On Mon, Dec 18, 2023 at 12:21 PM Stephen Smalley
wrote:
>
> On Tue, Dec 12, 2023 at 8:17 AM Maxime Coquelin
> wrote:
> >
> > This patch introduces a LSM hook for devices creation,
> > destruction (ioctl()) and opening (open()) operations,
> > checking the
On Tue, Dec 12, 2023 at 8:17 AM Maxime Coquelin
wrote:
>
> This patch introduces a LSM hook for devices creation,
> destruction (ioctl()) and opening (open()) operations,
> checking the application is allowed to perform these
> operations for the Virtio device type.
Can you explain why the
On Fri, Jan 8, 2021 at 3:17 PM Lokesh Gidra wrote:
>
> On Fri, Jan 8, 2021 at 11:35 AM Stephen Smalley
> wrote:
> >
> > On Wed, Jan 6, 2021 at 10:03 PM Paul Moore wrote:
> > >
> > > On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra
>
On Fri, Jan 8, 2021 at 12:33 AM Lokesh Gidra wrote:
>
> From: Daniel Colascione
>
> This change uses the anon_inodes and LSM infrastructure introduced in
> the previous patches to give SELinux the ability to control
> anonymous-inode files that are created using the new
>
On Wed, Jan 6, 2021 at 10:03 PM Paul Moore wrote:
>
> On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra wrote:
> > From: Daniel Colascione
> >
> > This change uses the anon_inodes and LSM infrastructure introduced in
> > the previous patches to give SELinux the ability to control
> > anonymous-inode
On Mon, Jan 4, 2021 at 9:16 AM Stephen Smalley
wrote:
>
> On Fri, Dec 18, 2020 at 7:06 PM Stephen Brennan
> wrote:
> >
> > Smack needs its security_task_to_inode() hook to be called when a task
> > execs a new executable. Store the self_exec_id of the tas
On Fri, Dec 18, 2020 at 7:06 PM Stephen Brennan
wrote:
>
> Smack needs its security_task_to_inode() hook to be called when a task
> execs a new executable. Store the self_exec_id of the task and call the
> hook via pid_update_inode() whenever the exec_id changes.
>
> Signed-off-by: Stephen
m or at
least the latest/last one. For actual verification, they would need
to load the expected policy into an identical kernel on a
pristine/known-safe system and run the sha256sum
/sys/kernel/selinux/policy there to get the expected hash.
> Signed-off-by: Lakshmi Ramasubramanian
> Suggested-by:
On Tue, Sep 8, 2020 at 8:50 AM Stephen Smalley
wrote:
>
> On Tue, Sep 8, 2020 at 8:43 AM Mickaël Salaün wrote:
> >
> >
> > On 08/09/2020 14:28, Mimi Zohar wrote:
> > > Hi Mickael,
> > >
> > > On Tue, 2020-09-08 at 09:59 +0200, Mic
On Tue, Sep 8, 2020 at 12:44 AM Lakshmi Ramasubramanian
wrote:
>
> On 9/7/20 3:32 PM, Stephen Smalley wrote:
>
> >> Signed-off-by: Lakshmi Ramasubramanian
> >> Suggested-by: Stephen Smalley
> >> Reported-by: kernel test robot # error: implicit
On Tue, Sep 8, 2020 at 8:28 AM Stephen Smalley
wrote:
>
> On Mon, Sep 7, 2020 at 5:39 PM Lakshmi Ramasubramanian
> wrote:
> >
> > Critical data structures of security modules are currently not measured.
