Re: audit-ptrace patch (untested)

it to Linus ? (I could, but it's a large patch for a bugfix and he'd probably be happier seeing it from you at this point in the development cycle). Acked-by: James Morris [EMAIL PROTECTED] diff --git a/fs/proc/base.c b/fs/proc/base.c index 4f5745a..6bbfe91 100644 --- a/fs/proc/base.c

Re: [PATCH] make xfrm_audit_log more generic

-- James Morris [EMAIL PROTECTED] -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH]: revised make xfrm_audit_log more generic patch

existing audit apps. This is a small change to accomodate updating ipsec protocol to RFCs 4301, 4302 and 4303 which require auditing some ipsec events if auditing is available. Please let me know if ok. Regards, Joy Signed-off-by: Joy Latten [EMAIL PROTECTED] Acked-by: James Morris

Re: [PATCH 1/3] XFRM: Assorted IPsec fixups

on software development * Proper spacing around commas in function arguments Minor style tweak since I was already touching the code Signed-off-by: Paul Moore [EMAIL PROTECTED] Acked-by: James Morris [EMAIL PROTECTED] --- include/net/xfrm.h | 14 ++--- net/xfrm

Re: [PATCH 2/9] SELinux: setup new inode/ipc getsecid hooks

On Sat, 1 Mar 2008, Ahmed S. Darwish wrote: Setup the new inode_getsecid and ipc_getsecid() LSM hooks for SELinux. Signed-off-by: Casey Schaufler [EMAIL PROTECTED] Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED] Acked-by: James Morris [EMAIL PROTECTED] -- James Morris [EMAIL

Re: [PATCH 3/9] Audit: use new LSM hooks instead of SELinux exports

Schaufler [EMAIL PROTECTED] Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED] Acked-by: James Morris [EMAIL PROTECTED] -- James Morris [EMAIL PROTECTED] -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH 4/9] Netlink: Use generic LSM hook

On Sat, 1 Mar 2008, Ahmed S. Darwish wrote: Don't use SELinux exported selinux_get_task_sid symbol. Use the generic LSM equivalent instead. Signed-off-by: Casey Schaufler [EMAIL PROTECTED] Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED] Acked-by: James Morris [EMAIL PROTECTED

Re: [PATCH 5/9] SELinux: remove redundant exports

Morris [EMAIL PROTECTED] -- James Morris [EMAIL PROTECTED] -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH 6/9] LSM/Audit: Introduce generic Audit LSM hooks

hooks are only available if CONFIG_AUDIT is enabled. Signed-off-by: Casey Schaufler [EMAIL PROTECTED] Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED] Acked-by: James Morris [EMAIL PROTECTED] -- James Morris [EMAIL PROTECTED] -- Linux-audit mailing list Linux-audit@redhat.com https

Re: [PATCH 7/9] Audit: internally use the new LSM audit hooks

) : selinux_audit_rule_init selinux_audit_rule_free audit_rule_has_selinux selinux_audit_rule_match Signed-off-by: Casey Schaufler [EMAIL PROTECTED] Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED] Acked-by: James Morris [EMAIL PROTECTED] -- James Morris [EMAIL PROTECTED] -- Linux-audit mailing

Re: [PATCH 8/9] SELinux: use new audit hooks, remove redundant exports

'audit_rule_known'. Signed-off-by: Casey Schaufler [EMAIL PROTECTED] Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED] Acked-by: James Morris [EMAIL PROTECTED] -- James Morris [EMAIL PROTECTED] -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH 9/9] Audit: Final renamings and cleanup

On Sat, 1 Mar 2008, Ahmed S. Darwish wrote: Rename the se_str and se_rule audit fields elements to lsm_str and lsm_rule to avoid confusion. Signed-off-by: Casey Schaufler [EMAIL PROTECTED] Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED] Acked-by: James Morris [EMAIL PROTECTED

Re: [PATCH 1/9] LSM: Introduce inode_getsecid and ipc_getsecid hooks

is not defined or if the hook is set to NULL (dummy). This is done to notify the caller that no valid secid exists. Signed-off-by: Casey Schaufler [EMAIL PROTECTED] Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED] Acked-by: James Morris [EMAIL PROTECTED] -- James Morris [EMAIL PROTECTED

Re: [PATCH 7/9] Audit: internally use the new LSM audit hooks

work. -- James Morris [EMAIL PROTECTED] -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH 7/9] Audit: internally use the new LSM audit hooks

of Al Viro (cc'd, who possibly should also be added to the MAINTAINERS entry for audit). - James -- James Morris [EMAIL PROTECTED] -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

