Re: [PATCH v18 16/21] fsverity: expose verified fsverity built-in signatures to LSMs

On Fri, May 3, 2024 at 6:32 PM Fan Wu wrote: > > This patch enhances fsverity's capabilities to support both integrity and > authenticity protection by introducing the exposure of built-in > signatures through a new LSM hook. This functionality allows LSMs, > e.g. IPE, to enforce policies based

Re: [PATCH v18 20/21] Documentation: add ipe documentation

On Sat, May 4, 2024 at 4:13 PM Fan Wu wrote: > On 5/4/2024 1:04 AM, Bagas Sanjaya wrote: > > On Fri, May 03, 2024 at 03:32:30PM -0700, Fan Wu wrote: > >> +IPE does not mitigate threats arising from malicious but authorized > >> +developers (with access to a signing certificate), or compromised >

No audit pull-request for the Linux v6.10 merge window

Hello all, A quick note to let you know that while the Linux v6.10 merge window is now open, there were no pending patches in the audit/dev branch so there will be no audit pull-request sent to Linus at this time. -- paul-moore.com

Re: [syzbot] [audit?] BUG: unable to handle kernel NULL pointer dereference in kauditd_hold_skb

On Fri, May 10, 2024 at 3:01 AM Aleksandr Nogikh wrote: > On Fri, May 10, 2024 at 1:27 AM Paul Moore wrote: > > > > On Thu, May 9, 2024 at 4:14 AM syzbot > > wrote: > > > > > > Hello, > > > > > > syzbot found the following issue on: >

Re: [syzbot] [audit?] BUG: unable to handle kernel NULL pointer dereference in kauditd_hold_skb

On Thu, May 9, 2024 at 4:14 AM syzbot wrote: > > Hello, > > syzbot found the following issue on: > > HEAD commit:6d7ddd805123 Merge tag 'soc-fixes-6.9-3' of git://git.kern.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=10c901b898 > kernel config:

[Tinycc-devel] call out from assembler

I expected to be able to use .extern to declare a symbol that exists in another compile unit so I can call out. But there is no .extern directive. I see globl and global but they seem to be identical and used for exporting symbols not importing them.

[Tinycc-devel] trying to make absolute jump

Weird processor. It only supports absolute jumps. So this is something that needs to be fixed up during link time. I do not know the elf details well enough to be able to work out how to do it Seems like I need the jmp instruction to be a have reloc that refers to a symbol that matches the

Re: [Tinycc-devel] new backend

I want to create a lite c compiler for the HACK computer described in “the elements of computing systems” aka ‘nand to tetris’ – here, Home | nand2tetris. A fun read. I have implemented the system on an fpga and want to cross compile c code to it. It’s a 16bit

Re: [Tinycc-devel] warning: function might return no value:

ion> seems way way out of date Any guidance, gotchas, tips are welcome From: tinycc-devel-bounces+paulmoore100=hotmail@nongnu.org On Behalf Of Paul Moore Sent: Tuesday, April 16, 2024 2:42 PM To: tinycc-devel@nongnu.org Subject: [Tinycc-devel] warning: function might return no value:

[Tinycc-devel] warning: function might return no value:

Right at the start of creating my own backend, just making it trace all calls to it and do the minimum to not have the compiler complain. Overcome a few issues but: Compiling examples/fib.c I get warning: function might return no value: I simplified it a bit so I could follow the code path

Re: [Tinycc-devel] confused about reg_classes

>>I hope this helps, >>Ekaitz My original confusion stemmed from R_RET, I read it as returning what type of register to use for return values. Plus the fact that the upper level tccgen code deals in register types not registers (gv(rc), not gv(r)). Now I get it: R_RET says "use this

Re: io_uring: worker thread NULL dereference during openat op

On Tue, Apr 16, 2024 at 9:45 AM Pavel Begunkov wrote: > On 4/16/24 04:29, Paul Moore wrote: > > On Mon, Apr 15, 2024 at 7:26 PM Dan Clash > > wrote: > >> > >> Below is a test program that causes multiple io_uring worker threads to > >> hit a N

Re: [apparmor] [PATCH 2/7] security: Remove the now superfluous sentinel element from ctl_table array

On Mon, Apr 15, 2024 at 10:17 AM Paul Moore wrote: > On Mon, Apr 15, 2024 at 9:44 AM Joel Granados wrote: > > > > Hey > > > > This is the only patch that I have not seen added to the next tree. > > I'll put this in the sysctl-next > > https://git.ker

Re: io_uring: worker thread NULL dereference during openat op

On Mon, Apr 15, 2024 at 7:26 PM Dan Clash wrote: > > Below is a test program that causes multiple io_uring worker threads to > hit a NULL dereference while executing openat ops. > > The test program hangs forever in a D state. The test program can be > run again after the NULL dereferences.

