Change in internal setools API causes sepolicy to crash when processing
AVRules.
File "python/sepolicy/sepolicy/__init__.py", line 277, in
_setools_rule_to_dict
if isinstance(rule, setools.policyrep.terule.AVRule):
AttributeError: module 'setools.policyrep' has no attribute 'terul
v4: Finer granularity in the patches and other
cleanups suggested by Kees Cook.
Removed dead code created by the removal of SELinux
credential blob poisoning.
v3: Add ipc blob for SARA and task blob for Landlock.
Removing the SELinux cred blob pointer poisoning
results selinux_i
Don't use the cred->security pointer directly.
Provide a helper function that provides the security blob pointer.
Signed-off-by: Casey Schaufler
Reviewed-by: Kees Cook
---
security/selinux/hooks.c | 54 +++
security/selinux/include/objsec.h | 5 +++
securit
There are no longer users of selinux_is_enabled().
Remove it. As selinux_is_enabled() is the only reason
for include/linux/selinux.h remove that as well.
Signed-off-by: Casey Schaufler
---
include/linux/cred.h | 1 -
include/linux/selinux.h | 35
The SELinux specific credential poisioning only makes sense
if SELinux is managing the credentials. As the intent of this
patch set is to move the blob management out of the modules
and into the infrastructure, the SELinux specific code has
to go. The poisioning could be introduced into the infrast
Back in 2007 I made what turned out to be a rather serious
mistake in the implementation of the Smack security module.
The SELinux module used an interface in /proc to manipulate
the security context on processes. Rather than use a similar
interface, I used the same interface. The AppArmor team did
Don't use the cred->security pointer directly.
Provide a helper function that provides the security blob pointer.
Signed-off-by: Casey Schaufler
---
security/smack/smack.h| 17 +--
security/smack/smack_access.c | 4 +--
security/smack/smack_lsm.c| 57 +---
Move management of the cred security blob out of the
security modules and into the security infrastructre.
Instead of allocating and freeing space the security
modules tell the infrastructure how much space they
require.
Signed-off-by: Casey Schaufler
---
include/linux/lsm_hooks.h | 14
Don't use the cred->security pointer directly.
Provide a helper function that provides the security blob pointer.
Signed-off-by: Casey Schaufler
---
security/apparmor/domain.c | 2 +-
security/apparmor/include/cred.h | 16 +++-
security/apparmor/lsm.c | 10 +-
Don't use the cred->security pointer directly.
Provide helper functions that provide the security blob pointer.
Signed-off-by: Casey Schaufler
---
security/tomoyo/common.h| 21 +++--
security/tomoyo/domain.c| 4 +++-
security/tomoyo/securityfs_if.c | 15 +
Don't use the file->f_security pointer directly.
Provide a helper function that provides the security blob pointer.
Signed-off-by: Casey Schaufler
---
security/smack/smack.h | 5 +
security/smack/smack_lsm.c | 12
2 files changed, 13 insertions(+), 4 deletions(-)
diff --gi
Don't use the inode->i_security pointer directly.
Provide a helper function that provides the security blob pointer.
Signed-off-by: Casey Schaufler
Reviewed-by: Kees Cook
---
security/selinux/hooks.c | 26 +-
security/selinux/include/objsec.h | 6 ++
securi
Move management of the kern_ipc_perm->security and
msg_msg->security blobs out of the individual security
modules and into the security infrastructure. Instead
of allocating the blobs from within the modules the modules
tell the infrastructure how much space is required, and
the space is allocated
Move management of the inode->i_security blob out
of the individual security modules and into the security
infrastructure. Instead of allocating the blobs from within
the modules the modules tell the infrastructure how much
space is required, and the space is allocated there.
Signed-off-by: Casey
Don't use the file->f_security pointer directly.
Provide a helper function that provides the security blob pointer.
Signed-off-by: Casey Schaufler
Reviewed-by: Kees Cook
---
security/selinux/hooks.c | 18 +-
security/selinux/include/objsec.h | 5 +
2 files changed,
Don't use the ipc->security pointer directly.
Don't use the msg_msg->security pointer directly.
Provide helper functions that provides the security blob pointers.
Signed-off-by: Casey Schaufler
---
security/smack/smack.h | 11 +++
security/smack/smack_lsm.c | 14 +-
2 fil
On Fri, Sep 21, 2018 at 5:17 PM, Casey Schaufler wrote:
> There are no longer users of selinux_is_enabled().
> Remove it. As selinux_is_enabled() is the only reason
> for include/linux/selinux.h remove that as well.
>
> Signed-off-by: Casey Schaufler
Reviewed-by: Kees Cook
-Kees
--
Kees Cook
Don't use the file->f_security pointer directly.
