k.
Further changes to Smack might still be required to take full advantage of
this change, since it should now be possible to perform capability
checking based on the supplied cred. The changes to Smack and AppArmor
have only been compile-tested.
Signed-off-by: Stephen Smalley
---
drivers/usb/co
On Thu, 2017-07-06 at 10:36 -0400, Paul Moore wrote:
> On Thu, Jul 6, 2017 at 9:30 AM, Paul Moore
> wrote:
> > On Thu, Jul 6, 2017 at 1:32 AM, John Stultz > > wrote:
> > > Hey folks,
> > > I updated my HiKey kernel tree to linus/master today and it
> > > stopped
> > > booting (hitting errors a
On Thu, 2017-06-22 at 14:59 -0400, Stefan Berger wrote:
> Before the current modifications, SELinux extended attributes were
> visible inside the user namespace but changes in patch 1 hid them.
> This patch enables security.selinux in user namespaces and allows
> them to be written to in the same w
On Tue, 2017-06-20 at 15:49 -0400, Paul Moore wrote:
> On Mon, Jun 19, 2017 at 5:33 PM, Luis Ressel wrote:
> > For PF_UNIX, SOCK_RAW is synonymous with SOCK_DGRAM (cf.
> > net/unix/af_unix.c). This is a tad obscure, but libpcap uses it.
> >
> > Signed-off-by: Luis Re
On Sun, 2017-06-18 at 23:45 +0200, Luis Ressel wrote:
> For PF_UNIX, SOCK_RAW is synonymous with SOCK_DGRAM (cf.
> net/unix/af_unix.c). This is a tad obscure, but libpcap uses it.
No Signed-off-by?
Feel free to add my:
Acked-by: Stephen Smalley
> ---
> security/selinux/hooks.c | 1
On Wed, 2017-06-07 at 08:40 -0400, Stephen Smalley wrote:
> On Tue, 2017-06-06 at 17:45 -0700, John Stultz wrote:
> > Hey folks,
> >
> > Recently I was working to validate/enable a new bluetooth HAL on
> > HiKey
> > with Android, and after getting it work
On Tue, 2017-06-06 at 17:45 -0700, John Stultz wrote:
> Hey folks,
>
> Recently I was working to validate/enable a new bluetooth HAL on
> HiKey
> with Android, and after getting it working properly with a 4.9 based
> kernel, I found that I was seeing failures trying to run with an
> upstream (4.12
On Tue, 2017-05-30 at 12:28 -0400, Matt Brown wrote:
> On 5/30/17 8:24 AM, Alan Cox wrote:
> > Look there are two problems here
> >
> > 1. TIOCSTI has users
>
> I don't see how this is a problem.
>
> >
> > 2. You don't actually fix anything
> >
> > The underlying problem is that if you give yo
On Tue, 2017-05-23 at 18:29 +0200, Sebastien Buisson wrote:
> Hi,
>
> 2017-05-18 23:49 GMT+02:00 Paul Moore :
> > My apologies to you and Sebastien for not reviewing these patches
> > sooner.
>
> It is ok, no problem.
> Thanks for all the advice from you and Stephen. I will try to take
> all
> th
7;labeling_behaviors'
> is not needed and will not be emitted
> [-Werror,-Wunneeded-internal-declaration]
>
> Signed-off-by: Matthias Kaehlcke
Acked-by: Stephen Smalley
> ---
> security/selinux/hooks.c | 16
> 1 file changed, 16 deletions(-
On Fri, 2017-05-19 at 11:09 -0400, Paul Moore wrote:
> On Thu, May 18, 2017 at 3:07 PM, Matthias Kaehlcke
> wrote:
> > The array is only referenced in an ARRAY_SIZE() statement. Adding
> > the
> > attribute fixes the following warning when building with clang:
> >
> > security/selinux/hooks.c:338
On Thu, 2017-05-18 at 10:01 -0400, Stephen Smalley wrote:
> On Wed, 2017-05-17 at 18:19 -0400, Paul Moore wrote:
> > On Wed, May 17, 2017 at 1:09 PM, Sebastien Buisson
> > wrote:
> > > Add policybrief field to struct policydb. It holds a brief info
> > > of the
On Wed, 2017-05-17 at 18:19 -0400, Paul Moore wrote:
> On Wed, May 17, 2017 at 1:09 PM, Sebastien Buisson
> wrote:
> > Add policybrief field to struct policydb. It holds a brief info
> > of the policydb, made of colon separated name and value pairs
> > that give information about how the policy is
On Thu, 2017-05-18 at 02:09 +0900, Sebastien Buisson wrote:
> Add policybrief field to struct policydb. It holds a brief info
> of the policydb, made of colon separated name and value pairs
> that give information about how the policy is applied in the
> security module(s).
