On Oct 9, 2024 Casey Schaufler wrote:
>
> There may be more than one LSM that provides IPC data for auditing.
> Change security_ipc_getsecid() to fill in a lsm_prop structure instead
> of the u32 secid. Change the name to security_ipc_getlsmprop() to
> reflect the change.
>
> Signed-off-by: Ca
On Thu, Oct 10, 2024 at 9:20 PM Paul Moore wrote:
> On Oct 10, 2024 =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?=
> wrote:
> >
> > Use the new inode_get_ino() helper to log the user space's view of
> > inode's numbers instead of the private kernel values.
> >
> > Cc: Paul Moore
> > Cc: Eric Paris
> >
On Oct 10, 2024 =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= wrote:
>
> Use the new inode_get_ino() helper to log the user space's view of
> inode's numbers instead of the private kernel values.
>
> Cc: Mimi Zohar
> Cc: Roberto Sassu
> Cc: Dmitry Kasatkin
> Cc: Eric Snowberg
> Signed-off-by: Micka
On Oct 10, 2024 =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= wrote:
>
> Use the new inode_get_ino() helper to log the user space's view of
> inode's numbers instead of the private kernel values.
>
> Cc: Paul Moore
> Cc: Stephen Smalley
> Cc: Ondrej Mosnacek
> Signed-off-by: Mickaël Salaün
> ---
>
On Oct 10, 2024 =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= wrote:
>
> Use the new inode_get_ino() helper to log the user space's view of
> inode's numbers instead of the private kernel values.
>
> Cc: Paul Moore
> Cc: Eric Paris
> Signed-off-by: Mickaël Salaün
> ---
> security/lsm_audit.c | 10 +
Am Donnerstag, 10. Oktober 2024, 21:09:31 CEST schrieb Paul Moore:
> However, as part of that commit we also dropped a number of fields
> because it wasn't clear that anyone cared about them and if we were
> going to (re)normalize the NETFILTER_PKT record we figured it would be
> best to start smal
On Thu, 2024-10-10 at 17:26 +0200, Mickaël Salaün wrote:
> When a filesystem manages its own inode numbers, like NFS's fileid
> shown
> to user space with getattr(), other part of the kernel may still
> expose
> the private inode->ino through kernel logs and audit.
>
> Another issue is on 32-bit a
On Thu, Oct 10, 2024 at 2:24 AM Richard Weinberger
wrote:
> Am Donnerstag, 10. Oktober 2024, 00:02:44 CEST schrieb Paul Moore:
> > [CC'ing the audit and LSM lists for obvious reasons]
> >
> > If we're logging the subjective credentials of the skb's associated
> > socket, we really should also log
Hi Mickaël,
On 10/10/24 11:26 AM, Mickaël Salaün wrote:
> When a filesystem manages its own inode numbers, like NFS's fileid shown
> to user space with getattr(), other part of the kernel may still expose
> the private inode->ino through kernel logs and audit.
>
> Another issue is on 32-bit archi
Acked-by: Fan Wu
On 10/10/2024 8:26 AM, Mickaël Salaün wrote:
Use the new inode_get_ino() helper to log the user space's view of
inode's numbers instead of the private kernel values.
Cc: Fan Wu
Signed-off-by: Mickaël Salaün
---
security/ipe/audit.c | 2 +-
1 file changed, 1 insertion(+),
On 10/10/2024 8:26 AM, Mickaël Salaün wrote:
> Use the new inode_get_ino() helper to log the user space's view of
> inode's numbers instead of the private kernel values.
>
> Cc: Casey Schaufler
> Signed-off-by: Mickaël Salaün
Acked-by: Casey Schaufler
> ---
> security/smack/smack_lsm.c | 24 +
Use the new inode_get_ino() helper to log the user space's view of
inode's numbers instead of the private kernel values.
Cc: Mimi Zohar
Cc: Roberto Sassu
Cc: Dmitry Kasatkin
Cc: Eric Snowberg
Signed-off-by: Mickaël Salaün
---
security/integrity/integrity_audit.c | 2 +-
1 file changed, 1 ins
Use the new inode_get_ino() helper to log the user space's view of
inode's numbers instead of the private kernel values.
Cc: Paul Moore
Cc: Eric Paris
Signed-off-by: Mickaël Salaün
---
security/lsm_audit.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/security/
Use the new inode_get_ino() helper to log the user space's view of
inode's numbers instead of the private kernel values.
Cc: Casey Schaufler
Signed-off-by: Mickaël Salaün
---
security/smack/smack_lsm.c | 24
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git
Use the new inode_get_ino() helper to log the user space's view of
inode's numbers instead of the private kernel values.
Cc: Kentaro Takeda
Cc: Tetsuo Handa
Signed-off-by: Mickaël Salaün
---
Because of the required type changes, there might be some side effects.
Please review carefully.
---
s
Use the new inode_get_ino() helper to log the user space's view of
inode's numbers instead of the private kernel values.
Cc: Fan Wu
Signed-off-by: Mickaël Salaün
---
security/ipe/audit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/ipe/audit.c b/security/ipe/audi
When a filesystem manages its own inode numbers, like NFS's fileid shown
to user space with getattr(), other part of the kernel may still expose
the private inode->ino through kernel logs and audit.
Another issue is on 32-bit architectures, on which ino_t is 32 bits,
whereas the user space's view
Use the new inode_get_ino() helper to log the user space's view of
inode's numbers instead of the private kernel values.
Cc: Paul Moore
Cc: Stephen Smalley
Cc: Ondrej Mosnacek
Signed-off-by: Mickaël Salaün
---
security/selinux/hooks.c | 14 +++---
1 file changed, 7 insertions(+), 7 de
18 matches
Mail list logo