> > Therefore an attestation service, for instance, would not be
tch is dependent on the following patch series and must be
> applied in the given order:
> https://patchwork.kernel.org/patch/11709527/
> https://patchwork.kernel.org/patch/11730193/
> https://patchwork.kernel.org/patch/11730757/
>
> Signed-off-by: Lakshmi
On Tue, Sep 8, 2020 at 8:43 AM Mickaël Salaün wrote:
>
>
> On 08/09/2020 14:28, Mimi Zohar wrote:
> > Hi Mickael,
> >
> > On Tue, 2020-09-08 at 09:59 +0200, Mickaël Salaün wrote:
> >> +mode |= MAY_INTERPRETED_EXEC;
> >> +/*
> >> + * For
tch is dependent on the following patch series and must be
> applied in the given order:
> https://patchwork.kernel.org/patch/11709527/
> https://patchwork.kernel.org/patch/11730193/
> https://patchwork.kernel.org/patch/11730757/
>
> Signed-off-by: Lakshmi R
On Thu, Aug 13, 2020 at 2:39 PM Stephen Smalley
wrote:
>
> On Thu, Aug 13, 2020 at 10:17 AM Mickaël Salaün wrote:
> >
> >
> > On 12/08/2020 21:16, Stephen Smalley wrote:
> > > On 8/2/20 5:58 PM, Mickaël Salaün wrote:
> > >> From: Casey Schaufler
&g
n_inode { create };
>
> (The next patch in this series is necessary for making userfaultfd
> support this new interface. The example above is just
> for exposition.)
>
> Signed-off-by: Daniel Colascione
> Acked-by: Casey Schaufler
> Acked-by: Stephen Smalley
> Cc: Al V
On Wed, Aug 26, 2020 at 8:51 AM Stephen Smalley
wrote:
>
> On Tue, Aug 25, 2020 at 4:49 PM Lakshmi Ramasubramanian
> wrote:
> >
> > On 8/24/20 3:18 PM, Paul Moore wrote:
> >
> > Hi Paul,
> >
> > >>>>> Is Ondrej's re-try approac
On Tue, Aug 25, 2020 at 4:49 PM Lakshmi Ramasubramanian
wrote:
>
> On 8/24/20 3:18 PM, Paul Moore wrote:
>
> Hi Paul,
>
> > Is Ondrej's re-try approach I need to use to workaround policy reload
> > issue?
>
> No, I think perhaps we should move the mutex to selinux_state instead
at 2263 (offset 39 lines).
Hunk #3 succeeded at 2303 with fuzz 1 (offset 47 lines).
Hunk #4 succeeded at 2323 (offset 42 lines).
But otherwise it looked good to me.
Acked-by: Stephen Smalley
On Mon, Aug 24, 2020 at 2:13 PM Lakshmi Ramasubramanian
wrote:
>
> On 8/24/20 7:00 AM, Stephen Smalley wrote:
>
> >> +int security_read_policy_kernel(struct selinux_state *state,
> >> + void **data, size_t *len)
> >> +{
> &g
y/integrity/ima/ascii_runtime_measurements | cut -d' ' -f 6
>
> This patch is dependent on the following patch series:
> https://patchwork.kernel.org/patch/11709527/
> https://patchwork.kernel.org/patch/11730193/
> https://patchwork.kernel.org/patch/11730757/
s=file
> runcon-1365 [003] 6960.955560:
> => <7f325b4ce45b>
> => <5607093efa57>
>
> Signed-off-by: Peter Enderborg
> Reviewed-by: Thiébaud Weksteen
Acked-by: Stephen Smalley
e mapped to a class by searching
> security/selinux/flask.h. The audited value is a bit field of the
> permissions described in security/selinux/av_permissions.h for the
> corresponding class.
>
> [1] https://source.android.com/devices/tech/debug/native_stack_dump
>
> Signed-off-by: Thiébaud Weksteen
> Suggested-by: Joel Fernandes
> Reviewed-by: Peter Enderborg
Acked-by: Stephen Smalley
On Thu, Aug 20, 2020 at 10:31 PM Steven Rostedt wrote:
>
> On Wed, 19 Aug 2020 09:11:08 -0400
> Stephen Smalley wrote:
>
> > So we'll need to update this plugin whenever we modify
> > security/selinux/include/classmap.h to keep them in sync. Is that a
> > concer
On Thu, Aug 20, 2020 at 10:22 PM Paul Moore wrote:
>
> On Tue, Aug 18, 2020 at 8:14 AM Stephen Smalley
> wrote:
> > On Tue, Aug 18, 2020 at 4:11 AM peter enderborg
> > wrote:
>
> ...
