_update_setenforce(state, new_value);
> if (!new_value)
> call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL);
> +
> + mutex_lock(>policy_mutex);
> + selinux_ima_measure_state(state);
> + mutex_unlock(>policy_mutex);
> }
> length = count;
> out:
> @@ -762,6 +767,11 @@ static ssize_t sel_write_checkreqprot(struct file *file,
> const char __user *buf,
>
> checkreqprot_set(fsi->state, (new_value ? 1 : 0));
> length = count;
> +
> + mutex_lock(>state->policy_mutex);
> + selinux_ima_measure_state(fsi->state);
> + mutex_unlock(>state->policy_mutex);
> +
The lock-measure-unlock pattern appears enough that I wonder if we
should move the lock/unlock into selinux_ima_measure_state() and
create a new function, selinux_ima_measure_state_unlocked(), to cover
the existing case in selinux_notify_policy_change(). It would have
the advantage of not requiring a pointless lock/unlock in the case
where CONFIG_IMA=n.
--
paul moore
www.paul-moore.com
56sum /sys/kernel/selinux/policy there to get
> the expected hash.
>
> Signed-off-by: Lakshmi Ramasubramanian
> Suggested-by: Stephen Smalley
> Acked-by: Paul Moore
> Reviewed-by: Tyler Hicks
> ---
> Documentation/ABI/testing/ima_policy | 3 +-
> security/selinux
lter_syscall(AUDIT_FILTER_EXIT), so why not first execute
audit_filter_inodes() and only execute
audit_filter_syscall(AUDIT_FILTER_EXIT) if necessary? It may be that
I'm missing something on this quick look at the code, but I think it
is worth investigating. It's also possible there are other similar
improvements to made.
There is similar code in __audit_free() but that should be less
performance critical.
--
paul moore
www.paul-moore.com
{
/* important stuff */
}
#else
int func(int arg)
{
return 0; /* appropriate return value */
}
#endif
There are probably a few other comments on this patch, but I want us
to discuss the performance impacts of this first as I'm not convinced
this is a solution we want upstream.
--
paul moore
www.paul-moore.com
se to appropriate kernel-doc for anon_inode_getfd_secure().
>
> Signed-off-by: Lukas Bulwahn
> ---
> fs/anon_inodes.c | 21 ++---
> 1 file changed, 14 insertions(+), 7 deletions(-)
Merged into selinux/next with the other related LSM/SELinux anon-inode
patches, thank you!
--
paul moore
www.paul-moore.com
o remove them from the queue outside the
> + * queue and a kthread is scheduled to remove them from the queue outside the
> * irq context. May be called in any context.
> */
> void audit_log_end(struct audit_buffer *ab)
> --
> 2.26.2
--
paul moore
www.paul-moore.com
On Tue, Jan 12, 2021 at 12:15 PM Paul Moore wrote:
>
> On Fri, Jan 8, 2021 at 5:22 PM Lokesh Gidra wrote:
> >
> > Userfaultfd in unprivileged contexts could be potentially very
> > useful. We'd like to harden userfaultfd to make such unprivileged use
> > less r
56sum /sys/kernel/selinux/policy there to get
> the expected hash.
>
> Signed-off-by: Lakshmi Ramasubramanian
> Suggested-by: Stephen Smalley
> Acked-by: Paul Moore
> Reviewed-by: Tyler Hicks
> ---
> Documentation/ABI/testing/ima_policy | 3 +-
> security/selinux
serspace applications are dependent
> on it. Unless everyone is on board that removing the timestamp
> wouldn't be considered a regression, it cannot be upstreamed.
I'm not a fan of merging things which are known to be broken only with
the promise of fixing it later. That goes double when the proper fix
will result in a user visible breaking change.
--
paul moore
www.paul-moore.com
efore this patch: 3510ns.
> after this patch: 8519ns, increase 143%.
>
> Analyse:
> After this patch, rule change time obviously increase. But rule change
> may not happen very often.
>
> [1] CIS is a Linux Benchmarks for security purpose.
