Author: arekm Date: Wed Aug 4 13:00:07 2010 GMT Module: packages Tag: LINUX_2_6_34 ---- Log message: - updated apparmor to v2.6
---- Files affected: packages/kernel: kernel-apparmor.patch (1.7 -> 1.7.2.1) , kernel.spec (1.798.2.1 -> 1.798.2.2) ---- Diffs: ================================================================ Index: packages/kernel/kernel-apparmor.patch diff -u packages/kernel/kernel-apparmor.patch:1.7 packages/kernel/kernel-apparmor.patch:1.7.2.1 --- packages/kernel/kernel-apparmor.patch:1.7 Tue Mar 16 22:15:38 2010 +++ packages/kernel/kernel-apparmor.patch Wed Aug 4 15:00:02 2010 @@ -1,31 +1,229 @@ -diff --git a/include/linux/audit.h b/include/linux/audit.h -index 3c7a358..a1db25b 100644 ---- a/include/linux/audit.h -+++ b/include/linux/audit.h -@@ -33,7 +33,7 @@ - * 1200 - 1299 messages internal to the audit daemon - * 1300 - 1399 audit event messages - * 1400 - 1499 SE Linux use -- * 1500 - 1599 kernel LSPP events -+ * 1500 - 1599 AppArmor use - * 1600 - 1699 kernel crypto events - * 1700 - 1799 kernel anomaly records - * 1800 - 1899 kernel integrity events -@@ -122,6 +122,14 @@ - #define AUDIT_MAC_UNLBL_STCADD 1416 /* NetLabel: add a static label */ - #define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */ +From 98dccdc158c804029036d76aef8352c7e00d00f4 Mon Sep 17 00:00:00 2001 +From: John Johansen <[email protected]> +Date: Tue, 3 Aug 2010 10:57:00 -0700 +Subject: [PATCH] AppArmor: security module v2.6 + compat patches as of 29-07-2010 (security-next) + +AppArmor v2.6 module as synced to security-next 29-07-2010 backported to +2.6.34 + AppArmor 2.4 compatibility patches. + +Signed-off-by: John Johansen <[email protected]> +--- + Documentation/apparmor.txt | 40 + + Documentation/kernel-parameters.txt | 8 + + MAINTAINERS | 8 + + include/linux/lsm_audit.h | 31 + + security/Kconfig | 6 + + security/Makefile | 2 + + security/apparmor/.gitignore | 5 + + security/apparmor/Kconfig | 40 + + security/apparmor/Makefile | 30 + + security/apparmor/apparmorfs-24.c | 287 +++++++ + security/apparmor/apparmorfs.c | 253 ++++++ + security/apparmor/audit.c | 215 ++++++ + security/apparmor/capability.c | 141 ++++ + security/apparmor/context.c | 216 ++++++ + security/apparmor/domain.c | 823 ++++++++++++++++++++ + security/apparmor/file.c | 457 +++++++++++ + security/apparmor/include/apparmor.h | 92 +++ + security/apparmor/include/apparmorfs.h | 26 + + security/apparmor/include/audit.h | 129 ++++ + security/apparmor/include/capability.h | 45 ++ + security/apparmor/include/context.h | 154 ++++ + security/apparmor/include/domain.h | 36 + + security/apparmor/include/file.h | 217 ++++++ + security/apparmor/include/ipc.h | 28 + + security/apparmor/include/match.h | 132 ++++ + security/apparmor/include/net.h | 40 + + security/apparmor/include/path.h | 31 + + security/apparmor/include/policy.h | 308 ++++++++ + security/apparmor/include/policy_unpack.h | 20 + + security/apparmor/include/procattr.h | 26 + + security/apparmor/include/resource.h | 46 ++ + security/apparmor/include/sid.h | 24 + + security/apparmor/ipc.c | 114 +++ + security/apparmor/lib.c | 133 ++++ + security/apparmor/lsm.c | 1051 +++++++++++++++++++++++++ + security/apparmor/match.c | 370 +++++++++ + security/apparmor/net.c | 169 ++++ + security/apparmor/path.c | 235 ++++++ + security/apparmor/policy.c | 1185 +++++++++++++++++++++++++++++ + security/apparmor/policy_unpack.c | 740 ++++++++++++++++++ + security/apparmor/procattr.c | 170 ++++ + security/apparmor/resource.c | 134 ++++ + security/apparmor/sid.c | 55 ++ + 43 files changed, 8272 insertions(+), 0 deletions(-) + create mode 100644 Documentation/apparmor.txt + create mode 100644 security/apparmor/.gitignore + create mode 100644 security/apparmor/Kconfig + create mode 100644 security/apparmor/Makefile + create mode 100644 security/apparmor/apparmorfs-24.c + create mode 100644 security/apparmor/apparmorfs.c + create mode 100644 security/apparmor/audit.c + create mode 100644 