>
> > > Is there any other things we need to fix? A part 1&2 now
On Thu, Aug 20, 2020 at 6:20 AM Julia Lawall wrote:
>
> From: kernel test robot
>
> Use kmemdup rather than duplicating its implementation
>
> Generated by: scripts/coccinelle/api/memdup.cocci
>
> Fixes: c7c556f1e81b ("selinux: refactor changing booleans")
&
On 8/19/20 11:06 AM, Andy Shevchenko wrote:
On Wed, Aug 19, 2020 at 3:30 PM Stephen Smalley
wrote:
On 8/19/20 6:11 AM, Naresh Kamboju wrote:
Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
Kernel panic - not syncing: Fatal exception in interrupt
metadata:
git
On 8/19/20 9:12 AM, Paul Moore wrote:
On Wed, Aug 19, 2020 at 8:28 AM Stephen Smalley
wrote:
On 8/19/20 6:11 AM, Naresh Kamboju wrote:
Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
Kernel panic - not syncing: Fatal exception in interrupt
metadata:
git branch
On 8/18/20 12:09 PM, Steven Rostedt wrote:
On Mon, 17 Aug 2020 16:29:33 -0400
Steven Rostedt wrote:
On Mon, 17 Aug 2020 16:13:29 -0400
Stephen Smalley wrote:
Does this require a corresponding patch to userspace? Otherwise, I get
the following:
libtraceevent: No such file or directory
On 8/19/20 6:11 AM, Naresh Kamboju wrote:
Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
Kernel panic - not syncing: Fatal exception in interrupt
metadata:
git branch: master
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
git
booleans")
Signed-off-by: Colin Ian King
Acked-by: Stephen Smalley
---
security/selinux/ss/services.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index f6f78c65f53f..d310910fb639 100644
--- a/security/s
On 8/17/20 1:07 PM, Thiébaud Weksteen wrote:
From: Peter Enderborg
This patch adds further attributes to the event. These attributes are
helpful to understand the context of the message and can be used
to filter the events.
There are three common items. Source context, target context and
ech/debug/native_stack_dump
Signed-off-by: Thiébaud Weksteen
Suggested-by: Joel Fernandes
Reviewed-by: Peter Enderborg
Acked-by: Stephen Smalley
On Tue, Aug 18, 2020 at 4:11 AM peter enderborg
wrote:
>
> On 8/17/20 10:16 PM, Stephen Smalley wrote:
> > On 8/17/20 1:07 PM, Thiébaud Weksteen wrote:
> >
> >> From: Peter Enderborg
> >>
> >> In the print out add permissions, it will look like:
rmission filtering is done on the audited, denied or
requested attributes.
Suggested-by: Steven Rostedt
Suggested-by: Stephen Smalley
Reviewed-by: Thiébaud Weksteen
Signed-off-by: Peter Enderborg
---
include/trace/events/avc.h | 11 +--
security/selinux/avc.c | 36 ++
rmission filtering is done on the audited, denied or
requested attributes.