> Note that the ordering
On Wed, 2017-05-17 at 16:59 +0200, Sebastien Buisson wrote:
> 2017-05-16 22:40 GMT+02:00 Stephen Smalley :
> > > + strcpy(*brief, policydb.policybrief);
> > > + /* *len is the length of the output string */
> > > + *len = policybrief_len - 1;
> >
On Tue, 2017-05-16 at 18:51 +0900, Sebastien Buisson wrote:
> Add policybrief field to struct policydb. It holds a brief info
> of the policydb, made of colon separated name and value pairs
> that give information about how the policy is applied in the
> security module(s).
> Note that the ordering
On Tue, 2017-05-16 at 03:22 +0900, Sebastien Buisson wrote:
> Add policybrief field to struct policydb. It holds a brief info
> of the policydb, made of colon separated name and value pairs
> that give information about how the policy is applied in the
> security module(s).
> Note that the ordering
On Thu, 2017-05-11 at 08:56 -0700, Casey Schaufler wrote:
> On 5/11/2017 5:59 AM, Sebastien Buisson wrote:
> > Add policybrief field to struct policydb. It holds a brief info
> > of the policydb, in the following form:
> > <0 or 1 for enforce>:<0 or 1 for checkreqprot>:=
> > Policy brief is compute
On Thu, 2017-05-11 at 21:59 +0900, Sebastien Buisson wrote:
> Add policybrief field to struct policydb. It holds a brief info
> of the policydb, in the following form:
> <0 or 1 for enforce>:<0 or 1 for checkreqprot>:=
> Policy brief is computed every time the policy is loaded, and when
> enforce o
On Fri, 2017-05-05 at 19:10 +0900, Sebastien Buisson wrote:
> Add policybrief field to struct policydb. It holds a brief info
> of the policydb, in the following form:
> <0 or 1 for enforce>:<0 or 1 for checkreqprot>:=
> Policy brief is computed every time the policy is loaded, and when
> enforce o
On Fri, 2017-04-28 at 18:08 +0200, Sebastien Buisson wrote:
> 2017-04-28 17:50 GMT+02:00 Stephen Smalley :
> > You seem to be conflating kernel policy with userspace policy.
> > security_load_policy() is provided with the kernel policy image,
> > which
> > is the r
On Fri, 2017-04-28 at 17:16 +0200, Sebastien Buisson wrote:
> 2017-04-27 20:47 GMT+02:00 Stephen Smalley :
> > > I just checked, with the method of computing the checksum on a
> > > (data,
> > > len) pair on entry to security_load_policy() the checksum does
>
On Thu, 2017-04-27 at 19:12 +0200, Sebastien Buisson wrote:
> 2017-04-27 17:18 GMT+02:00 Stephen Smalley :
> > Ok, that should work as long as you just want to validate that all
> > the
> > clients loaded the same policy file, and aren't concerned about
> > no
On Thu, 2017-04-27 at 10:41 +0200, Sebastien Buisson wrote:
> 2017-04-26 20:30 GMT+02:00 Stephen Smalley :
> > This seems like an odd place to trigger the computation.