[Tinycc-devel] confused about reg_classes

Writing my own backend. I am trying to understand reg_classes On the face of it, it looks like a list of registers with flags saying what classes they are in (int , float..) So get_reg works down the table looking for registers of the right class, fine, got it. But the RC_RET function uses a

Re: [apparmor] [PATCH 2/7] security: Remove the now superfluous sentinel element from ctl_table array

On Mon, Apr 15, 2024 at 9:44 AM Joel Granados wrote: > > Hey > > This is the only patch that I have not seen added to the next tree. > I'll put this in the sysctl-next > https://git.kernel.org/pub/scm/linux/kernel/git/sysctl/sysctl.git/log/?h=sysctl-next > for testing. Please let me know if It is

[libreoffice-users] problem

hi what is going on with the updates as all my documents that are listed just come up with lines and nothing else and i cant seem to get them back. i can see them on the recent documents but that's all. hopefully something can be done thanking you Paul -- To unsubscribe e-mail to:

Re: [GIT PULL] security changes for v6.9-rc3

On Tue, Apr 9, 2024 at 1:38 PM Eric W. Biederman wrote: > Paul Moore writes: > > > I know it's everyone's favorite hobby to bash the LSM and LSM devs, > > but it's important to note that we don't add hooks without working > > with the associated subsystem devs

Re: [RESEND][PATCH v3] security: Place security_path_post_mknod() where the original IMA call was

On Wed, Apr 3, 2024 at 9:11 AM Mimi Zohar wrote: > On Wed, 2024-04-03 at 11:07 +0200, Roberto Sassu wrote: > > > > However, as reported by VFS maintainers, successful mknod operation does > > not mean that the dentry always has an inode attached to it (for example, > > not for FIFOs on a SAMBA

Re: [GIT PULL] security changes for v6.9-rc3

On Tue, Apr 2, 2024 at 6:42 PM Al Viro wrote: > On Tue, Apr 02, 2024 at 05:36:30PM -0400, Paul Moore wrote: > > > > 1) location of that hook is wrong. It's really "how do we catch > > > file creation that does not come through open() - y

Re: [GIT PULL] security changes for v6.9-rc3

On Tue, Apr 2, 2024 at 5:00 PM Al Viro wrote: > On Tue, Apr 02, 2024 at 12:57:28PM -0700, Linus Torvalds wrote: > > > So in other cases we do handle the NULL, but it does seem like the > > other cases actually do validaly want to deal with this (ie the > > fsnotify case will say "the directory

Re: [GIT PULL] security changes for v6.9-rc3

On Tue, Apr 2, 2024 at 4:27 PM Paul Moore wrote: > On Tue, Apr 2, 2024 at 3:39 PM Linus Torvalds > wrote: > > > > ... > > > But if we really want to do this ("if mknod creates a positive dentry, > > I won't see it in lookup, so I want to appraise

Re: [GIT PULL] security changes for v6.9-rc3

On Tue, Apr 2, 2024 at 3:39 PM Linus Torvalds wrote: > ... > But if we really want to do this ("if mknod creates a positive dentry, > I won't see it in lookup, so I want to appraise it now"), then we > should just deal with this in the generic layer with some hack like > this: > > ---

Re: [PATCH v16 15/20] security: add security_inode_setintegrity() hook

On Mar 28, 2024 Fan Wu wrote: > > This patch introduces a new hook to save inode's integrity > data. For example, for fsverity enabled files, LSMs can use this hook to > save the verified fsverity builtin signature into the inode's security > blob, and LSMs can make access decisions based on the

Re: [PATCH v16 14/20] ipe: add support for dm-verity as a trust provider

On Mar 28, 2024 Fan Wu wrote: > > Allows author of IPE policy to indicate trust for a singular dm-verity > volume, identified by roothash, through "dmverity_roothash" and all > signed dm-verity volumes, through "dmverity_signature". > > Signed-off-by: Deven Bowers > Signed-off-by: Fan Wu >

Re: [PATCH v16 13/20] dm verity: consume root hash digest and signature data via LSM hook

On Mar 28, 2024 Fan Wu wrote: > > dm-verity provides a strong guarantee of a block device's integrity. As > a generic way to check the integrity of a block device, it provides > those integrity guarantees to its higher layers, including the filesystem > level. > > An LSM that control access to

Re: [PATCH v16 11/20] block|security: add LSM blob to block_device

On Mar 28, 2024 Fan Wu wrote: > > Some block devices have valuable security properties that is only > accessible during the creation time. You should mention the new hook in the subject line, something like the following: "block,lsm: add LSM blob and new LSM hook for block devices". > For