Suggested-by: Steven Rostedt
Suggested-by: Stephen Smalley
Reviewed-by: Thiébaud Weksteen
Signed-off-by: Peter Enderborg
---
Does this require a corresponding patch to userspace? Otherwise, I get
the following:
l
On Fri, Aug 14, 2020 at 1:07 PM peter enderborg
wrote:
>
> On 8/14/20 6:51 PM, Stephen Smalley wrote:
> > On Fri, Aug 14, 2020 at 9:05 AM Thiébaud Weksteen wrote:
> >> On Thu, Aug 13, 2020 at 5:41 PM Stephen Smalley
> >> wrote:
> >>> An explanati
On Fri, Aug 14, 2020 at 9:05 AM Thiébaud Weksteen wrote:
>
> On Thu, Aug 13, 2020 at 5:41 PM Stephen Smalley
> wrote:
> >
> > An explanation here of how one might go about decoding audited and
> > tclass would be helpful to users (even better would be a script to do
On Thu, Aug 13, 2020 at 10:17 AM Mickaël Salaün wrote:
>
>
> On 12/08/2020 21:16, Stephen Smalley wrote:
> > On 8/2/20 5:58 PM, Mickaël Salaün wrote:
> >> From: Casey Schaufler
> >>
> >> Move management of the superblock->sb_security blo
On Thu, Aug 13, 2020 at 2:03 PM Lakshmi Ramasubramanian
wrote:
>
> On 8/13/20 10:58 AM, Stephen Smalley wrote:
> > On Thu, Aug 13, 2020 at 1:52 PM Lakshmi Ramasubramanian
> > wrote:
> >>
> >> On 8/13/20 10:42 AM, Stephen Smalley wrote:
> >>
>
On Thu, Aug 13, 2020 at 1:52 PM Lakshmi Ramasubramanian
wrote:
>
> On 8/13/20 10:42 AM, Stephen Smalley wrote:
>
> >> diff --git a/security/selinux/measure.c b/security/selinux/measure.c
> >> new file mode 100644
> >> index ..f21b7de4e2ae
> >&
hash"
/sys/kernel/security/integrity/ima/ascii_runtime_measurements | cut -d' ' -f 6
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Stephen Smalley
Reported-by: kernel test robot # error: implicit declaration
of function 'vfree'
Reported-by: kernel test robot # error: i
On 8/13/20 11:35 AM, peter enderborg wrote:
On 8/13/20 5:05 PM, Casey Schaufler wrote:
On 8/13/2020 7:48 AM, Thiébaud Weksteen wrote:
From: Peter Enderborg
This patch adds further attributes to the event. These attributes are
helpful to understand the context of the message and can be used
On 8/13/20 10:48 AM, Thiébaud Weksteen wrote:
The audit data currently captures which process and which target
is responsible for a denial. There is no data on where exactly in the
process that call occurred. Debugging can be made easier by being able to
reconstruct the unified kernel and
uch
space is required, and the space is allocated there.
Signed-off-by: Casey Schaufler
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Reviewed-by: Stephen Smalley
Reviewed-by: Mickaël Salaün
Link: https://lore.kernel.org/r/20190829232935.7099-2-ca...@schaufler-ca.com
---
Changes since
On Thu, Aug 6, 2020 at 9:45 AM Stephen Smalley
wrote:
>
> On 8/6/20 8:32 AM, Stephen Smalley wrote:
>
> > On 8/6/20 8:24 AM, peter enderborg wrote:
> >
> >> On 8/6/20 2:11 PM, Stephen Smalley wrote:
> >>> On 8/6/20 4:03 AM, Thiébaud Weksteen
On 8/6/20 8:32 AM, Stephen Smalley wrote:
On 8/6/20 8:24 AM, peter enderborg wrote:
On 8/6/20 2:11 PM, Stephen Smalley wrote:
On 8/6/20 4:03 AM, Thiébaud Weksteen wrote:
From: Peter Enderborg
Add further attributes to filter the trace events from AVC.
Please include sample usage
On 8/6/20 8:24 AM, peter enderborg wrote:
On 8/6/20 2:11 PM, Stephen Smalley wrote:
On 8/6/20 4:03 AM, Thiébaud Weksteen wrote:
From: Peter Enderborg
Add further attributes to filter the trace events from AVC.
Please include sample usage and output in the description.
Im not sure where
On 8/6/20 4:03 AM, Thiébaud Weksteen wrote:
From: Peter Enderborg
Add further attributes to filter the trace events from AVC.
Please include sample usage and output in the description.
On Thu, Aug 6, 2020 at 10:51 AM peter enderborg
wrote:
>
> On 8/6/20 3:49 PM, Stephen Smalley wrote:
> > On Thu, Aug 6, 2020 at 9:45 AM Stephen Smalley
> > wrote:
> >> On 8/6/20 8:32 AM, Stephen Smalley wrote:
> >>
> >>> On 8/6/20 8:24 AM, peter
On Wed, Aug 5, 2020 at 9:20 AM Mimi Zohar wrote:
>
> On Wed, 2020-08-05 at 09:03 -0400, Stephen Smalley wrote:
> > On Wed, Aug 5, 2020 at 8:57 AM Mimi Zohar wrote:
> > > On Wed, 2020-08-05 at 08:46 -0400, Stephen Smalley wrote:
> > > > On 8/4/20 11:25 PM, Mimi
On 8/4/20 11:25 PM, Mimi Zohar wrote:
Hi Lakshmi,
There's still a number of other patch sets needing to be reviewed
before my getting to this one. The comment below is from a high level.