>
> I noticed that the policy as exposed via /sys/fs/selinux/policy can
> also be modified in security_set_boo
On Thu, 2017-04-27 at 00:02 +0900, Sebastien Buisson wrote:
> Expose policy SHA256 checksum via selinuxfs.
>
> Signed-off-by: Sebastien Buisson
> ---
> security/selinux/selinuxfs.c | 20
> 1 file changed, 20 insertions(+)
>
> diff --git a/security/selinux/selinuxfs.c
> b/se
On Thu, 2017-04-27 at 00:02 +0900, Sebastien Buisson wrote:
> Add policycksum field to struct policydb. It holds the sha256
> checksum computed on the binary policy every time the notifier is
> called after a policy change.
> Add security_policy_cksum hook to give access to policy checksum to
> the
On Wed, 2017-04-26 at 08:38 -0700, Casey Schaufler wrote:
> On 4/26/2017 8:02 AM, Sebastien Buisson wrote:
> > From: Daniel Jurgens
> >
> > Add a generic notification mechanism in the LSM. Interested
> > consumers
> > can register a callback with the LSM and security modules can
> > produce
> > e
On Wed, 2017-04-12 at 19:07 +0200, Sebastien Buisson wrote:
> 2017-04-12 18:24 GMT+02:00 Stephen Smalley :
> > Maybe you want to register a notifier callback on policy reload?
> > See
> > the archives for the SELinux support for Infiniband RDMA patches
> > (which
>
On Wed, 2017-04-12 at 17:19 +0200, Sebastien Buisson wrote:
> 2017-04-12 15:58 GMT+02:00 Stephen Smalley :
> > Even your usage of selinux_is_enabled() looks suspect; that should
> > probably go away. Only other user of it seems to be some cred
> > validity
> > checki
On Wed, 2017-04-12 at 17:11 +0200, Sebastien Buisson wrote:
> 2017-04-12 16:35 GMT+02:00 Stephen Smalley :
> > How are you using this SELinux information in the kernel and/or in
> > userspace? What's the purpose of it? What are you comparing it
> > against? Why
On Wed, 2017-04-12 at 15:30 +0200, Sebastien Buisson wrote:
> 2017-04-12 13:55 GMT+02:00 Paul Moore :
> > As currently written this code isn't something we would want to
> > merge
> > upstream for two important reasons:
> >
> > * No clear user of this functionality. There needs to be a well
> > d
On Wed, 2017-04-12 at 15:30 +0200, Sebastien Buisson wrote:
> 2017-04-12 13:55 GMT+02:00 Paul Moore :
> > As currently written this code isn't something we would want to
> > merge
> > upstream for two important reasons:
> >
> > * No abstraction layer at the LSM interface. The core kernel code
> >
On Wed, 2017-04-12 at 18:12 +0900, Sebastien Buisson wrote:
> Add selinux_status_get_seq() function to give access to sequence
> number of current SELinux policy loaded to the rest of the kernel.
>
> Signed-off-by: Sebastien Buisson
> ---
> include/linux/selinux.h | 7 +++
> security/s
On Wed, 2017-04-12 at 18:06 +0900, Sebastien Buisson wrote:
> Add selinux_is_enforced() function to give access to SELinux
> enforcement to the rest of the kernel.
>
> Signed-off-by: Sebastien Buisson
> ---
> include/linux/selinux.h | 5 +
> security/selinux/exports.c |
On Thu, 2017-03-30 at 13:41 -0400, J. Bruce Fields wrote:
> On Thu, Mar 30, 2017 at 01:27:07PM -0400, Stephen Smalley wrote:
> > On Thu, 2017-03-30 at 09:49 +0200, Tomeu Vizoso wrote:
> > > On 29 March 2017 at 23:34, J. Bruce Fields
> > > wrote:
> > > > O
On Thu, 2017-03-30 at 09:49 +0200, Tomeu Vizoso wrote:
> On 29 March 2017 at 23:34, J. Bruce Fields
> wrote:
> > On Wed, Mar 29, 2017 at 05:27:23PM +0200, Tomeu Vizoso wrote:
> > > Labelling of files in a NFSv4.2 currently fails with ENOTSUPP
> > > because
> > > the mount point doesn't have SBLABE
On Fri, 2017-03-10 at 15:01 -0500, Paul Moore wrote:
> On Thu, Feb 9, 2017 at 10:58 AM, Antonio Murdaca > wrote:
> >
> > This patch allows genfscon per-file labeling for cgroupfs. For
> > instance,
> > this allows to label the "release_agent" file within each
> > cgroup mount and limit writes to
checked when required for
the operation.