security/apparmor/capability.c + create mode 100644 security/apparmor/context.c + create mode 100644 security/apparmor/domain.c + create mode 100644 security/apparmor/file.c + create mode 100644 security/apparmor/include/apparmor.h + create mode 100644 security/apparmor/include/apparmorfs.h + create mode 100644 security/apparmor/include/audit.h + create mode 100644 security/apparmor/include/capability.h + create mode 100644 security/apparmor/include/context.h + create mode 100644 security/apparmor/include/domain.h + create mode 100644 security/apparmor/include/file.h + create mode 100644 security/apparmor/include/ipc.h + create mode 100644 security/apparmor/include/match.h + create mode 100644 security/apparmor/include/net.h + create mode 100644 security/apparmor/include/path.h + create mode 100644 security/apparmor/include/policy.h + create mode 100644 security/apparmor/include/policy_unpack.h + create mode 100644 security/apparmor/include/procattr.h + create mode 100644 security/apparmor/include/resource.h + create mode 100644 security/apparmor/include/sid.h + create mode 100644 security/apparmor/ipc.c + create mode 100644 security/apparmor/lib.c + create mode 100644 security/apparmor/lsm.c + create mode 100644 security/apparmor/match.c + create mode 100644 security/apparmor/net.c + create mode 100644 security/apparmor/path.c + create mode 100644 security/apparmor/policy.c + create mode 100644 security/apparmor/policy_unpack.c + create mode 100644 security/apparmor/procattr.c + create mode 100644 security/apparmor/resource.c + create mode 100644 security/apparmor/sid.c + +diff --git a/Documentation/apparmor.txt b/Documentation/apparmor.txt +new file mode 100644 +index 0000000..6240438 +--- /dev/null ++++ b/Documentation/apparmor.txt +@@ -0,0 +1,40 @@ ++--- What is AppArmor? --- ++ ++AppArmor is MAC style security extension for the Linux kernel. It implements ++a task centered policy, with task "profiles" being created and loaded ++from user space. Tasks on the system that do not have a profile defined for ++them run in an unconfined state which is equivalent to standard Linux DAC ++permissions. ++ ++--- How to enable/disable --- ++ ++set CONFIG_SECURITY_APPARMOR=y ++ ++If AppArmor should be selected as the default security module then ++ set CONFIG_DEFAULT_SECURITY="apparmor" ++ and CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 ++ ++Build the kernel ++ ++If AppArmor is not the default security module it can be enabled by passing ++security=apparmor on the kernel's command line. ++ ++If AppArmor is the default security module it can be disabled by passing ++apparmor=0, security=XXXX (where XXX is valid security module), on the ++kernel's command line ++ ++For AppArmor to enforce any restrictions beyond standard Linux DAC permissions ++policy must be loaded into the kernel from user space (see the Documentation ++and tools links). ++ ++--- Documentation --- ++ ++Documentation can be found on the wiki. ++ ++--- Links --- ++ ++Mailing List - [email protected] ++Wiki - http://apparmor.wiki.kernel.org/ ++User space tools - https://launchpad.net/apparmor ++Kernel module - git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git ++ +diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt +index 839b21b..66c729e 100644 +--- a/Documentation/kernel-parameters.txt ++++ b/Documentation/kernel-parameters.txt +@@ -92,6 +92,7 @@ parameter is applicable: + Documentation/scsi/. + SECURITY Different security models are enabled. + SELINUX SELinux support is enabled. ++ APPARMOR AppArmor support is enabled. + SERIAL Serial support is enabled. + SH SuperH architecture is enabled. + SMP The kernel is an SMP kernel. +@@ -2278,6 +2279,13 @@ and is between 256 and 4096 characters. It is defined in the file + If enabled at boot time, /selinux/disable can be used + later to disable prior to initial policy load. -+#define AUDIT_APPARMOR_AUDIT 1501 /* AppArmor audited grants */ -+#define AUDIT_APPARMOR_ALLOWED 1502 /* Allowed Access for learning */ -+#define AUDIT_APPARMOR_DENIED 1503 -+#define AUDIT_APPARMOR_HINT 1504 /* Process Tracking information */ -+#define AUDIT_APPARMOR_STATUS 1505 /* Changes in config */ -+#define AUDIT_APPARMOR_ERROR 1506 /* Internal AppArmor Errors */ -+#define AUDIT_APPARMOR_KILL 1507 /* AppArmor killing processes */ -+ - #define AUDIT_FIRST_KERN_ANOM_MSG 1700 - #define AUDIT_LAST_KERN_ANOM_MSG 1799 - #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ ++ apparmor= [APPARMOR] Disable or enable AppArmor at boot time ++ Format: { "0" | "1" } ++ See security/apparmor/Kconfig help text ++ 0 -- disable. ++ 1 -- enable. ++ Default value is set via kernel config option. ++ + serialnumber [BUGS=X86-32] + + shapers= [NET] +diff --git a/MAINTAINERS b/MAINTAINERS +index d329b05..5ce2926 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -4961,6 +4961,14 @@ S: Supported + F: include/linux/selinux* + F: security/selinux/ + ++APPARMOR SECURITY MODULE ++M: John Johansen <[email protected]> ++L: [email protected] (subscribers-only, general discussion) ++W: apparmor.wiki.kernel.org ++T: git git://git.kernel.org/pub/scm/linux/kernel/git/jj/apparmor-dev.git ++S: Supported ++F: security/apparmor/ ++ + SENSABLE PHANTOM + M: Jiri Slaby <[email protected]> + S: Maintained +diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h +index f78f83d..183ae04 100644 +--- a/include/linux/lsm_audit.h ++++ b/include/linux/lsm_audit.h +@@ -94,6 +94,37 @@ struct common_audit_data { + int result; + } selinux_audit_data; + #endif ++#ifdef CONFIG_SECURITY_APPARMOR ++ struct { ++ int error; ++ int op; ++ int type; ++ void *profile; ++ const char *name; ++ const char *info; ++ union { ++ void *target; ++ struct { ++ long pos; ++ void *target; ++ } iface; ++ struct { ++ int rlim; ++ unsigned long max; ++ } rlim; ++ struct { ++ const char *target; ++ u32 request; ++ u32 denied; ++ uid_t ouid; ++ } fs; ++ struct { ++ int type, protocol; ++ struct sock *sk; ++ } net; ++ }; ++ } apparmor_audit_data; ++#endif + }; + /* these callback will be implemented by a specific LSM */ + void (*lsm_pre_audit)(struct audit_buffer *, void *); diff --git a/security/Kconfig b/security/Kconfig index 226b955..bd72ae6 100644 --- a/security/Kconfig @@ -97,7 +295,7 @@ +capability_names.h diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig new file mode 100644 -index 0000000..5c57df7 +index 0000000..fdf3022 --- /dev/null +++ b/security/apparmor/Kconfig @@ -0,0 +1,40 @@ @@ -113,7 +311,7 @@ + This enables the AppArmor security module. + Required userspace tools (if they are not included in your + distribution) and further information may be found at -+ <http://forge.novell.com/modules/xfmod/project/?apparmor> ++ http://apparmor.wiki.kernel.org + + If you are unsure how to answer this question, answer N. + @@ -127,9 +325,9 @@ + 'apparmor', which allows AppArmor to be enabled or disabled + at boot. If this option is set to 0 (zero), the AppArmor + kernel parameter will default to 0, disabling AppArmor at -+ bootup. If this option is set to 1 (one), the AppArmor ++ boot. If this option is set to 1 (one), the AppArmor + kernel parameter will default to 1, enabling AppArmor at -+ bootup. ++ boot. + + If you are unsure how to answer this question, answer 1. + @@ -143,10 +341,10 @@ + is desired. diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile new file mode 100644 -index 0000000..554cba7 +index 0000000..e5e8968 --- /dev/null +++ b/security/apparmor/Makefile -@@ -0,0 +1,24 @@ +@@ -0,0 +1,30 @@ +# Makefile for AppArmor Linux Security Module +# +obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o @@ -165,18 +363,24 @@ +quiet_cmd_make-af = GEN $@ +cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ; sed -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e "s/^\#define[ \\t]\\+AF_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ + ++quiet_cmd_make-rlim = GEN $@ ++cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ; sed -n --e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+RLIMIT_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ ; echo "static const int rlim_map[] = {" >> $@ ; sed -n -e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+\\(RLIMIT_[A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/\\1,/p" $< >> $@ ; echo "};" >> $@ ++ +$(obj)/capability.o : $(obj)/capability_names.h +$(obj)/net.o : $(obj)/af_names.h ++$(obj)/resource.o : $(obj)/rlim_names.h +$(obj)/capability_names.h : $(srctree)/include/linux/capability.h + $(call cmd,make-caps) +$(obj)/af_names.h : $(srctree)/include/linux/socket.h + $(call cmd,make-af) ++$(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h ++ $(call cmd,make-rlim) diff --git a/security/apparmor/apparmorfs-24.c b/security/apparmor/apparmorfs-24.c new file mode 100644 -index 0000000..f64aae8 +index 0000000..dc8c744 --- /dev/null +++ b/security/apparmor/apparmorfs-24.c -@@ -0,0 +1,61 @@ +@@ -0,0 +1,287 @@ +/* + * AppArmor security module + * @@ -238,207 +442,6 @@ +const struct file_operations aa_fs_features_fops = { + .read = aa_features_read, +}; -diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c -new file mode 100644 -index 0000000..89a26a0 ---- /dev/null -+++ b/security/apparmor/apparmorfs.c -@@ -0,0 +1,561 @@ -+/* -+ * AppArmor security module -+ * -+ * This file contains AppArmor /sys/kernel/security/apparmor interface functions -+ * -+ * Copyright (C) 1998-2008 Novell/SUSE -+ * Copyright 2009-2010 Canonical Ltd. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License as -+ * published by the Free Software Foundation, version 2 of the -+ * License. -+ */ -+ -+#include <linux/security.h> -+#include <linux/vmalloc.h> -+#include <linux/module.h> -+#include <linux/seq_file.h> -+#include <linux/uaccess.h> -+#include <linux/namei.h> -+ -+#include "include/apparmor.h" -+#include "include/apparmorfs.h" -+#include "include/audit.h" -+#include "include/context.h" -+#include "include/policy.h" -+ -+/** -+ * kvmalloc - do allocation prefering kmalloc but falling back to vmalloc -+ * @size: size of allocation -+ * -+ * Return: allocated buffer or NULL if failed -+ * -+ * It is possible that policy being loaded from the user is larger than -+ * what can be allocated by kmalloc, in those cases fall back to vmalloc. -+ */ -+static void *kvmalloc(size_t size) -+{ -+ void *buffer; -+ -+ if (size == 0) -+ return NULL; -+ -+ buffer = kmalloc(size, GFP_KERNEL); -+ if (!buffer) -+ buffer = vmalloc(size); -+ return buffer; -+} -+ -+/** -+ * kvfree - free an allocation do by kvmalloc -+ * @buffer: buffer to free -+ * -+ * Free a buffer allocated by kvmalloc -+ */ -+static void kvfree(void *buffer) -+{ -+ if (!buffer) -+ return; -+ -+ if (is_vmalloc_addr(buffer)) -+ vfree(buffer); -+ else -+ kfree(buffer); -+} -+ -+/** -+ * aa_simple_write_to_buffer - common routine for getting policy from user -+ * @userbuf: user buffer to copy data from (NOT NULL) -+ * @alloc_size: size of user buffer -+ * @copy_size: size of data to copy from user buffer -+ * @pos: position write is at in the file -+ * @operation: name of operation doing the user buffer copy (NOT NULL) -+ * -+ * Returns: kernel buffer containing copy of user buffer data or an -+ * ERR_PTR on failure. -+ */ -+static char *aa_simple_write_to_buffer(const char __user *userbuf, -+ size_t alloc_size, size_t copy_size, -+ loff_t *pos, const char *operation) -+{ -+ char *data; -+ -+ if (*pos != 0) { -+ /* only writes from pos 0, that is complete writes */ -+ data = ERR_PTR(-ESPIPE); -+ goto out; -+ } -+ -+ /* -+ * Don't allow profile load/replace/remove from profiles that don't -+ * have CAP_MAC_ADMIN -+ */ -+ if (!capable(CAP_MAC_ADMIN)) { -+ struct aa_profile *profile = NULL; -+ struct aa_audit sa = { -+ .operation = operation, -+ .gfp_mask = GFP_KERNEL, -+ .error = -EACCES, -+ }; -+ profile = aa_current_profile(); -+ data = ERR_PTR(aa_audit(AUDIT_APPARMOR_DENIED, profile, &sa, -+ NULL)); -+ goto out; -+ } -+ /* freed