On Tue, 2020-08-04 at 17:43 -0700, Lakshmi Ramasubramanian wrote:
Critical data structures of security
On Wed, Aug 5, 2020 at 8:57 AM Mimi Zohar wrote:
>
> On Wed, 2020-08-05 at 08:46 -0400, Stephen Smalley wrote:
> > On 8/4/20 11:25 PM, Mimi Zohar wrote:
> >
> > > Hi Lakshmi,
> > >
> > > There's still a number of other patch sets needing to be
On 8/5/20 11:07 AM, Tyler Hicks wrote:
On 2020-08-05 10:27:43, Stephen Smalley wrote:
On Wed, Aug 5, 2020 at 9:20 AM Mimi Zohar wrote:
On Wed, 2020-08-05 at 09:03 -0400, Stephen Smalley wrote:
On Wed, Aug 5, 2020 at 8:57 AM Mimi Zohar wrote:
On Wed, 2020-08-05 at 08:46 -0400, Stephen
On 8/4/20 11:20 AM, Stephen Smalley wrote:
On 8/3/20 6:08 PM, Lakshmi Ramasubramanian wrote:
On 8/3/20 2:07 PM, Stephen Smalley wrote:
[ 68.870715] irq event stamp: 23486085
[ 68.870715] hardirqs last enabled at (23486085):
[] _raw_spin_unlock_irqrestore+0x46/0x60
[ 68.870715
On 8/3/20 6:08 PM, Lakshmi Ramasubramanian wrote:
On 8/3/20 2:07 PM, Stephen Smalley wrote:
[ 68.870715] irq event stamp: 23486085
[ 68.870715] hardirqs last enabled at (23486085):
[] _raw_spin_unlock_irqrestore+0x46/0x60
[ 68.870715] hardirqs last disabled at (23486084
On 8/3/20 4:37 PM, Lakshmi Ramasubramanian wrote:
On 8/3/20 1:29 PM, Stephen Smalley wrote:
On 8/3/20 4:00 PM, Stephen Smalley wrote:
On Mon, Aug 3, 2020 at 12:14 PM Lakshmi Ramasubramanian
wrote:
On 8/3/20 8:11 AM, Stephen Smalley wrote:
Possibly I'm missing something
On 8/3/20 4:00 PM, Stephen Smalley wrote:
On Mon, Aug 3, 2020 at 12:14 PM Lakshmi Ramasubramanian
wrote:
On 8/3/20 8:11 AM, Stephen Smalley wrote:
Possibly I'm missing something but with these patches applied on top of
next-integrity, and the following lines added to /etc/ima/ima-policy
On Mon, Aug 3, 2020 at 12:14 PM Lakshmi Ramasubramanian
wrote:
>
> On 8/3/20 8:11 AM, Stephen Smalley wrote:
> >
> > Possibly I'm missing something but with these patches applied on top of
> > next-integrity, and the following lines added to /etc/ima/ima-policy:
> &
;selinux-policy-hash"
/sys/kernel/security/integrity/ima/ascii_runtime_measurements | cut -d' ' -f 4
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Stephen Smalley
Reported-by: kernel test robot # error: implicit declaration
of function 'vfree'
Reported-by: kernel test robo
On Thu, Jul 30, 2020 at 10:29 AM peter enderborg
wrote:
>
> I did manage to rebase it but this is about my approach.
>
> Compared to Thiébaud Weksteen patch this adds:
>
> 1 Filtering. Types goes to trace so we can put up a filter for contexts or
> type etc.