Signed-off-by: Stephen Smalley
---
fs/namei.c | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index d41fab7..482414a 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -340,22 +340,14 @@ int
On Thu, 2017-03-09 at 18:28 +0100, Greg KH wrote:
> On Mon, Feb 27, 2017 at 04:23:28PM -0500, Stephen Smalley wrote:
> >
> > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote:
> > >
> > > On Mon, Feb 27, 2017 at 11:53 AM, Step
Commit-ID: 25b68a8f0ab13a98de02650208ec927796659898
Gitweb: http://git.kernel.org/tip/25b68a8f0ab13a98de02650208ec927796659898
Author: Stephen Smalley
AuthorDate: Fri, 17 Feb 2017 10:13:59 -0500
Committer: Thomas Gleixner
CommitDate: Wed, 1 Mar 2017 12:53:44 +0100
timerfd: Only check
On Mon, 2017-02-27 at 19:18 -0500, Paul Moore wrote:
> On Mon, Feb 27, 2017 at 4:23 PM, Stephen Smalley
> wrote:
> >
> > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote:
> > >
> > > On Mon, Feb 27, 2017 at 11:53 AM, S
On Mon, 2017-02-27 at 14:42 -0500, Stephen Smalley wrote:
> On Thu, 2017-02-23 at 19:01 -0500, Paul Moore wrote:
> >
> > On Thu, Feb 23, 2017 at 1:43 PM, John Stultz > g>
> > wrote:
> > >
> > >
> > > Hey folks,
> > > I'
On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote:
> On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley
> wrote:
> >
> > >
> > > I can reproduce it on angler (with a back-port of just that
> > > patch),
> > > although I am unclear on
On Mon, 2017-02-27 at 16:23 -0500, Stephen Smalley wrote:
> On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote:
> >
> > On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley > v>
> > wrote:
> > >
> > >
> > > >
> > > >
On Thu, 2017-02-23 at 19:01 -0500, Paul Moore wrote:
> On Thu, Feb 23, 2017 at 1:43 PM, John Stultz
> wrote:
> >
> > Hey folks,
> > I've not been able to figure out why yet, but I wanted to raise
> > the
> > issue that last night I found I couldn't boot Android on my Hikey
> > board with Linus
checked when required for
the operation.
Signed-off-by: Stephen Smalley
---
fs/namei.c | 20 ++--
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index ad74877..8736e4a 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -340,22 +340,14 @@ int
even when
no privilege was exercised, and is inefficient. Flip the order
of the tests in both functions so that we only call capable() if
the capability is truly required for the operation.
Signed-off-by: Stephen Smalley
---
fs/timerfd.c | 8
1 file changed, 4 insertions(+), 4 deletions
also allow containers to write only to the systemd
> cgroup
> for instance, while the other cgroups are kept with cgroup_t label.
>
> Signed-off-by: Antonio Murdaca
Acked-by: Stephen Smalley
> ---
> Changes in v2:
> - whitelist cgroup2 fs type
>
> secur
On Mon, 2017-01-09 at 19:29 +0100, Oleg Nesterov wrote:
> Seriously, could someone explain why do we need the
> security_task_wait()
> hook at all?
I would be ok with killing it.