> https://www.cisecurity.org/benchmark/distribution_independent_linux/
--
paul moore
www.paul-moore.com
On Wed, Jan 13, 2021 at 6:11 PM Mimi Zohar wrote:
> On Wed, 2021-01-13 at 17:10 -0500, Paul Moore wrote:
> > On Wed, Jan 13, 2021 at 4:11 PM Mimi Zohar wrote:
> > > On Wed, 2021-01-13 at 14:19 -0500, Paul Moore wrote:
> > > > On Wed, Jan 13, 2021 at 2:13 PM Mimi
On Wed, Jan 13, 2021 at 4:11 PM Mimi Zohar wrote:
> On Wed, 2021-01-13 at 14:19 -0500, Paul Moore wrote:
> > On Wed, Jan 13, 2021 at 2:13 PM Mimi Zohar wrote:
> > > On Tue, 2021-01-12 at 11:27 -0500, Paul Moore wrote:
> > > > On Thu, Jan 7, 2021 at 11:07 PM
On Wed, Jan 13, 2021 at 2:13 PM Mimi Zohar wrote:
> On Tue, 2021-01-12 at 11:27 -0500, Paul Moore wrote:
> > On Thu, Jan 7, 2021 at 11:07 PM Tushar Sugandhi
> > wrote:
> > > From: Lakshmi Ramasubramanian
> > >
> > > SELinux stores the active pol
od things to include in the commit description when
submitting patches focused on improving performance.
--
paul moore
www.paul-moore.com
ow soon. If I don't hear anything within
the next day or two I'll go ahead and merge this for linux-next.
Thanks.
--
paul moore
www.paul-moore.com
6 files changed, 149 insertions(+), 11 deletions(-)
> create mode 100644 security/selinux/ima.c
> create mode 100644 security/selinux/include/ima.h
I remain concerned about the possibility of bypassing a measurement by
tampering with the time, but I appear to be the only one who is
worried a
On Fri, Jan 8, 2021 at 2:35 PM Stephen Smalley
wrote:
> On Wed, Jan 6, 2021 at 10:03 PM Paul Moore wrote:
> > On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra wrote:
> > > From: Daniel Colascione
> > >
> > > This change uses the anon_inodes and LSM infrastruct
On Wed, Jan 6, 2021 at 10:55 PM Lokesh Gidra wrote:
> On Wed, Jan 6, 2021 at 7:03 PM Paul Moore wrote:
> > On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra wrote:
> > > From: Daniel Colascione
> > >
> > > This change uses the anon_inodes and LSM infrastruct
On Wed, Jan 6, 2021 at 9:44 PM Lokesh Gidra wrote:
> On Wed, Jan 6, 2021 at 6:10 PM Paul Moore wrote:
> >
> > On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra wrote:
> > > From: Daniel Colascione
> > >
> > > This change adds a new function, anon_inode_
On Wed, Jan 6, 2021 at 9:42 PM dancol wrote:
>
> On 2021-01-06 21:09, Paul Moore wrote:
> > Is it necessary to pass both the context_inode pointer and the secure
> > boolean? It seems like if context_inode is non-NULL then one could
> > assume that a secure anony
INITIALIZED;
> +
> + /*
> +* Now that we've initialized security, check whether we're
> +* allowed to actually create this type of anonymous inode.
> +*/
> +
> + ad.type = LSM_AUDIT_DATA_INODE;
> + ad.u.inode = inode;
> +
> + return avc_has_perm(_state,
> + tsec->sid,
> + isec->sid,
> + isec->sclass,
> + ANON_INODE__CREATE,
> + );
> +}
--
paul moore
www.paul-moore.com
t; flags & (O_ACCMODE | O_NONBLOCK), fops);
> if (IS_ERR(file))
> - goto err;
> + goto err_iput;
>
> - file->f_mapping = anon_inode_inode->i_mapping;
> + file->f_mapping = inode->i_mapping;
>
> file->private_data = priv;
>
> return file;
>
> +err_iput:
> + iput(inode);
> err:
> - iput(anon_inode_inode);
> module_put(fops->owner);
> return file;
> }
> -EXPORT_SYMBOL_GPL(anon_inode_getfile);
--
paul moore
www.paul-moore.com
On Tue, Jan 5, 2021 at 7:38 PM Al Viro wrote:
> On Tue, Jan 05, 2021 at 07:00:59PM -0500, Paul Moore wrote:
...