>
> 2 It tries also to cover non
On 7/28/20 12:02 PM, Thiébaud Weksteen wrote:
On Tue, Jul 28, 2020 at 5:12 PM Paul Moore wrote:
Perhaps it would be helpful if you provided an example of how one
would be expected to use this new tracepoint? That would help put
things in the proper perspective.
The best example is the one I
On 7/28/20 8:49 AM, Thiébaud Weksteen wrote:
Thanks for the review! I'll send a new revision of the patch with the
%x formatter and using the TP_CONDITION macro.
On adding further information to the trace event, I would prefer
adding the strict minimum to be able to correlate the event with
On Fri, Jul 24, 2020 at 5:15 AM Thiébaud Weksteen wrote:
>
> The audit data currently captures which process and which target
> is responsible for a denial. There is no data on where exactly in the
> process that call occurred. Debugging can be made easier by being able to
> reconstruct the
On Mon, Jul 20, 2020 at 2:27 PM Lakshmi Ramasubramanian
wrote:
>
> On 7/20/20 10:49 AM, Stephen Smalley wrote:
>
> >>>
> >>> Looks like the template used is ima-ng which doesn't include the
> >>> measured buffer. Please set template to &qu
On Mon, Jul 20, 2020 at 1:40 PM Stephen Smalley
wrote:
>
> On Mon, Jul 20, 2020 at 1:34 PM Lakshmi Ramasubramanian
> wrote:
> >
> > On 7/20/20 10:06 AM, Stephen Smalley wrote:
> >
> > >> The above will ensure the following sequence will be measured:
>
On Mon, Jul 20, 2020 at 1:34 PM Lakshmi Ramasubramanian
wrote:
>
> On 7/20/20 10:06 AM, Stephen Smalley wrote:
>
> >> The above will ensure the following sequence will be measured:
> >>#1 State A - Measured
> >>#2 Change from State A to State B - Mea
On Mon, Jul 20, 2020 at 11:17 AM Lakshmi Ramasubramanian
wrote:
> Thanks for trying out the changes. Please let me know the defects you find.
>
> Just to let you know - I am making the following change (will update in
> the next patch):
>
> => Save the last policy hash and state string in
-f 1
>
> cat /sys/kernel/security/integrity/ima/ascii_runtime_measurements | grep -m
> 1 "selinux-policy-hash" | cut -d' ' -f 6
>
> Signed-off-by: Lakshmi Ramasubramanian
> Suggested-by: Stephen Smalley
> ---
> diff --git a/security/selinux/measure.c b/security/sel
On Thu, Jul 16, 2020 at 3:13 PM Lakshmi Ramasubramanian
wrote:
>
> On 7/16/20 11:54 AM, Stephen Smalley wrote:
> > Not sure about this error handling approach (silent, proceeding as if
> > the length was zero and then later failing with ENOMEM on every
> > attempt?). I'd b
hat the above measurement
matches a given state and policy, e.g. the sha256sum commands and
inputs to reproduce the same from an expected state and policy?
>
> Signed-off-by: Lakshmi Ramasubramanian
> Suggested-by: Stephen Smalley
> ---
> diff --git a/security/selinux/measure.c b/securi
perm=1;extsockclass=1;alwaysnetwork=0;cgroupseclabel=1;nnpnosuidtransition=1;genfsseclabelsymlink=0;
>
> The data for selinux-policy-hash in the above measurement is
> the SHA256 hash of the SELinux policy.
>
> Signed-off-by: Lakshmi Ramasubramanian
> Suggested-by: Stephen Smalley
> ---
>
s[0] never runs.
>
> So return -1 if the loop never runs.
>
> Signed-off-by: Tom Rix
Acked-by: Stephen Smalley
clang didn't complain about the similar pattern in
security/selinux/ss/services.c:constraint_expr_eval()?