Re: [PATCH 2/2] ima: evm: Rename *_post_path_mknod() to *_path_post_mknod()

On Fri, Mar 29, 2024 at 3:28 PM Mimi Zohar wrote: > On Fri, 2024-03-29 at 15:12 -0400, Paul Moore wrote: > > Another important thing to keep in mind about 'Fixes' tags, unless > > you've told the stable kernel folks to only take patches that you've > > explici

Re: [PATCH 2/2] ima: evm: Rename *_post_path_mknod() to *_path_post_mknod()

mind about 'Fixes' tags, unless you've told the stable kernel folks to only take patches that you've explicitly marked for stable, they are likely going to attempt to backport anything with a 'Fixes' tag. Regardless, since I was looking at 1/2 I took a quick look at this patch and it looks fine to me once the c

Re: [PATCH 1/2] security: Handle dentries without inode in security_path_post_mknod()

on to the stable marking that Mimi already pointed out, I've got one small comment below, but otherwise this looks fine to me. Also, just to confirm, you're going to send patch 1/2 up to Linus during the v6.9-rc1 phase and hold patch 2/2 for the next merge window, right? Acked-by: Paul Moore >

Re: kernel crash in mknod

On Thu, Mar 28, 2024 at 8:07 AM Christian Brauner wrote: > On Thu, Mar 28, 2024 at 01:24:25PM +0200, Roberto Sassu wrote: > > Also, consider that the pre hook security_path_mknod() has the dentry as > > parameter. For symmetry, we could keep it in the post hook. > > I think that's not that

Re: kernel crash in mknod

On Thu, Mar 28, 2024 at 7:24 AM Roberto Sassu wrote: > On 3/28/2024 12:08 PM, Christian Brauner wrote: ... > > And one another thing I'd like to point out is that the security hook is > > called "security_path_post_mknod()" while the evm and ima hooks are > > called evm_post_path_mknod() and

Re: [syzbot] [audit?] [bpf?] INFO: rcu detected stall in kauditd_thread (4)

On Wed, Mar 27, 2024 at 2:39 PM syzbot wrote: > > Hello, > > syzbot found the following issue on: > > HEAD commit:fe46a7dd189e Merge tag 'sound-6.9-rc1' of git://git.kernel.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=121a9e2118 > kernel config:

Re: kernel crash in mknod

On Tue, Mar 26, 2024 at 7:40 AM Christian Brauner wrote: > > For bigger changes it's also worthwhile if the object that's passed down > into the hook-based LSM layer is as specific as possible. If someone > does a change that affects lifetime rules of mounts then any hook that > takes a struct

Re: kernel crash in mknod

dentry, mode, true); > > + if (!error) > > + error = security_path_post_mknod(idmap, > > dentry); > > Minor issue, security_path_post_mknod() does not return an error. > > Also, please update the description of security_path_post_mknod() to say > that it is not going to be called for non-regular files. > > Hopefully, Paul also agrees with this change. > > Other than that, please add my: > > Reviewed-by: Roberto Sassu No objections here for obvious reasons. Acked-by: Paul Moore -- paul-moore.com

Re: kernel crash in mknod

On Mon, Mar 25, 2024 at 12:06 PM Christian Brauner wrote: > I'm a bit confused now why this is taking a dentry. Nothing in IMA or > EVM cares about the dentry for these hooks so it really should have take > an inode in the first place? I don't want to speak for Roberto or Mimi here, but this LSM

Re: [PATCH RFC v15 14/21] dm verity: consume root hash digest and signature data via LSM hook

On Tue, Mar 19, 2024 at 10:19 PM Mike Snitzer wrote: > On Tue, Mar 19 2024 at 7:00P -0400, > Paul Moore wrote: > > On Mar 15, 2024 Fan Wu wrote: > > > > > > dm-verity provides a strong guarantee of a block device's integrity. As > > > a generic way t

Re: [RFC PATCH v15 17/21] fsverity: consume builtin signature via LSM hook

On Mon, Mar 18, 2024 at 1:29 AM Eric Biggers wrote: > On Fri, Mar 15, 2024 at 08:35:47PM -0700, Fan Wu wrote: > > fsverity represents a mechanism to support both integrity and > > authenticity protection of a file, supporting both signed and unsigned > > digests. ... > > diff --git

Re: [PATCH RFC v15 16/21] security: add security_inode_setintegrity() hook

On Mar 15, 2024 Fan Wu wrote: > > This patch introduces a new hook to save inode's integrity > data. For example, for fsverity enabled files, LSMs can use this hook to save > the verified fsverity builtin signature into the inode's security blob, > and LSMs can make access decisions based on the

Re: [PATCH RFC v15 14/21] dm verity: consume root hash digest and signature data via LSM hook