IIRC, the original motivation was to block an unauthorized data flow
from child to parent when the child context differ
- minor: symmetric comment (Ingo Molnar)
> - use helper struct (Ingo Molnar)
> - add new policy capability for enabling forced write checks
>(Stephen Smalley)
>
> Signed-off-by: Jann Horn
> ---
> security/selinux/hooks.c| 15 +++
> securi
On 10/26/2016 04:31 PM, Topi Miettinen wrote:
> Hi,
>
> Maybe this is a stupid question and I didn't test this with SELinux, but
> it looks to me that SELinux execmem does not prevent process from
> getting writable and executable memory mappings by using shmat(...,
> SHM_EXEC). Shouldn't this be
On 09/28/2016 06:54 PM, Jann Horn wrote:
> This is a breaking change for SELinux users that restrict EXECMEM: It might
> break gdb if gdb is executed in a domain that does not have EXECMEM
> privilege over the debuggee domain.
Since this would break compatibility with existing SELinux policies, yo
which are suitable for new file
> creation during copy up. Caller will use new creds to create file and then
> revert back to old creds and release new creds.
>
> Signed-off-by: Vivek Goyal
Acked-by: Stephen Smalley
> ---
> fs/overlayfs/copy_up.c| 15
nes
> the label/context dentry will get if it had been created by task in upper
> and modify passed set of creds appropriately. Caller makes use of these new
> creds for file creation.
>
> Signed-off-by: Vivek Goyal
Acked-by: Stephen Smalley
> ---
> fs/overlayfs/dir.c
xattr to be discarded on the copy, -EOPNOTSUPP
> if the security module does not handle/manage the xattr, or a -errno
> upon an error.
>
> Signed-off-by: David Howells
> Signed-off-by: Vivek Goyal
Acked-by: Stephen Smalley
> ---
> fs/overlayfs/copy_up.c| 7 +++
rity pointer from.
>
> Signed-off-by: Vivek Goyal
Acked-by: Stephen Smalley
> ---
> security/selinux/hooks.c | 19 ++-
> 1 file changed, 10 insertions(+), 9 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 4fda
On 07/13/2016 10:57 AM, Stephen Smalley wrote:
> On 07/13/2016 10:44 AM, Vivek Goyal wrote:
>> During a new file creation we need to make sure new file is created with the
>> right label. New file is created in upper/ so effectively file should get
>> label as if task had
gned-off-by: Vivek Goyal
Acked-by: Stephen Smalley
> ---
> security/selinux/hooks.c | 22 ++
> 1 file changed, 22 insertions(+)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index ae11fd9..77eb5a8 100644
> --- a/security/sel
On 07/13/2016 10:44 AM, Vivek Goyal wrote:
> During a new file creation we need to make sure new file is created with the
> right label. New file is created in upper/ so effectively file should get
> label as if task had created file in upper/.
>
> We switched to mounter's creds for actual file cr
unt
> cases. In case of non-context mount, overlay inode will have the label
> of lower file and in case of context mount, overlay inode will have
> the label from context= mount option.
>
> Signed-off-by: Vivek Goyal
Acked-by: Stephen Smalley
> ---
> security/selinux/hoo
copy up label as newly created file got its label from context= option.
>
> Signed-off-by: Vivek Goyal
Acked-by: Stephen Smalley
> ---
> security/selinux/hooks.c | 16
> 1 file changed, 16 insertions(+)
>
> diff --git a/security/selinux/hooks.c b/security/se
On 07/13/2016 10:44 AM, Vivek Goyal wrote:
> Provide a security hook to label new file correctly when a file is copied
> up from lower layer to upper layer of a overlay/union mount.
>
> This hook can prepare a new set of creds which are suitable for new file
> creation during copy up. Caller will
On 07/08/2016 12:19 PM, Vivek Goyal wrote:
> Provide a security hook which is called when xattrs of a file are being
> copied up. This hook is called once for each xattr and LSM can return 0
> to access the xattr, 1 to reject xattr, -EOPNOTSUPP if none of the lsms
> claim to know xattr and a negati
On 07/08/2016 12:19 PM, Vivek Goyal wrote:
> Provide a security hook to label new file correctly when a file is copied
> up from lower layer to upper layer of a overlay/union mount.