On Mon, Jun 15, 2020 at 12:45 PM Lakshmi Ramasubramanian
wrote:
>
> On 6/15/20 4:57 AM, Stephen Smalley wrote:
> > I think I mentioned this on a previous version of these patches, but I
> > would recommend including more than just the enabled and enforcing
> > states in
On Mon, Jun 15, 2020 at 10:59 AM Mimi Zohar wrote:
>
> On Mon, 2020-06-15 at 09:33 -0400, Stephen Smalley wrote:
> > On Fri, Jun 12, 2020 at 10:42 PM Lakshmi Ramasubramanian
> > wrote:
> > >
> > > The data maintained by the security modules could be tampered
On Fri, Jun 12, 2020 at 10:42 PM Lakshmi Ramasubramanian
wrote:
>
> The data maintained by the security modules could be tampered with by
> malware. The LSM needs to periodically query the state of
> the security modules and measure the data when the state is changed.
>
> Define a workqueue for
On Mon, Jun 15, 2020 at 7:57 AM Stephen Smalley
wrote:
> I think I mentioned this on a previous version of these patches, but I
> would recommend including more than just the enabled and enforcing
> states in your measurement. Other low-hanging fruit would be the
> other selinux_st
On Fri, Jun 12, 2020 at 10:42 PM Lakshmi Ramasubramanian
wrote:
>
> SELinux needs to implement the interface function, security_state(), for
> the LSM to gather SELinux data for measuring. Define the security_state()
> function in SELinux.
>
> The security modules should be able to notify the LSM
0ac2e27fd05b418 ("selinux: convert cond_list
to array").
Acked-by: Stephen Smalley
s
> and setting their return pointers to NULL and the return len to 0
>
> Signed-off-by: Tom Rix
Acked-by: Stephen Smalley
On Wed, Jun 10, 2020 at 2:10 PM wrote:
>
> From: Tom Rix
>
> Clang's static analysis tool reports these double free memory errors.
>
> security/selinux/ss/services.c:2987:4: warning: Attempt to free released
> memory [unix.Malloc]
> kfree(bnames[i]);
>
On Wed, Jun 3, 2020 at 11:59 PM James Morris wrote:
>
> On Wed, 1 Apr 2020, Daniel Colascione wrote:
>
> > Daniel Colascione (3):
> > Add a new LSM-supporting anonymous inode interface
> > Teach SELinux about anonymous inodes
> > Wire UFFD up to SELinux
> >
> > fs/anon_inodes.c
On Thu, Jun 4, 2020 at 11:28 AM Casey Schaufler wrote:
>
> On 6/4/2020 5:45 AM, Stephen Smalley wrote:
> > On Wed, Jun 3, 2020 at 6:39 PM Casey Schaufler
> > wrote:
> >> On 6/3/2020 3:12 PM, James Morris wrote:
> >>> On Wed, 3 Jun 2020, Casey Schaufler
On Wed, Jun 3, 2020 at 6:39 PM Casey Schaufler wrote:
>
> On 6/3/2020 3:12 PM, James Morris wrote:
> > On Wed, 3 Jun 2020, Casey Schaufler wrote:
> >
> >> The use of security modules was expected to be rare.
> > This is not correct. Capabilities were ported to LSM and stacked from the
> >
On Fri, May 15, 2020 at 12:45 PM David Howells wrote:
> I can go back to the enum patch for the moment if you and Casey can put up
> with that for the moment?
Yes, let's do that.
On Thu, May 14, 2020 at 12:59 PM David Howells wrote:
>
> How about this then?
>
> David
> ---
> commit fa37b6c7e2f86d16ede1e0e3cb73857152d51825
> Author: David Howells
> Date: Thu May 14 17:48:55 2020 +0100
>
> keys: Move permissions checking decisions into the checking code
>
>
On Thu, May 14, 2020 at 11:45 AM Kees Cook wrote:
>
> On Thu, May 14, 2020 at 08:22:01AM -0400, Stephen Smalley wrote:
> > On Wed, May 13, 2020 at 11:05 PM Kees Cook wrote:
> > >
> > > On Wed, May 13, 2020 at 04:27:39PM -0700, Kees Cook wrote:
> > > >
On Thu, May 14, 2020 at 10:41 AM Kees Cook wrote:
>
> On Thu, May 14, 2020 at 08:22:01AM -0400, Stephen Smalley wrote:
> > On Wed, May 13, 2020 at 11:05 PM Kees Cook wrote:
> > >
> > > On Wed, May 13, 2020 at 04:27:39PM -0700, Kees Cook wrote:
> > > >
On Thu, May 14, 2020 at 8:08 AM Stephen Smalley
wrote:
>
> On Wed, May 13, 2020 at 7:13 PM David Howells wrote:
> >
> > Stephen Smalley wrote:
> >
> > > > (3) An override due to CAP_SYS_ADMIN.