On Mar 15, 2024 Fan Wu wrote: > > dm-verity provides a strong guarantee of a block device's integrity. As > a generic way to check the integrity of a block device, it provides > those integrity guarantees to its higher layers, including the filesystem > level. > > An LSM that control access to

Re: [PATCH RFC v15 12/21] security: add security_bdev_setintegrity() hook

On Mar 15, 2024 Fan Wu wrote: > > This patch introduces a new hook to save block device's integrity > data. For example, for dm-verity, LSMs can use this hook to save > the roothash signature of a dm-verity into the security blob, > and LSMs can make access decisions based on the data inside >

Re: [RFC PATCH v15 05/21] initramfs|security: Add a security hook to do_populate_rootfs()

On Sun, Mar 17, 2024 at 8:29 PM Casey Schaufler wrote: > On 3/15/2024 8:35 PM, Fan Wu wrote: > > This patch introduces a new hook to notify security system that the > > content of initramfs has been unpacked into the rootfs. > > > > Upon receiving this notification, the security system can

[GIT PULL] audit/audit-pr-20240312

Hi Linus, Two small audit patches for the Linux v6.9 merge window: - Use the KMEM_CACHE() macro instead of kmem_cache_create() The guidance appears to be to use the KMEM_CACHE() macro when possible and there is no reason why we can't use the macro, so let's use it. - Remove an unnecessary

Re: [RFC PATCH v14 15/19] fsverity: consume builtin signature via LSM hook

On Tue, Mar 12, 2024 at 3:08 PM Fan Wu wrote: > We could also make security_inode_setsecurity() more generic instead of > for xattr only, any suggestions? For the sake of simplicity, since security_inode_setsecurity() doesn't work, it probably makes more sense to create a new LSM hook rather

Re: [RFC PATCH v14 15/19] fsverity: consume builtin signature via LSM hook

On Mon, Mar 11, 2024 at 11:07 PM Eric Biggers wrote: > On Mon, Mar 11, 2024 at 07:57:12PM -0700, Eric Biggers wrote: > > > > As I've said before, this commit message needs some work. It currently > > doesn't > > say anything about what the patch actually does. > > > > BTW, please make sure

Re: [RFC PATCH v14 00/19] Integrity Policy Enforcement LSM (IPE)

On Wed, Mar 6, 2024 at 6:34 PM Fan Wu wrote: > > Overview: > - > > IPE is a Linux Security Module which takes a complimentary approach to > access control. Whereas existing mandatory access control mechanisms > base their decisions on labels and paths, IPE instead determines > whether or

Re: [PATCH] init/Kconfig: Lower GCC version check for -Warray-bounds

Kees Cook > --- > Cc: Masahiro Yamada > Cc: Paul Moore > Cc: Gustavo A. R. Silva > Cc: Nathan Chancellor > Cc: Christophe Leroy > Cc: Johannes Weiner > --- > init/Kconfig | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) Thanks Kees. Reviewed-by: Paul Moore -- paul-moore.com

Re: [PATCH v2 15/25] security: call evm fscaps hooks from generic security hooks

On Wed, Feb 21, 2024 at 7:20 PM Seth Forshee (DigitalOcean) wrote: > On Wed, Feb 21, 2024 at 06:43:43PM -0500, Paul Moore wrote: > > On Wed, Feb 21, 2024 at 4:25 PM Seth Forshee (DigitalOcean) > > wrote: > > > > > > Signed-off-by: Seth Forshee (DigitalOcean) >

Re: [PATCH v2 12/25] selinux: add hooks for fscaps operations

On Wed, Feb 21, 2024 at 7:10 PM Seth Forshee (DigitalOcean) wrote: > On Wed, Feb 21, 2024 at 06:38:33PM -0500, Paul Moore wrote: > > On Wed, Feb 21, 2024 at 4:25 PM Seth Forshee (DigitalOcean) > > wrote: > > > > > > Add hooks for set/get/remove fscaps

Re: [PATCH v2 15/25] security: call evm fscaps hooks from generic security hooks

On Wed, Feb 21, 2024 at 4:25 PM Seth Forshee (DigitalOcean) wrote: > > Signed-off-by: Seth Forshee (DigitalOcean) > --- > security/security.c | 15 +-- > 1 file changed, 13 insertions(+), 2 deletions(-) First off, you've got to write *something* for the commit description, even if

Re: [PATCH v2 12/25] selinux: add hooks for fscaps operations

On Wed, Feb 21, 2024 at 4:25 PM Seth Forshee (DigitalOcean) wrote: > > Add hooks for set/get/remove fscaps operations which perform the same > checks as the xattr hooks would have done for XATTR_NAME_CAPS. > > Signed-off-by: Seth Forshee (DigitalOcean) > --- > security/selinux/hooks.c | 26