>
> This hook can prepare a new set of creds which are suitable for new file
> creation during copy up. Caller will
On 06/21/2016 05:41 AM, Michael Kerrisk (man-pages) wrote:
> Hi Jann, Stephen, et al.
>
> Jann, since you recently committed a patch in this area, and Stephen,
> since you committed 006ebb40d3d much further back in time, I wonder if
> you might help me by reviewing the text below that I propose to
On 06/01/2016 04:30 PM, Casey Schaufler wrote:
> On 6/1/2016 1:06 PM, Stephen Smalley wrote:
>> On 06/01/2016 03:27 PM, Casey Schaufler wrote:
>>> Subject: [PATCH] LSM: Reorder security_capset to do access checks properly
>>>
>>> The security module hooks that c
On 06/01/2016 03:27 PM, Casey Schaufler wrote:
> Subject: [PATCH] LSM: Reorder security_capset to do access checks properly
>
> The security module hooks that check whether a process should
> be able to set a new capset are currently called after the new
> values are set in cap_capset(). This chan
On 05/20/2016 07:34 AM, Rafael J. Wysocki wrote:
> On Fri, May 20, 2016 at 9:15 AM, Ingo Molnar wrote:
>>
>> * Logan Gunthorpe wrote:
>>
>>> Hi,
>>>
>>> I have been working on a bug that causes my laptop to freeze during
>>> resume from hibernation. I did a bisect to find the offending commit:
>>
On 11/04/2015 01:28 PM, Sander Eikelenboom wrote:
On 2015-11-04 16:52, Stephen Smalley wrote:
On 11/04/2015 06:55 AM, Sander Eikelenboom wrote:
Hi All,
I just tried to boot with the current linus mergewindow tree under Xen.
It fails with a kernel panic at boot with the new "CONFIG_DEB
On 11/04/2015 06:55 AM, Sander Eikelenboom wrote:
Hi All,
I just tried to boot with the current linus mergewindow tree under Xen.
It fails with a kernel panic at boot with the new "CONFIG_DEBUG_WX"
option enabled.
Disabling it makes the kernel boot fine.
The splat:
[ 18.424241] Freeing unused
On 10/27/2015 08:12 PM, Greg KH wrote:
On Tue, Oct 27, 2015 at 04:47:53PM -0400, Stephen Smalley wrote:
Add a copy_to_user() call to the ACCESS_USERSPACE test
prior to attempting direct dereferencing of the user
address to ensure the page is present. Otherwise,
a fault occurs on arm kernels
fault: page domain fault (0x01b) at 0xb6f7d000
...
Signed-off-by: Stephen Smalley
---
drivers/misc/lkdtm.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c
index b5abe34..11fdadc 100644
--- a/drivers/misc/lkdtm.c
+++ b/drivers
task
context into a form suitable for file objects, but also allow the
policy writer to specify a different label through policy
transition rules.
Pieced together from code snippets provided by Stephen Smalley.
Signed-off-by: Seth Forshee
Acked-by: Stephen Smalley
---
security/selinux
e | Slack Size | Allocation Count
> ---
> 770048 |192512| 577536 | 12032
>
> At the result, this change reduce memory usage 42bytes per each
> file_security_struct
>
> Signed-off-by: Sangwoo
Acked-by: Stephen Smalley
On 10/05/2015 05:56 PM, Andreas Gruenbacher wrote:
> On Mon, Oct 5, 2015 at 5:08 PM, Stephen Smalley wrote:
>> Not fond of these magic initialized values.
>
> That should be a solvable problem.