> > I would expect the problem here to be the currently allocated audit
> > buffer isn't large enough to hold the full audit record, in which case
> > it w
when the buffer was first created. In this
particular case it is GFP_ATOMIC|__GFP_NOWARN, which I believe should
be safe in that it will not sleep on an allocation miss.
I need to go deal with dinner, so I can't trace the entire path at the
moment, but I believe the potential audit buffer allocation is the
main issue.
--
paul moore
www.paul-moore.com
On Mon, Jan 4, 2021 at 6:30 PM Lakshmi Ramasubramanian
wrote:
> On 12/23/20 1:10 PM, Paul Moore wrote:
> Hi Paul,
Hello.
> >> diff --git a/security/selinux/measure.c b/security/selinux/measure.c
> >> new file mode 100644
> >> index ..b7e24358e
On Mon, Dec 14, 2020 at 9:34 PM Paul Moore wrote:
> On Fri, Dec 11, 2020 at 10:33 AM Richard Guy Briggs wrote:
> > On 2020-12-11 16:42, Zheng Yongjun wrote:
> > > Replace a comma between expression statements by a semicolon.
> > >
> > > Signed-off-by: Zh
with policy_mutex held.
> + */
> +int security_read_policy_kernel(struct selinux_state *state,
> + void **data, size_t *len)
Let's call this "security_read_state_kernel()".
> +{
> + struct selinux_policy *policy;
> + int rc = 0;
See below, the rc variable is not needed.
> - *len = (unsigned long)fp.data - (unsigned long)*data;
> - return 0;
> + policy = rcu_dereference_protected(
> + state->policy, lockdep_is_held(>policy_mutex));
> + if (!policy) {
> + rc = -EINVAL;
> + goto out;
Jumping to the out label is a little silly since it is just a return;
do a "return -EINVAL;" here instead.
> + }
> +
> + *len = policy->policydb.len;
> + *data = vmalloc(*len);
> + if (!*data) {
> + rc = -ENOMEM;
> + goto out;
Same as above, "return -ENOMEM;" please.
> + }
>
> + rc = security_read_selinux_policy(policy, *data, len);
You should be able to do "return security_read_selinux_policy(...);" here.
> +
> +out:
> + return rc;
> }
--
paul moore
www.paul-moore.com
> include/linux/sched.h | 7 +-
> init/init_task.c | 3 +-
> init/main.c | 2 +
> kernel/audit.c| 154 +-
> kernel/audit.h| 7 ++
> kernel/auditsc.c | 24 ---
> kernel/fork.c | 1 -
> 10 files changed, 205 insertions(+), 66 deletions(-)
--
paul moore
www.paul-moore.com
value in the "a" assignment.
In the case of this patch, the existing code is actually okay: both
expressions are executed and we don't assign either expression's value
to a variable so it doesn't matter. However, it definitely looks odd
and is something we should fix.
--
paul moore
www.paul-moore.com
/stable-5.11 PR 20201214
Gustavo A. R. Silva (1):
selinux: Fix fall-through warnings for Clang
Ondrej Mosnacek (1):
selinux: drop super_block backpointer from superblock_security_struct
Paul Moore (2):
selinux: fix
--
security/lsm_audit.c | 5 -
4 files changed, 18 insertions(+), 42 deletions(-)
--
paul moore
www.paul-moore.com
For example,
>
> * Sets the smack pointer in the inode security blob
> */
> static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
> {
> struct inode_smack *isp = smack_inode(inode);
> struct smack_known *skp = smk_of_task_struct(p);
>
> isp->smk_inode = skp;
> isp->smk_flags |= SMK_INODE_INSTANT;
> }
>
> That seems to do rather more than checking the file type bits.
--
paul moore
www.paul-moore.com
> [-Wunused-macros]
>
> AUDIT_UNINITIALIZED and AUDITSC_INVALID are still meaningful and should
> be in incorporated.
>
> Just remove AUDIT_AUX_IPCPERM.