[PATCH 01/12] LSM: Introduce inode_getsecid and ipc_getsecid hooks

or if the hook is set to NULL (dummy). This is done to notify the caller that no valid secid exists. Signed-off-by: Casey Schaufler [EMAIL PROTECTED] Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED] Acked-by: James Morris [EMAIL PROTECTED] Reviewed-by: Paul Moore [EMAIL PROTECTED] --- include/linux

[PATCH 02/12] SELinux: setup new inode/ipc getsecid hooks

From: Ahmed S. Darwish [EMAIL PROTECTED] Setup the new inode_getsecid and ipc_getsecid() LSM hooks for SELinux. Signed-off-by: Casey Schaufler [EMAIL PROTECTED] Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED] Acked-by: James Morris [EMAIL PROTECTED] Reviewed-by: Paul Moore [EMAIL PROTECTED

Security testing tree patch review for 2.6.26

security= boot parameter James Morris (2): Tell git about security/selinux/include/audit.h security: fix up documentation for security_module_enable Documentation/kernel-parameters.txt |6 ++ include/linux/audit.h | 29 include/linux/security.h| 114

[PATCH 06/12] LSM/Audit: Introduce generic Audit LSM hooks

available if CONFIG_AUDIT is enabled. Signed-off-by: Casey Schaufler [EMAIL PROTECTED] Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED] Acked-by: James Morris [EMAIL PROTECTED] Reviewed-by: Paul Moore [EMAIL PROTECTED] --- include/linux/security.h | 72

[PATCH 08/12] SELinux: use new audit hooks, remove redundant exports

'. Signed-off-by: Casey Schaufler [EMAIL PROTECTED] Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED] Acked-by: James Morris [EMAIL PROTECTED] --- include/linux/audit.h | 29 include/linux/selinux.h| 72 kernel/audit.h

[PATCH 10/12] Tell git about security/selinux/include/audit.h

Signed-off-by: James Morris [EMAIL PROTECTED] --- security/selinux/include/audit.h | 65 ++ 1 files changed, 65 insertions(+), 0 deletions(-) create mode 100644 security/selinux/include/audit.h diff --git a/security/selinux/include/audit.h b/security

[PATCH 07/12] Audit: internally use the new LSM audit hooks

) : selinux_audit_rule_init selinux_audit_rule_free audit_rule_has_selinux selinux_audit_rule_match Signed-off-by: Casey Schaufler [EMAIL PROTECTED] Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED] Acked-by: James Morris [EMAIL PROTECTED] --- kernel/audit.c |7 +- kernel/auditfilter.c | 61

[PATCH 11/12] Security: Introduce security= boot parameter

if it was not chosen on boot. Smackfs assumes that smack hooks are registered and the initial task security setup (swapper-security) is done. Signed-off-by: Ahmed S. Darwish [EMAIL PROTECTED] Acked-by: James Morris [EMAIL PROTECTED] --- Documentation/kernel-parameters.txt |6 + include/linux/security.h

[PATCH 12/12] security: fix up documentation for security_module_enable

security_module_enable() can only be called during kernel init. Signed-off-by: James Morris [EMAIL PROTECTED] --- security/security.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/security/security.c b/security/security.c index 2ed153c..7787c59 100644 --- a/security

Re: [PATCH 10/12] Tell git about security/selinux/include/audit.h

On Thu, 17 Apr 2008, Greg KH wrote: On Thu, Apr 17, 2008 at 11:06:07AM +, James Morris wrote: Signed-off-by: James Morris [EMAIL PROTECTED] --- security/selinux/include/audit.h | 65 ++ Shouldn't this be merged with the previous patch

Re: [PATCH 1/15] don't reallocate buffer in every audit_sockaddr()

On Wed, 17 Dec 2008, Al Viro wrote: No need to do that more than once per process lifetime; allocating/freeing on each sendto/accept/etc. is bloody pointless. Signed-off-by: Al Viro v...@zeniv.linux.org.uk Reviewed-by: James Morris jmor...@namei.org --- kernel/auditsc.c | 46

Re: [PATCH 2/15] sanitize audit_socketcall

On Wed, 17 Dec 2008, Al Viro wrote: * don't bother with allocations * now that it can't fail, make it return void Signed-off-by: Al Viro v...@zeniv.linux.org.uk Reviewed-by: James Morris jmor...@namei.org -- James Morris jmor...@namei.org -- Linux-audit mailing list Linux-audit