>
>> Is it always safe to call inode_doinit() from all callers of
>>
On 10/06/2015 03:32 AM, Ingo Molnar wrote:
>
> * Stephen Smalley wrote:
>
>> On 10/03/2015 07:27 AM, Ingo Molnar wrote:
>>>
>>> * Stephen Smalley wrote:
>>>
>>>> diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
>>>&
Commit-ID: e1a58320a38dfa72be48a0f1a3a92273663ba6db
Gitweb: http://git.kernel.org/tip/e1a58320a38dfa72be48a0f1a3a92273663ba6db
Author: Stephen Smalley
AuthorDate: Mon, 5 Oct 2015 12:55:20 -0400
Committer: Ingo Molnar
CommitDate: Tue, 6 Oct 2015 11:11:48 +0200
x86/mm: Warn on W^X
On 10/03/2015 07:27 AM, Ingo Molnar wrote:
>
> * Stephen Smalley wrote:
>
>> diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
>> index 30564e2..f8b1573 100644
>> --- a/arch/x86/mm/init_64.c
>> +++ b/arch/x86/mm/init_64.c
>> @@ -115
[] ptdump_walk_pgd_level_checkwx+0x17/0x20
[] mark_rodata_ro+0xf5/0x100
[] ? rest_init+0x80/0x80
[] kernel_init+0x1d/0xe0
[] ret_from_fork+0x3f/0x70
[] ? rest_init+0x80/0x80
---[ end trace a1f23a1e42a2ac76 ]---
x86/mm: Checked W+X mappings: FAILED, 171 W+X pages found.
Signed-off-by: Stephen
dreas Gruenbacher
Cc: Paul Moore
Cc: Stephen Smalley
Cc: Eric Paris
Cc: seli...@tycho.nsa.gov
---
include/linux/lsm_hooks.h | 6 ++
include/linux/security.h | 5 +
security/security.c | 8
security/selinux/hooks.c
[] ptdump_walk_pgd_level_checkwx+0x17/0x20
[] mark_rodata_ro+0xf5/0x100
[] ? rest_init+0x80/0x80
[] kernel_init+0x1d/0xe0
[] ret_from_fork+0x3f/0x70
[] ? rest_init+0x80/0x80
---[ end trace a1f23a1e42a2ac76 ]---
x86/mm: Checked W+X mappings: FAILED, 171 W+X pages found.
Signed-off-by: Stephen
Commit-ID: ab76f7b4ab2397ffdd2f1eb07c55697d19991d10
Gitweb: http://git.kernel.org/tip/ab76f7b4ab2397ffdd2f1eb07c55697d19991d10
Author: Stephen Smalley
AuthorDate: Thu, 1 Oct 2015 09:04:22 -0400
Committer: Ingo Molnar
CommitDate: Fri, 2 Oct 2015 09:21:06 +0200
x86/mm: Set NX on gap
Warn on any residual W+x mappings if X86_PTDUMP is enabled.
Sample dmesg output:
Checking for W+x mappings
0x81755000-0x8180 684K RW GLB x
pte
Found W+x mappings. Please fix.
Signed-off-by: Stephen Smalley
---
Not sure if this is the best place
478M
pmd
Signed-off-by: Stephen Smalley
---
arch/x86/mm/init_64.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index 30564e2..df48430 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
On 09/29/2015 05:03 PM, Stephen Smalley wrote:
On 09/28/2015 04:00 PM, David Howells wrote:
The attached patches provide security support for unioned files where the
security involves an object-label-based LSM (such as SELinux) rather
than a
path-based LSM.
[Note that a number of the bits
label obtained in (b) in file_has_perm() rather than
using the label on the lower inode.
Now the steps I have outlined in (b) and (c) seem to be at odds with what
Dan Walsh and Stephen Smalley want - but I'm not sure I follow what that
is, let alone how to do it:
Wanted t
On 09/27/2015 11:10 AM, Geliang Tang wrote:
Fixes the following sparse warning:
security/selinux/hooks.c:3242:5: warning: symbol 'ioctl_has_perm' was
not declared. Should it be static?