Provide a helper function that provides the security blob pointer.
Signed-off-by: Casey Schaufler
Reviewed-by: Kees Cook
---
security/selinux/hooks.c | 18 +-
security/selinux/include/objsec.h | 5 +
2 files changed,
Don't use the inode->i_security pointer directly.
Provide a helper function that provides the security blob pointer.
Signed-off-by: Casey Schaufler
Reviewed-by: Kees Cook
---
security/smack/smack.h | 9 +++--
security/smack/smack_lsm.c | 32
2 files cha
On Fri, Sep 21, 2018 at 5:17 PM, Casey Schaufler wrote:
> The SELinux specific credential poisioning only makes sense
> if SELinux is managing the credentials. As the intent of this
> patch set is to move the blob management out of the modules
> and into the infrastructure, the SELinux specific co
Move management of the file->f_security blob out of the
individual security modules and into the infrastructure.
The modules no longer allocate or free the data, instead
they tell the infrastructure how much space they require.
Signed-off-by: Casey Schaufler
---
include/linux/lsm_hooks.h | 1 +
On Fri, Sep 21, 2018 at 5:17 PM, Casey Schaufler wrote:
> Don't use the cred->security pointer directly.
> Provide a helper function that provides the security blob pointer.
>
> Signed-off-by: Casey Schaufler
Reviewed-by: Kees Cook
-Kees
--
Kees Cook
Pixel Security
__
On Fri, Sep 21, 2018 at 5:17 PM, Casey Schaufler wrote:
> Don't use the cred->security pointer directly.
> Provide a helper function that provides the security blob pointer.
>
> Signed-off-by: Casey Schaufler
Reviewed-by: Kees Cook
-Kees
--
Kees Cook
Pixel Security
__
Don't use the ipc->security pointer directly.
Don't use the msg_msg->security pointer directly.
Provide helper functions that provides the security blob pointers.
Signed-off-by: Casey Schaufler
---
security/selinux/hooks.c | 18 +-
security/selinux/include/objsec.h | 13
Move management of the task_struct->security blob out
of the individual security modules and into the security
infrastructure. Instead of allocating the blobs from within
the modules the modules tell the infrastructure how much
space is required, and the space is allocated there.
The only user of t
Two proposed security modules require the ability to
share security blobs with existing "major" security modules.
These modules, S.A.R.A and LandLock, provide significantly
different services than SELinux, Smack or AppArmor. Using
either in conjunction with the existing modules is quite
reasonable.
On Fri, Sep 21, 2018 at 5:19 PM, Casey Schaufler wrote:
> Move management of the inode->i_security blob out
> of the individual security modules and into the security
> infrastructure. Instead of allocating the blobs from within
> the modules the modules tell the infrastructure how much
> space is
On Fri, Sep 21, 2018 at 5:19 PM, Casey Schaufler wrote:
> Move management of the file->f_security blob out of the
> individual security modules and into the infrastructure.
> The modules no longer allocate or free the data, instead
> they tell the infrastructure how much space they require.
>
> Si
On Fri, Sep 21, 2018 at 5:19 PM, Casey Schaufler wrote:
> Move management of the task_struct->security blob out
> of the individual security modules and into the security
> infrastructure. Instead of allocating the blobs from within
> the modules the modules tell the infrastructure how much
> spac
On Fri, Sep 21, 2018 at 5:18 PM, Casey Schaufler wrote:
> Move management of the cred security blob out of the
> security modules and into the security infrastructre.
> Instead of allocating and freeing space the security
> modules tell the infrastructure how much space they
> require.
>
> Signed-
On Fri, Sep 21, 2018 at 5:18 PM, Casey Schaufler wrote:
> Don't use the cred->security pointer directly.
> Provide helper functions that provide the security blob pointer.
>
> Signed-off-by: Casey Schaufler
Reviewed-by: Kees Cook
-Kees
--
Kees Cook
Pixel Security
On Fri, Sep 21, 2018 at 5:20 PM, Casey Schaufler wrote:
> Move management of the kern_ipc_perm->security and
> msg_msg->security blobs out of the individual security
> modules and into the security infrastructure. Instead
> of allocating the blobs from within the modules the modules
> tell the inf
On Fri, Sep 21, 2018 at 5:19 PM, Casey Schaufler wrote:
> Don't use the ipc->security pointer directly.
> Don't use the msg_msg->security pointer directly.
> Provide helper functions that provides the security blob pointers.
>
> Signed-off-by: Casey Schaufler
Reviewed-by: Kees Cook
-Kees
--
On Fri, Sep 21, 2018 at 5:18 PM, Casey Schaufler wrote:
> Don't use the file->f_security pointer directly.