Re: [PATCH 3/15] sanitize audit_ipc_obj()

; 'osid' should be converted into 'secid' someday. Reviewed-by: James Morris jmor...@namei.org -- James Morris jmor...@namei.org -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH 4/15] sanitize audit_ipc_set_perm()

On Wed, 17 Dec 2008, Al Viro wrote: * get rid of allocations * make it return void * simplify callers Signed-off-by: Al Viro v...@zeniv.linux.org.uk Reviewed-by: James Morris jmor...@namei.org -- James Morris jmor...@namei.org -- Linux-audit mailing list Linux-audit@redhat.com https

Re: [PATCH 5/15] sanitize audit_mq_getsetattr()

On Wed, 17 Dec 2008, Al Viro wrote: * get rid of allocations * make it return void * don't duplicate parts of audit_dummy_context() Signed-off-by: Al Viro v...@zeniv.linux.org.uk Reviewed-by: James Morris jmor...@namei.org -- James Morris jmor...@namei.org -- Linux-audit mailing list

Re: [PATCH 9/15] sanitize audit_fd_pair()

On Wed, 17 Dec 2008, Al Viro wrote: * no allocations * return void Signed-off-by: Al Viro v...@zeniv.linux.org.uk Reviewed-by: James Morris jmor...@namei.org -- James Morris jmor...@namei.org -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo

Re: [PATCH 10/15] audit_update_lsm_rules() misses the audit_inode_hash[] ones

On Wed, 17 Dec 2008, Al Viro wrote: Signed-off-by: Al Viro v...@zeniv.linux.org.uk Reviewed-by: James Morris jmor...@namei.org -- James Morris jmor...@namei.org -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH 11/15] fixing audit rule ordering mess, part 1

, keep track of the current highest-priority matching rule and its result (always/never). Signed-off-by: Al Viro v...@zeniv.linux.org.uk Reviewed-by: James Morris jmor...@namei.org -- James Morris jmor...@namei.org -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com

Re: [PATCH 12/15] audit rules ordering, part 2

Morris jmor...@namei.org -- James Morris jmor...@namei.org -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH 14/15] clean up audit_rule_{add,del} a bit

On Wed, 17 Dec 2008, Al Viro wrote: Signed-off-by: Al Viro v...@zeniv.linux.org.uk Reviewed-by: James Morris jmor...@namei.org -- James Morris jmor...@namei.org -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH 15/15] audit: validate comparison operations, store them in sane form

values now; in-tree instances updated. Signed-off-by: Al Viro v...@zeniv.linux.org.uk Reviewed-by: James Morris jmor...@namei.org -- James Morris jmor...@namei.org -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH 0/2] security/smack implement logging V3

#next Note: Please ensure that each patch has a distinct and descriptive subject line. Also, the format for the subject is: [PATCH x/y] subsystem: short description See section 15 of Documentation/SubmittingPatches. -- James Morris jmor...@namei.org -- Linux-audit mailing list Linux-audit

Re: [PATCH] SELinux: define audit permissions for audit tree netlink messages

}, }; -- James Morris jmor...@namei.org -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH -v3] SELinux: Convert avc_audit to use lsm_audit.h

On Fri, 14 Aug 2009, Stephen Smalley wrote: Acked-by: Stephen Smalley s...@tycho.nsa.gov Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next -- James Morris jmor...@namei.org -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com

Re: [PATCH] lsm: copy comm before calling audit_log to avoid race in string printing

-love.sakura.ne.jp Signed-off-by: Richard Guy Briggs r...@redhat.com Applied. -- James Morris jmor...@namei.org -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

[ANNOUNCE] Linux Security Summit 2017 - CFP

nput to the development process. WEB SITE http://events.linuxfoundation.org/events/linux-security-summit TWITTER For event updates and announcements, follow: https://twitter.com/LinuxSecSummit PROGRAM COMMITTEE The program committee for LSS 2017 is: * James Morris, Oracle * S

Re: [PATCH V4 01/10] capabilities: factor out cap_bprm_set_creds privileged root

.@redhat.com> > Reviewed-by: Serge Hallyn <se...@hallyn.com> > --- > security/commoncap.c | 63 +++-- > 1 files changed, 35 insertions(+), 28 deletions(-) Acked-by: James Morris <james.l.mor...@oracle.com> -- James Morris <