Signed-off-by: Geliang Tang
Acked-by: Stephen Smalley
---
security/selinux/hooks.c
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
sprintf returns the number of characters printed (excluding '\0'), so
we can use that and avoid duplicating the length computation.
Signed-off-by: Rasmus Villemoes
Acked-by: Stephen Smalley
---
security/selinux/ss/services.c | 5
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
This is much simpler.
Signed-off-by: Rasmus Villemoes
Acked-by: Stephen Smalley
---
security/selinux/ss/services.c | 8 +---
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/security/selinux/ss/services.c b/security
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
Signed-off-by: Rasmus Villemoes
Acked-by: Stephen Smalley
---
security/selinux/ss/services.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
security_context_to_sid() expects a const char* argument, so there's
no point in casting away the const qualifier of value.
Signed-off-by: Rasmus Villemoes
Acked-by: Stephen Smalley
---
security/selinux/hooks.c | 2 +-
1 file chang
copying and the test
for scontext_len being zero hint at that).
Introduce the helper security_context_str_to_sid() to do the strlen()
call and fix all callers.
Signed-off-by: Rasmus Villemoes
Acked-by: Stephen Smalley
---
security/selinux/hooks.c| 12
security
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
A few random things I stumbled on.
While I'm pretty sure of the change in 1/5, I'm also confused, because
the doc for the reverse security_sid_to_context state that
@scontext_len is set to "the length of the string", which one would
normally interp
On 09/24/2015 06:25 PM, Kees Cook wrote:
> On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley wrote:
>> Hi,
>>
>> With the attached config and 4.3-rc2 on x86_64, I see the following in
>> /sys/kernel/debug/kernel_page_tables:
>> ...
>> ---[ High Ke
On 08/06/2015 11:44 AM, Seth Forshee wrote:
> On Thu, Aug 06, 2015 at 10:51:16AM -0400, Stephen Smalley wrote:
>> On 08/06/2015 10:20 AM, Seth Forshee wrote:
>>> On Wed, Aug 05, 2015 at 04:19:03PM -0500, Eric W. Biederman wrote:
>>>> Seth Forshee writes:
>>&g
On 08/06/2015 10:20 AM, Seth Forshee wrote:
> On Wed, Aug 05, 2015 at 04:19:03PM -0500, Eric W. Biederman wrote:
>> Seth Forshee writes:
>>
>>> On Wed, Jul 15, 2015 at 09:47:11PM -0500, Eric W. Biederman wrote:
Seth Forshee writes:
> Initially this will be used to eliminate the impl
On 07/24/2015 11:11 AM, Seth Forshee wrote:
> On Thu, Jul 23, 2015 at 11:23:31AM -0500, Seth Forshee wrote:
>> On Thu, Jul 23, 2015 at 11:36:03AM -0400, Stephen Smalley wrote:
>>> On 07/23/2015 10:39 AM, Seth Forshee wrote:
>>>> On Thu, Jul 23, 2015 at 09:57:20A
On 07/27/2015 03:32 PM, Hugh Dickins wrote:
> On Fri, 24 Jul 2015, Stephen Smalley wrote:
>
>> The shm implementation internally uses shmem or hugetlbfs inodes
>> for shm segments. As these inodes are never directly exposed to
>> userspace and only accessed through the
On 07/23/2015 08:11 PM, Dave Chinner wrote:
> On Thu, Jul 23, 2015 at 12:28:33PM -0400, Stephen Smalley wrote:
>> The shm implementation internally uses shmem or hugetlbfs inodes
>> for shm segments. As these inodes are never directly exposed to
>> userspace and only acc
[] ? SyS_shmdt+0x4b/0x180
Jul 22 14:36:40 fc23 kernel: [] SyS_shmdt+0xb5/0x180
Jul 22 14:36:40 fc23 kernel: []
entry_SYSCALL_64_fastpath+0x12/0x76
Reported-by: Morten Stevens
Signed-off-by: Stephen Smalley
---
This version only differs in the patch description, which restores
the original lockde
201 - 300 of 584 matches
Mail list logo