> Provide a helper function that provides the security blob pointer.
>
> Signed-off-by: Casey Schaufler
Reviewed-by: Kees Cook
-Kees
--
Kees Cook
Pixel Security
On Fri, Sep 21, 2018 at 5:19 PM, Casey Schaufler wrote:
> Don't use the ipc->security pointer directly.
> Don't use the msg_msg->security pointer directly.
> Provide helper functions that provides the security blob pointers.
>
> Signed-off-by: Casey Schaufler
Reviewed-by: Kees Cook
-Kees
--
On 9/21/2018 8:02 PM, Kees Cook wrote:
> On Fri, Sep 21, 2018 at 4:59 PM, Casey Schaufler
> wrote:
>> v4: Finer granularity in the patches and other
>> cleanups suggested by Kees Cook.
>> Removed dead code created by the removal of SELinux
>> credential blob poisoning.
> Thanks for th
On Fri, Sep 21, 2018 at 4:59 PM, Casey Schaufler wrote:
> v4: Finer granularity in the patches and other
> cleanups suggested by Kees Cook.
> Removed dead code created by the removal of SELinux
> credential blob poisoning.
Thanks for the splitting, this really does make it easier to r
Add the ability to set the security context of packets within the nf_tables
framework.
Add a nft_object for holding security contexts in the kernel and manipulating
packets on the wire.
Convert the security context strings at rule addition time to security
identifiers.
This is the same behavior
On Sat, Sep 22, 2018 at 9:38 AM, Casey Schaufler wrote:
> On 9/21/2018 8:02 PM, Kees Cook wrote:
>> On Fri, Sep 21, 2018 at 4:59 PM, Casey Schaufler
>> wrote:
>>> v4: Finer granularity in the patches and other
>>> cleanups suggested by Kees Cook.
>>> Removed dead code created by the remo
Christian Göttsche wrote:
> Add the ability to set the security context of packets within the nf_tables
> framework.
> Add a nft_object for holding security contexts in the kernel and manipulating
> packets on the wire.
>
> Convert the security context strings at rule addition time to security
Add ability to set the connection tracking secmark value.
Add ability to set the meta secmark value.
Signed-off-by: Christian Göttsche
---
Based on nf-next
Tested with v4.18.8
net/netfilter/nft_ct.c | 15 +++
net/netfilter/nft_meta.c | 8
2 files changed, 23 insertions
Christian Göttsche wrote:
> > Can you change this to:
> >
> > struct nft_secmark {
> > u32 secid;
> > char *ctx;
> > };
>
> Does the nla_policy struct needs an update too? (regarding then .len member)
>
> +static const struct nla_policy nft_secmark_policy[NFTA_SECMARK_MAX + 1] =
On 9/23/2018 8:59 AM, Tetsuo Handa wrote:
> On 2018/09/23 11:43, Kees Cook wrote:
I'm excited about getting this landed!
>>> Soon. Real soon. I hope. I would very much like for
>>> someone from the SELinux camp to chime in, especially on
>>> the selinux_is_enabled() removal.
>> Agreed.
>>
> Th
> > +struct nft_secmark {
> > + char ctx[NFT_SECMARK_CTX_MAXLEN];
> > + int len;
> > + u32 secid;
> > +};
>
> Can you change this to:
>
> struct nft_secmark {
> u32 secid;
> char *ctx;
> };
Does the nla_policy struct needs an update too? (regarding then .len member)
+s
Christian Göttsche wrote:
> Add ability to set the connection tracking secmark value.
> Add ability to set the meta secmark value.
Looks good to me.
Acked-by: Florian Westphal
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email t
Hi Christian,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
[also build test ERROR on v4.19-rc4 next-20180921]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/li
Add the ability to set the security context of packets within the nf_tables
framework.
Add a nft_object for holding security contexts in the kernel and manipulating
packets on the wire.
Convert the security context strings at rule addition time to security
identifiers.
This is the same behavior
On 2018/09/24 2:09, Casey Schaufler wrote:
>> Since all free hooks are called when one of init hooks failed, each
>> free hook needs to check whether init hook was called. An example is
>> inode_free_security() in security/selinux/hooks.c (but not addressed in
>> this patch).
>
> I *think*
Add ability to set the connection tracking secmark value.
Add ability to set the meta secmark value.
Signed-off-by: Christian Göttsche
---
v3: fix compile error when CONFIG_NF_CONNTRACK_MARK not defined
Based on nf-next
Tested with v4.18.8
net/netfilter/nft_ct.c | 17 -
net
On 2018/09/23 11:43, Kees Cook wrote:
>>> I'm excited about getting this landed!