Re: [PATCH V3 06/10] capabilities: move audit log decision to function

> security/commoncap.c | 50 > ++ > 1 files changed, 30 insertions(+), 20 deletions(-) Acked-by: James Morris <james.l.mor...@oracle.com> -- James Morris <jmor...@namei.org> -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH V3 05/10] capabilities: use intuitive names for id changes

- > 1 files changed, 21 insertions(+), 5 deletions(-) Acked-by: James Morris <james.l.mor...@oracle.com> -- James Morris <jmor...@namei.org> -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH V3 08/10] capabilities: invert logic for clarity

On Wed, 23 Aug 2017, Richard Guy Briggs wrote: > The way the logic was presented, it was awkward to read and verify. Invert > the > logic using DeMorgan's Law to be more easily able to read and understand. > > Signed-off-by: Richard Guy Briggs <r...@redhat.com> A

Re: [PATCH V3 04/10] capabilities: use root_priveleged inline to clarify logic

cap.c |9 + > 1 files changed, 5 insertions(+), 4 deletions(-) Acked-by: James Morris <james.l.mor...@oracle.com> -- James Morris <jmor...@namei.org> -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH V3 10/10] capabilities: audit log other surprising conditions

; pA_gained > > - These last two are combined into one due to the common first parameter. > > Related: https://github.com/linux-audit/audit-kernel/issues/16 > > Signed-off-by: Richard Guy Briggs <r...@redhat.com> Acked-by: James Morris <james.l.mor...@oracle.com> -- James Morris <jmor...@namei.org> -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH V3 07/10] capabilities: remove a layer of conditional logic

On Wed, 23 Aug 2017, Richard Guy Briggs wrote: > Remove a layer of conditional logic to make the use of conditions > easier to read and analyse. > > Signed-off-by: Richard Guy Briggs <r...@redhat.com> Acked-by: James Morris <james.l.mor...@oracle.com> > --- >

Re: [PATCH V3 03/10] capabilities: rename has_cap to has_fcap

+-- > 1 files changed, 10 insertions(+), 10 deletions(-) Acked-by: James Morris <james.l.mor...@oracle.com> -- James Morris <jmor...@namei.org> -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH V3 02/10] capabilities: intuitive names for cap gain status

+++-- > 1 files changed, 10 insertions(+), 6 deletions(-) Acked-by: James Morris <james.l.mor...@oracle.com> -- James Morris <jmor...@namei.org> -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH V3 01/10] capabilities: factor out cap_bprm_set_creds privileged root

> +++ b/security/commoncap.c > @@ -481,6 +481,38 @@ static int get_file_caps(struct linux_binprm *bprm, bool > *effective, bool *has_c > return rc; > } > > +void handle_privileged_root(struct linux_binprm *bprm, bool has_cap, bool > *effective, kuid_t root_uid) Ca

Re: [PATCH] Audit: remove unused audit_log_secctx function

urity module. > > Signed-off-by: Casey Schaufler <ca...@schaufler-ca.com> Reviewed-by: James Morris <james.l.mor...@oracle.com> -- James Morris <james.l.mor...@oracle.com> -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH v2 3/4] seccomp: Audit attempts to modify the actions_logged sysctl

actions_logged sysctl. > > Suggested-by: Steve Grubb <sgr...@redhat.com> > Signed-off-by: Tyler Hicks <tyhi...@canonical.com> Reviewed-by: James Morris <james.mor...@microsoft.com> -- James Morris <jmor...@namei.org> -- Linux-audit mailing list Linux-audit@redhat.c

Re: [PATCH v2 1/4] seccomp: Separate read and write code for actions_logged sysctl

itional code paths on whether or not the > 'write' parameter evaluates to true. > > Signed-off-by: Tyler Hicks <tyhi...@canonical.com> Reviewed-by: James Morris <james.mor...@microsoft.com> -- James Morris <jmor...@namei.org> -- Linux-audit mailing list Linux-audit@re

Re: [PATCH v2 2/4] seccomp: Configurable separator for the actions_logged string

eparator. This patch allows the separator character to be > configurable to meet both needs. > > Signed-off-by: Tyler Hicks <tyhi...@canonical.com> Reviewed-by: James Morris <james.mor...@microsoft.com> -- James Morris <jmor...@namei.org> -- Linux-audit mailing list Linux-au

Re: [PATCH GHAK16 V5 00/10] capabilities: do not audit log BPRM_FCAPS on set*id

> > > > security/commoncap.c | 193 > > ++- > > 1 file changed, 128 insertions(+), 65 deletions(-) > > > > -- > > 1.8.3.1 > > > > -- > > To unsubscribe from this list: send