> > >
> > > CAP_SYS_ADM
On Wed, May 13, 2020 at 11:05 PM Kees Cook wrote:
>
> On Wed, May 13, 2020 at 04:27:39PM -0700, Kees Cook wrote:
> > Like, couldn't just the entire thing just be:
> >
> > diff --git a/fs/namei.c b/fs/namei.c
> > index a320371899cf..0ab18e19f5da 100644
> > --- a/fs/namei.c
> > +++ b/fs/namei.c
> >
On Wed, May 13, 2020 at 7:13 PM David Howells wrote:
>
> Stephen Smalley wrote:
>
> > > (3) An override due to CAP_SYS_ADMIN.
> >
> > CAP_SYS_ADMIN should never skip SELinux checking. Even for Smack,
> > there is a separate capability (CAP_MAC_ADMIN) for t
On Tue, May 5, 2020 at 11:33 AM Mickaël Salaün wrote:
>
> Enable to forbid access to files open with O_MAYEXEC. Thanks to the
> noexec option from the underlying VFS mount, or to the file execute
> permission, userspace can enforce these execution policies. This may
> allow script interpreters
On Tue, May 12, 2020 at 6:33 PM David Howells wrote:
>
> Since the meaning of combining the KEY_NEED_* constants is undefined, make
> it so that you can't do that by turning them into an enum.
>
> The enum is also given some extra values to represent special
> circumstances, such as:
>
> (1) The
On Mon, Apr 27, 2020 at 12:48 PM Stephen Smalley
wrote:
>
> On Mon, Apr 27, 2020 at 12:19 PM Casey Schaufler
> wrote:
> >
> > On 4/23/2020 3:24 PM, Casey Schaufler wrote:
> > > On 4/22/2020 10:12 AM, Casey Schaufler wrote:
> > >> On 4/22/2020 9:55 AM,
On 10/14/19 1:03 PM, Joel Fernandes (Google) wrote:
In current mainline, the degree of access to perf_event_open(2) system
call depends on the perf_event_paranoid sysctl. This has a number of
limitations:
1. The sysctl is only a single value. Many types of accesses are controlled
based on
previously exist.
Signed-off-by: David Howells
Acked-by: Stephen Smalley
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 74dd46de01b6..88df06969bed 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6533,6 +6533,17 @@ static int
On 7/31/19 8:27 PM, Paul Moore wrote:
On Wed, Jul 31, 2019 at 1:26 PM Casey Schaufler wrote:
On 7/31/2019 8:34 AM, Aaron Goidel wrote:
As of now, setting watches on filesystem objects has, at most, applied a
check for read access to the inode, and in the case of fanotify, requires
On 7/10/19 12:38 PM, Casey Schaufler wrote:
On 7/10/2019 6:34 AM, Aaron Goidel wrote:
As of now, setting watches on filesystem objects has, at most, applied a
check for read access to the inode, and in the case of fanotify, requires
CAP_SYS_ADMIN. No specific security hook or permission check
a watch imply the
ability to receive all notifications for the watched object. Aside from
friendliness to application developers, the latter also yields stable,
sane policy and better performance.
Signed-off-by: David Howells
cc: Casey Schaufler
cc: Stephen Smalley
cc: linux-security-mod
On 6/27/19 2:06 PM, James Morris wrote:
On Thu, 27 Jun 2019, Stephen Smalley wrote:
There are two scenarios where finer-grained distinctions make sense:
- Users may need to enable specific functionality that falls under the
umbrella of "confidentiality" or "integrity" lock
1 - 100 of 1023 matches
Mail list logo