Re: [PATCH v2 11/25] security: add hooks for set/get/remove of fscaps

ecurity/security.c | 69 > +++ > 3 files changed, 109 insertions(+) One minor problem below, but assuming you fix that, this looks okay to me. Acked-by: Paul Moore > diff --git a/security/security.c b/security/security.c > index 3aaad75c9ce8..0d210da9862c 100644 > --- a

Re: [PATCH v2 2/9] security: allow finer granularity in permitting copy-up of security xattrs

gt; security/security.c | 7 --- > security/selinux/hooks.c | 2 +- > security/smack/smack_lsm.c| 2 +- > 8 files changed, 15 insertions(+), 12 deletions(-) Acked-by: Paul Moore (LSM,SELinux) -- paul-moore.com

Re: [PATCH v10 0/25] security: Move IMA and EVM to the LSM infrastructure

On Feb 15, 2024 Roberto Sassu wrote: > > IMA and EVM are not effectively LSMs, especially due to the fact that in > the past they could not provide a security blob while there is another LSM > active. > > That changed in the recent years, the LSM stacking feature now makes it > possible to

Re: [PATCH v9 12/25] security: Introduce file_post_open hook

On Thu, Feb 15, 2024 at 3:18 AM Mimi Zohar wrote: > On Wed, 2024-02-14 at 16:21 -0500, Paul Moore wrote: > > I'm not a big fan of sharing topic branches across different subsystem > > trees, I'd much rather just agree that one tree or another takes the > > patchset and the ot

Re: [PATCH v9 12/25] security: Introduce file_post_open hook

On Wed, Feb 14, 2024 at 3:07 PM Mimi Zohar wrote: > On Tue, 2024-02-13 at 10:33 -0500, Paul Moore wrote: > > On Tue, Feb 13, 2024 at 7:59 AM Roberto Sassu > > wrote: > > > On Mon, 2024-02-12 at 16:16 -0500, Paul Moore wrote: > > > > On Mon, Feb 12, 2024 at 4:0

Re: [PATCH v9 12/25] security: Introduce file_post_open hook

On Tue, Feb 13, 2024 at 7:59 AM Roberto Sassu wrote: > On Mon, 2024-02-12 at 16:16 -0500, Paul Moore wrote: > > On Mon, Feb 12, 2024 at 4:06 PM Mimi Zohar wrote: > > > > > > Hi Roberto, > > > > > > > > > > diff --git a/security/se

Re: [PATCH v9 12/25] security: Introduce file_post_open hook

On Mon, Feb 12, 2024 at 4:06 PM Mimi Zohar wrote: > > Hi Roberto, > > > > diff --git a/security/security.c b/security/security.c > > index d9d2636104db..f3d92bffd02f 100644 > > --- a/security/security.c > > +++ b/security/security.c > > @@ -2972,6 +2972,23 @@ int security_file_open(struct file

Re: [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA

On Mon, Feb 12, 2024 at 12:48 PM Stefan Berger wrote: > On 1/15/24 13:18, Roberto Sassu wrote: ... > > +/** > > + * ima_kernel_module_request - Prevent crypto-pkcs1pad(rsa,*) requests > > + * @kmod_name: kernel module name > > + * > > + * We have situation, when public_key_verify_signature() in

Re: [PATCH v9 0/25] security: Move IMA and EVM to the LSM infrastructure

On Thu, Feb 8, 2024 at 3:06 AM Roberto Sassu wrote: > On Wed, 2024-02-07 at 22:18 -0500, Paul Moore wrote: ... > > I had some pretty minor comments but I think the only thing I saw that > > I think needs a change/addition is a comment in the Makefile regarding > > the I

Re: [PATCH v9 25/25] integrity: Remove LSM

> security/integrity/integrity.h | 25 - > security/security.c| 2 - > 4 files changed, 2 insertions(+), 236 deletions(-) Acked-by: Paul Moore -- paul-moore.com

Re: [PATCH v9 23/25] evm: Make it independent from 'integrity' LSM

integrity/evm/Kconfig| 1 + > security/integrity/evm/evm.h | 19 +++ > security/integrity/evm/evm_crypto.c | 4 +- > security/integrity/evm/evm_main.c | 76 --- > security/integrity/ima/ima_appraise.c | 2 +- > security/integrity/

Re: [PATCH v9 22/25] evm: Move to LSM infrastructure

nularity beyond the LSM_ORDER_XXX priority, but that is something we can do later. Acked-by: Paul Moore > Make EVM functions as static (except for evm_inode_init_security(), which > is exported), and register them as hook implementations in init_evm_lsm(). > Also move the inline functi