by caller to aa_simple_write_to_buffer */ -+ data = kvmalloc(alloc_size); -+ if (data == NULL) { -+ data = ERR_PTR(-ENOMEM); -+ goto out; -+ } -+ -+ if (copy_from_user(data, userbuf, copy_size)) { -+ kvfree(data); -+ data = ERR_PTR(-EFAULT); -+ goto out; -+ } -+ -+out: -+ return data; -+} -+ -+ -+/* .load file hook fn to load policy */ -+static ssize_t aa_profile_load(struct file *f, const char __user *buf, -+ size_t size, loff_t *pos) -+{ -+ char *data; -+ ssize_t error; -+ -+ data = aa_simple_write_to_buffer(buf, size, size, pos, "profile_load"); -+ -+ error = PTR_ERR(data); -+ if (!IS_ERR(data)) { -+ error = aa_interface_replace_profiles(data, size, 1); -+ kvfree(data); -+ } -+ -+ return error; -+} -+ -+static const struct file_operations aa_fs_profile_load = { -+ .write = aa_profile_load -+}; -+ -+/* .replace file hook fn to load and/or replace policy */ -+static ssize_t aa_profile_replace(struct file *f, const char __user *buf, -+ size_t size, loff_t *pos) -+{ -+ char *data; -+ ssize_t error; -+ -+ data = aa_simple_write_to_buffer(buf, size, size, pos, -+ "profile_replace"); -+ error = PTR_ERR(data); -+ if (!IS_ERR(data)) { -+ error = aa_interface_replace_profiles(data, size, 0); -+ kvfree(data); -+ } -+ -+ return error; -+} -+ -+static const struct file_operations aa_fs_profile_replace = { -+ .write = aa_profile_replace -+}; -+ -+/* .remove file hook fn to remove loaded policy */ -+static ssize_t aa_profile_remove(struct file *f, const char __user *buf, -+ size_t size, loff_t *pos) -+{ -+ char *data; -+ ssize_t error; -+ -+ /* -+ * aa_remove_profile needs a null terminated string so 1 extra -+ * byte is allocated and the copied data is null terminated. -+ */ -+ data = aa_simple_write_to_buffer(buf, size + 1, size, pos, -+ "profile_remove"); -+ -+ error = PTR_ERR(data); -+ if (!IS_ERR(data)) { -+ data[size] = 0; -+ error = aa_interface_remove_profiles(data, size); -+ kvfree(data); -+ } -+ -+ return error; -+} -+ -+static const struct file_operations aa_fs_profile_remove = { -+ .write = aa_profile_remove -+}; -+ + +/** + * __next_namespace - find the next namespace to list @@ -488,8 +491,8 @@ + * + * Returns: unrefcounted profile or NULL if no profile + */ -+ static struct aa_profile *__first_profile(struct aa_namespace *root, -+ struct aa_namespace *ns) ++static struct aa_profile *__first_profile(struct aa_namespace *root, ++ struct aa_namespace *ns) +{ + for ( ; ns; ns = __next_namespace(root, ns)) { + if (!list_empty(&ns->base.profiles)) @@ -623,27 +626,7 @@ +} + +/** -+ * print_ns_name - print a namespace name back to @root -+ * @root: root namespace to stop at -+ * @ns: namespace to gen name for -+ * -+ * Returns: true if it printed a name -+ */ -+static bool print_ns_name(struct seq_file *f, struct aa_namespace *root, -+ struct aa_namespace *ns) -+{ -+ if (!ns || ns == root) -+ return 0; -+ -+ if (ns->parent && print_ns_name(f, root, ns->parent)) -+ seq_printf(f, "//"); -+ -+ seq_printf(f, "%s", ns->base.name); -+ return 1; -+} -+ -+/** -+ * seq_show_profile - ++ * seq_show_profile - show a profile entry + * @f: seq_file to file + * @p: current position (profile) (NOT NULL) + * @@ -655,9 +638,7 @@ + struct aa_namespace *root = f->private; + + if (profile->ns != root) -+ seq_printf(f, ":"); -+ if (print_ns_name(f, root, profile->ns)) -+ seq_printf(f, "://"); ++ seq_printf(f, ":%s://", aa_ns_name(root, profile->ns)); + seq_printf(f, "%s (%s)\n", profile->base.hname, + COMPLAIN_MODE(profile) ? "complain" : "enforce"); + @@ -671,31 +652,172 @@ + .show = seq_show_profile, +}; + -+static int aa_profiles_open(struct inode *inode, struct file *file) ++static int profiles_open(struct inode *inode, struct file *file) <<Diff was trimmed, longer than 597 lines>> ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-apparmor.patch?r1=1.7&r2=1.7.2.1&f=u http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel.spec?r1=1.798.2.1&r2=1.798.2.2&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