>>
>> Soon. Real soon. I hope. I would very much like for
>> someone from the SELinux camp to chime in, especially on
>> the selinux_is_enabled() removal.
>
> Agreed.
>
This patchset from Casey lands before the patc
Hi Christian,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
[also build test ERROR on v4.19-rc5 next-20180921]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/li
On 09/23/2018 01:09 PM, Casey Schaufler wrote:
On 9/23/2018 8:59 AM, Tetsuo Handa wrote:
On 2018/09/23 11:43, Kees Cook wrote:
I'm excited about getting this landed!
Soon. Real soon. I hope. I would very much like for
someone from the SELinux camp to chime in, especially on
the selinux_is_enab
On 9/24/2018 8:01 AM, Stephen Smalley wrote:
> On 09/23/2018 01:09 PM, Casey Schaufler wrote:
>> On 9/23/2018 8:59 AM, Tetsuo Handa wrote:
>>> On 2018/09/23 11:43, Kees Cook wrote:
>> I'm excited about getting this landed!
> Soon. Real soon. I hope. I would very much like for
> someone
On 9/23/2018 6:53 PM, Tetsuo Handa wrote:
> On 2018/09/24 2:09, Casey Schaufler wrote:
>>> Since all free hooks are called when one of init hooks failed, each
>>> free hook needs to check whether init hook was called. An example is
>>> inode_free_security() in security/selinux/hooks.c (but no
On 2018/09/25 1:15, Casey Schaufler wrote:
Since all free hooks are called when one of init hooks failed, each
free hook needs to check whether init hook was called. An example is
inode_free_security() in security/selinux/hooks.c (but not addressed in
this patch).
>>
On 2018/09/25 2:16, Casey Schaufler wrote:
>> Not all of LKM-based LSMs use security blobs. And some of LKM-based LSMs
>> might use security blobs for only a few objects. For example, AKARI uses
>> inode security blob for remembering whether source address/port of an
>> accept()ed socket was alread
Fix a situation where the secilc command line tool could return success
even though the compilation failed.
$ secilc /dev/null -o /dev/null -f /dev/null
Failure reading file: /dev/null
$ echo $?
0
Signed-off-by: Nick Kralevich
---
secilc/secilc.c | 4
1 file changed, 4 insertions(+
Signed-off-by: Nick Kralevich
---
libsepol/include/sepol/errcodes.h | 2 +-
secilc/secilc.c | 14 +++---
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/libsepol/include/sepol/errcodes.h
b/libsepol/include/sepol/errcodes.h
index 0136564a..6e9ff316 100644
Ted Toth writes:
On Fri, Sep 21, 2018 at 7:21 AM Ted Toth
wrote:
On Fri, Sep 21, 2018 at 3:58 AM Petr Lautrbach
wrote:
Ted Toth writes:
> I have something very much like the following in an fc file:
> /usr/lib64/python2\.(6|7)/site-packages/xyz/paste --
> gen_context(system_u
ack
On Mon, Sep 24, 2018 at 11:12 AM Nick Kralevich via Selinux <
selinux@tycho.nsa.gov> wrote:
> Signed-off-by: Nick Kralevich
> ---
> libsepol/include/sepol/errcodes.h | 2 +-
> secilc/secilc.c | 14 +++---
> 2 files changed, 8 insertions(+), 8 deletions(-)
>
> diff
ack
On Mon, Sep 24, 2018 at 11:12 AM Nick Kralevich via Selinux <
selinux@tycho.nsa.gov> wrote:
> Fix a situation where the secilc command line tool could return success
> even though the compilation failed.
>
> $ secilc /dev/null -o /dev/null -f /dev/null
> Failure reading file: /dev/null
>
Hello, SELinux.
I was playing with my F28 latest with 'semodle -d unconfined'.
I executed this and relabeling starts even after finished relebeling
and looks like going into the loop.
# touch /.autorelabel
# shtudown -r now
I have attached a picure.
Thanks.
__
Hi, SELinux.
I captured a picture saying this.
rm: cannot remove '/.autorelabel' : Permission denied
/.autorelabel could not be removed, so going into the loop, I guess.
How can I autorelabel properly even if I delete unconfined module?
Thanks.
2018年9月25日(火) 6:55 Shintaro Fujiwara :
>
> Hello,
On Fri, Sep 21, 2018 at 10:39 AM Stephen Smalley wrote:
> On 09/20/2018 06:59 PM, Taras Kondratiuk wrote:
> > Quoting Stephen Smalley (2018-09-20 07:49:12)
> >> On 09/19/2018 10:41 PM, Taras Kondratiuk wrote:
> >>> Quoting Stephen Smalley (2018-09-19 12:00:33)
> On 09/19/2018 12:52 PM, Taras
64 matches
Mail list logo