Re: [PATCH v9 19/25] integrity: Move integrity_kernel_module_request() to IMA

h| 10 + > include/linux/integrity.h | 13 > security/integrity/digsig_asymmetric.c | 23 > security/integrity/ima/ima_main.c | 29 ++ > security/security.c | 2 +- > 5 files changed, 40 insertions(+), 37 deletions(-) Acked-by: Paul Moore -- paul-moore.com

Re: [PATCH v9 21/25] ima: Move IMA-Appraisal to LSM infrastructure

- > security/integrity/ima/ima_main.c | 1 + > security/security.c | 13 --- > 6 files changed, 35 insertions(+), 79 deletions(-) Acked-by: Paul Moore -- paul-moore.com

Re: [PATCH v9 20/25] ima: Move to LSM infrastructure

ty/integrity/ima/ima.h | 6 + > security/integrity/ima/ima_main.c | 78 + > security/integrity/integrity.h| 1 + > security/keys/key.c | 9 +- > security/security.c |

Re: [PATCH v9 18/25] security: Introduce key_post_create_or_update hook

d-by: Casey Schaufler > Reviewed-by: Mimi Zohar > --- > include/linux/lsm_hook_defs.h | 3 +++ > include/linux/security.h | 11 +++ > security/keys/key.c | 7 ++- > security/security.c | 19 +++ > 4 files changed, 39 insertions(+), 1 deletion(-) Acked-by: Paul Moore -- paul-moore.com

Re: [PATCH v9 16/25] security: Introduce inode_post_set_acl hook

t; Reviewed-by: Stefan Berger > Acked-by: Casey Schaufler > Reviewed-by: Mimi Zohar > --- > fs/posix_acl.c| 1 + > include/linux/lsm_hook_defs.h | 2 ++ > include/linux/security.h | 7 +++ > security/security.c | 17 +++++

Re: [PATCH v9 17/25] security: Introduce inode_post_remove_acl hook

: Roberto Sassu > Reviewed-by: Stefan Berger > Acked-by: Casey Schaufler > Reviewed-by: Mimi Zohar > --- > fs/posix_acl.c| 1 + > include/linux/lsm_hook_defs.h | 2 ++ > include/linux/security.h | 8 > security/security.c | 17 +++

Re: [PATCH v9 15/25] security: Introduce inode_post_create_tmpfile hook

gt; Reviewed-by: Mimi Zohar > --- > fs/namei.c| 1 + > include/linux/lsm_hook_defs.h | 2 ++ > include/linux/security.h | 6 ++ > security/security.c | 15 +++ > 4 files changed, 24 insertions(+) Acked-by: Paul Moore -- paul-moore.com

Re: [PATCH v9 14/25] security: Introduce path_post_mknod hook

y: Casey Schaufler > Reviewed-by: Mimi Zohar > --- > fs/namei.c| 5 + > include/linux/lsm_hook_defs.h | 2 ++ > include/linux/security.h | 5 + > security/security.c | 14 ++ > 4 files changed, 26 insertions(+) Acked-by: Paul Moore -- paul-moore.com

Re: [PATCH v9 13/25] security: Introduce file_release hook

ocumented in the code, I've never been a big fan of speculating about potential future uses of the hook, that's dangerous IMO. Otherwise this looks good. Acked-by: Paul Moore > The new hook cannot return an error and cannot cause the operation to be > reverted. > > Signed-off-by:

Re: [PATCH v9 12/25] security: Introduce file_post_open hook

| 1 + > include/linux/security.h | 6 ++ > security/security.c | 17 +++++ > 5 files changed, 32 insertions(+) Acked-by: Paul Moore -- paul-moore.com

Re: [PATCH v9 11/25] security: Introduce inode_post_removexattr hook

++ > 4 files changed, 26 insertions(+), 4 deletions(-) Acked-by: Paul Moore -- paul-moore.com

Re: [PATCH v9 10/25] security: Introduce inode_post_setattr hook

: Roberto Sassu > Reviewed-by: Stefan Berger > Reviewed-by: Mimi Zohar > Acked-by: Casey Schaufler > --- > fs/attr.c | 1 + > include/linux/lsm_hook_defs.h | 2 ++ > include/linux/security.h | 7 +++ > security/security.c | 16 ++

Re: [PATCH v9 9/25] security: Align inode_setattr hook definition with EVM

Reviewed-by: Mimi Zohar > --- > include/linux/lsm_hook_defs.h | 3 ++- > security/security.c | 2 +- > security/selinux/hooks.c | 3 ++- > security/smack/smack_lsm.c| 4 +++- > 4 files changed, 8 insertions(+), 4 deletions(-) Acked-by: Paul Moore -- paul-moore.com