>
> Thanks comments from Richard Guy Briggs and Paul Moore.
>
> Signed-off-by: Alex Shi
> Cc: Paul Moore
> Cc: Ri
On Tue, Nov 24, 2020 at 3:44 PM Lokesh Gidra wrote:
> On Mon, Nov 23, 2020 at 2:43 PM Paul Moore wrote:
> > On Mon, Nov 23, 2020 at 2:21 PM Lokesh Gidra wrote:
> > > On Sun, Nov 22, 2020 at 3:14 PM Paul Moore wrote:
> > > > On Wed, Nov 18, 2020 at 5:39 P
om_file(NULL);
> + break;
> default:
> break;
> }
> --
> 2.27.0
--
paul moore
www.paul-moore.com
On Mon, Nov 23, 2020 at 2:21 PM Lokesh Gidra wrote:
> On Sun, Nov 22, 2020 at 3:14 PM Paul Moore wrote:
> > On Wed, Nov 18, 2020 at 5:39 PM Lokesh Gidra wrote:
> > > I have created a cuttlefish build and have tested with the attached
> > > userfaultfd program:
&g
denied
>
> with the following logcat message:
> 11-18 14:33:29.142 2028 2028 W userfaultfdSimp: type=1400
> audit(0.0:104): avc: denied { ioctl } for
> path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=41169
> ioctlcmd=0xaa3f scontext=u:r:userfaultfdSimple:s0
> tcontext=u:object_r:uffd_t:s0 tclass=anon_inode permissive=0
--
paul moore
www.paul-moore.com
R 20201113
Chen Zhou (1):
selinux: Fix error return code in sel_ib_pkey_sid_slow()
security/selinux/ibpkey.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--
paul moore
www.paul-moore.com
treival of PKey
> SIDs")
> Reported-by: Hulk Robot
> Signed-off-by: Chen Zhou
> ---
> security/selinux/ibpkey.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
Thanks for the fix! I've merged this into the selinux/stable-5.10
branch and I'll send this up to Linu
On Tue, Nov 10, 2020 at 10:30 PM Lokesh Gidra wrote:
> On Tue, Nov 10, 2020 at 6:13 PM Paul Moore wrote:
> > On Tue, Nov 10, 2020 at 1:24 PM Lokesh Gidra wrote:
> > > On Mon, Nov 9, 2020 at 7:12 PM Paul Moore wrote:
> > > > On Fri, Nov 6, 2020 at 10:56 A
ernel/auditsc.c:104:0: warning: macro "AUDIT_AUX_IPCPERM" is not used
> > [-Wunused-macros]
> > kernel/auditsc.c:82:0: warning: macro "AUDITSC_INVALID" is not used
> > [-Wunused-macros]
> >
> > remove them to tame gcc.
> >
> > Signed-off-by: Al
On Tue, Nov 10, 2020 at 1:24 PM Lokesh Gidra wrote:
> On Mon, Nov 9, 2020 at 7:12 PM Paul Moore wrote:
> > On Fri, Nov 6, 2020 at 10:56 AM Lokesh Gidra wrote:
> > >
> > > From: Daniel Colascione
> > >
> > > This change uses the
link),
> diff --git a/security/selinux/include/classmap.h
> b/security/selinux/include/classmap.h
> index 40cebde62856..ba2e01a6955c 100644
> --- a/security/selinux/include/classmap.h
> +++ b/security/selinux/include/classmap.h
> @@ -249,6 +249,8 @@ struct security_class_mapping secclass_map[] = {
> {"open", "cpu", "kernel", "tracepoint", "read", "write"} },
> { "lockdown",
> { "integrity", "confidentiality", NULL } },
> + { "anon_inode",
> + { COMMON_FILE_PERMS, NULL } },
> { NULL }
>};
>
--
paul moore
www.paul-moore.com
gt;> is going away.
> >>
> > But this sysfs file will still be present and workable on LTS kernel
> > versions, so
> > is the proposed fixe OK for these LTS kernel versions ?
>
> It's not my call to make. Paul Moore has the voice that matters here.
> I think
1 - 100 of 2279 matches
Mail list logo