Re: [PATCH v9 8/25] evm: Align evm_inode_post_setxattr() definition with LSM infrastructure

ewed-by: Casey Schaufler > --- > include/linux/evm.h | 8 +--- > security/integrity/evm/evm_main.c | 4 +++- > security/security.c | 2 +- > 3 files changed, 9 insertions(+), 5 deletions(-) Acked-by: Paul Moore -- paul-moore.com

Re: [PATCH v9 7/25] evm: Align evm_inode_setxattr() definition with LSM infrastructure

ewed-by: Casey Schaufler > --- > include/linux/evm.h | 4 ++-- > security/integrity/evm/evm_main.c | 3 ++- > security/security.c | 2 +- > 3 files changed, 5 insertions(+), 4 deletions(-) Acked-by: Paul Moore -- paul-moore.com

Re: [PATCH v9 6/25] evm: Align evm_inode_post_setattr() definition with LSM infrastructure

Schaufler > Reviewed-by: Mimi Zohar > --- > fs/attr.c | 2 +- > include/linux/evm.h | 6 -- > security/integrity/evm/evm_main.c | 4 +++- > 3 files changed, 8 insertions(+), 4 deletions(-) Reviewed-by: Paul Moore -- paul-moore.com

Re: [PATCH v9 5/25] ima: Align ima_post_read_file() definition with LSM infrastructure

Stefan Berger > Reviewed-by: Mimi Zohar > Reviewed-by: Casey Schaufler > --- > include/linux/ima.h | 4 ++-- > security/integrity/ima/ima_main.c | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) Reviewed-by: Paul Moore -- paul-moore.com

Re: [PATCH v9 4/25] ima: Align ima_inode_removexattr() definition with LSM infrastructure

Reviewed-by: Mimi Zohar > --- > include/linux/ima.h | 7 +-- > security/integrity/ima/ima_appraise.c | 3 ++- > security/security.c | 2 +- > 3 files changed, 8 insertions(+), 4 deletions(-) Acked-by: Paul Moore -- paul-moore.com

Re: [PATCH v9 3/25] ima: Align ima_inode_setxattr() definition with LSM infrastructure

ewed-by: Casey Schaufler > --- > include/linux/ima.h | 11 +++ > security/integrity/ima/ima_appraise.c | 5 +++-- > security/security.c | 2 +- > 3 files changed, 11 insertions(+), 7 deletions(-) Acked-by: Paul Moore -- paul-moore.com

Re: [PATCH v9 2/25] ima: Align ima_file_mprotect() definition with LSM infrastructure

Zohar > --- > include/linux/ima.h | 5 +++-- > security/integrity/ima/ima_main.c | 6 -- > security/security.c | 2 +- > 3 files changed, 8 insertions(+), 5 deletions(-) Acked-by: Paul Moore -- paul-moore.com

Re: [PATCH v9 1/25] ima: Align ima_inode_post_setattr() definition with LSM infrastructure

Schaufler > Reviewed-by: Mimi Zohar > --- > fs/attr.c | 2 +- > include/linux/ima.h | 4 ++-- > security/integrity/ima/ima_appraise.c | 3 ++- > 3 files changed, 5 insertions(+), 4 deletions(-) > Reviewed-by: Paul Moore -- paul-moore.com

Re: [PATCH v9 0/25] security: Move IMA and EVM to the LSM infrastructure

On Jan 15, 2024 Roberto Sassu wrote: > > IMA and EVM are not effectively LSMs, especially due to the fact that in > the past they could not provide a security blob while there is another LSM > active. > > That changed in the recent years, the LSM stacking feature now makes it > possible to

Re: [PATCH RFC v12 15/20] ipe: add support for dm-verity as a trust provider

On Mon, Feb 5, 2024 at 6:11 PM Fan Wu wrote: > On 2/3/2024 2:25 PM, Paul Moore wrote: > > On Jan 30, 2024 Fan Wu wrote: > >> > >> Allows author of IPE policy to indicate trust for a singular dm-verity > >> volume, identified by roothash, through "dmverit

Re: [PATCH RFC v12 8/20] ipe: add userspace interface

On Mon, Feb 5, 2024 at 6:01 PM Fan Wu wrote: > On 2/3/2024 2:25 PM, Paul Moore wrote: > > On Jan 30, 2024 Fan Wu wrote: > >> > >> As is typical with LSMs, IPE uses securityfs as its interface with > >> userspace. for a complete list of the interfaces an

Re: [PATCH RFC v12 17/20] ipe: enable support for fs-verity as a trust provider

On Jan 30, 2024 Fan Wu wrote: > > Enable IPE policy authors to indicate trust for a singular fsverity > file, identified by the digest information, through "fsverity_digest" > and all files using fsverity's builtin signatures via > "fsverity_signature". > > This enables file-level integrity

Re: [PATCH RFC v12 15/20] ipe: add support for dm-verity as a trust provider

On Jan 30, 2024 Fan Wu wrote: > > Allows author of IPE policy to indicate trust for a singular dm-verity > volume, identified by roothash, through "dmverity_roothash" and all > signed dm-verity volumes, through "dmverity_signature". > > Signed-off-by: Deven Bowers > Signed-off-by: Fan Wu >

Re: [PATCH RFC v12 10/20] ipe: add permissive toggle

On Jan 30, 2024 Fan Wu wrote: > > IPE, like SELinux, supports a permissive mode. This mode allows policy > authors to test and evaluate IPE policy without it effecting their > programs. When the mode is changed, a 1404 AUDIT_MAC_STATUS > be reported. > > This patch adds the following audit

Re: [PATCH RFC v12 9/20] uapi|audit|ipe: add ipe auditing support

On Jan 30, 2024 Fan Wu wrote: > > Users of IPE require a way to identify when and why an operation fails, > allowing them to both respond to violations of policy and be notified > of potentially malicious actions on their systems with respect to IPE > itself. > > This patch introduces 3 new

Re: [PATCH RFC v12 8/20] ipe: add userspace interface

On Jan 30, 2024 Fan Wu wrote: > > As is typical with LSMs, IPE uses securityfs as its interface with > userspace. for a complete list of the interfaces and the respective > inputs/outputs, please see the documentation under > admin-guide/LSM/ipe.rst > > Signed-off-by: Deven Bowers >

Re: [PATCH RFC v12 6/20] ipe: introduce 'boot_verified' as a trust provider

On Jan 30, 2024 Fan Wu wrote: > > IPE is designed to provide system level trust guarantees, this usually > implies that trust starts from bootup with a hardware root of trust, > which validates the bootloader. After this, the bootloader verifies > the kernel and the initramfs. > > As there's no

Re: [PATCH RFC v12 5/20] initramfs|security: Add security hook to initramfs unpack

On Jan 30, 2024 Fan Wu wrote: > > This patch introduces a new hook to notify security system that the > content of initramfs has been unpacked into the rootfs. > > Upon receiving this notification, the security system can activate > a policy to allow only files that originated from the

Re: [PATCH] audit: Use KMEM_CACHE instead of kmem_cache_create

On Jan 24, 2024 Kunwu Chan wrote: > > Use the new KMEM_CACHE() macro instead of direct kmem_cache_create > to simplify the creation of SLAB caches. > > Signed-off-by: Kunwu Chan > --- > kernel/audit.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) Merged into audit/dev, thanks.

Re: [PATCH] kernel: auditfilter: Remove unnecessary ‘0’ values from ret

On Dec 27, 2023 Li zeming wrote: > > The ret variable is assigned when it does not need to be defined, as it > has already been assigned before use. > > Signed-off-by: Li zeming > --- > kernel/auditfilter.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Merged into audit/dev,

Re: [PATCH] io_uring: enable audit and restrict cred override for IORING_OP_FIXED_FD_INSTALL

On Tue, Jan 23, 2024 at 5:43 PM Jens Axboe wrote: > On 1/23/24 3:40 PM, Jens Axboe wrote: > > On 1/23/24 3:35 PM, Jens Axboe wrote: > >> > >> On Tue, 23 Jan 2024 16:55:02 -0500, Paul Moore wrote: > >>> We need to correct some aspects of the IORING_OP

Re: [PATCH] io_uring: enable audit and restrict cred override for IORING_OP_FIXED_FD_INSTALL

On Tue, Jan 23, 2024 at 4:55 PM Paul Moore wrote: > > We need to correct some aspects of the IORING_OP_FIXED_FD_INSTALL > command to take into account the security implications of making an > io_uring-private file descriptor generally accessible to a userspace > task. >

[PATCH] io_uring: enable audit and restrict cred override for IORING_OP_FIXED_FD_INSTALL

_OP_FIXED_FD_INSTALL operations. Fixes: dc18b89ab113 ("io_uring/openclose: add support for IORING_OP_FIXED_FD_INSTALL") Signed-off-by: Paul Moore --- io_uring/opdef.c | 1 - io_uring/openclose.c | 4 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/io_uring/op

Re: IORING_OP_FIXED_FD_INSTALL and audit/LSM interactions

On Fri, Jan 19, 2024 at 12:41 PM Jens Axboe wrote: > On 1/19/24 10:20 AM, Paul Moore wrote: > > On Fri, Jan 19, 2024 at 12:02?PM Jens Axboe wrote: > >> On 1/19/24 9:33 AM, Paul Moore wrote: > >>> Hello all, > >>> > >>> I just noticed t

  1   2   3   4   5   6   7   8   9   10   >