Re: [PATCH GHAK16 V5 00/10] capabilities: do not audit log BPRM_FCAPS on set*id

id. > > > > Serge? James? Can one of you two take this via your trees since Paul > has backed down citing (reasonably) that it is mostly capabilities > patches rather than audit? Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-genera

[ANNOUNCE] Linux Security Summit North America 2018 - CFP

2018 is: * James Morris, Microsoft * Serge Hallyn, Cisco * Paul Moore, Red Hat * Stephen Smalley, NSA * Elena Reshetova, Intel * John Johansen, Canonical * Kees Cook, Google * Casey Schaufler, Intel * Mimi Zohar, IBM * David A. Wheeler, Institute for Defense Anal

[ANNOUNCE][CFP] Linux Security Summit North America 2019

mmit PROGRAM COMMITTEE The program committee for LSS 2019 is: * James Morris, Microsoft * Serge Hallyn, Cisco * Paul Moore, Cisco * Stephen Smalley, NSA * Elena Reshetova, Intel * John Johansen, Canonical * Kees Cook, Google * Casey Schaufler, Intel * Mimi Zohar,

Re: [RFC PATCH v3] security,capability: pass object information to security_capable

audit logs look the same once the 2nd patch is applied? We need to be careful about breaking existing userland. -- James Morris -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: Preferred subj= with multiple LSMs

none of > > the existing modules use, how would it be wrong to > > reserve it? > > "We've never had to think about having general rules on what security > modules do before..." > > We famously haven't imposed restrictions on the label format before > now, and thi

Re: Preferred subj= with multiple LSMs

which is an assumption that dbus is already relying on since I checked > it in the thread around > <https://marc.info/?l=linux-security-module=142323508321029=2>? > Or is that restriction so fundamental that it's considered OK? Security labels are strings, so this is implied. -- James M

Re: Preferred subj= with multiple LSMs

e, right? We can't do that. > Once again, I believe that the subj_X approach is going to be faster > than safely parsing the multiplexed format. What about emitting one audit record for each LSM? -- James Morris -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.c

Re: [RFC PATCH v2] security,lockdown,selinux: implement SELinux lockdown

- > security/lsm_audit.c| 5 + > security/security.c | 30 + > security/selinux/hooks.c| 30 + > security/selinux/include/classmap.h | 2 ++ > 7 files changed, 71 insertions(+), 2

[ANNOUNCE][CFP] Linux Security Summit North America 2020

2020 is: * James Morris, Microsoft * Serge Hallyn, Cisco * Paul Moore, Cisco * Stephen Smalley, NSA * Elena Reshetova, Intel * John Johansen, Canonical * Kees Cook, Google * Casey Schaufler, Intel * Mimi Zohar, IBM * David A. Wheeler, Institute for Defense Anal

Re: [PATCH v20 05/23] net: Prepare UDS for security module stacking

socket *sock, struct sk_buff > *skb, > + struct lsmblob *blob) > { > - return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, > - skb, secid); > + struct security_hook_list *hp; > + int rc = -ENOPRO

Re: [PATCH v20 20/23] Audit: Add new record for multiple process LSM attributes

gt; + * display either is the slot number use for formatting > + * or an instruction on which relative slot to use. > + */ > + if (display == LSMBLOB_DISPLAY) > + display = lsm_task_display(current); > + else if (display == LSMBLOB_FIRST) > + display = LSMBLOB_INVALID; > + else if (display < 0) { > + WARN_ONCE(true, > + "LSM: %s unknown display\n", __func__); > + display = LSMBLOB_INVALID; > + } else if (display >= lsm_slot) { > + WARN_ONCE(true, > + "LSM: %s invalid display\n", __func__); > + display = LSMBLOB_INVALID; > + } > + > + > hlist_for_each_entry(hp, _hook_heads.secid_to_secctx, list) { > if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) > continue; > @@ -2256,7 +2299,7 @@ int security_secctx_to_secid(const char *secdata, u32 > seclen, > return hp->hook.secctx_to_secid(secdata, seclen, > >secid[hp->lsmid->slot]); > } > - return 0; > + return -EOPNOTSUPP; > } > EXPORT_SYMBOL(security_secctx_to_secid); > > @@ -2757,23 +2800,17 @@ int security_key_getsecurity(struct key *key, char > **_buffer) > int security_audit_rule_init(u32 field, u32 op, char *rulestr, void > **lsmrule) > { > struct security_hook_list *hp; > - bool one_is_good = false; > - int rc = 0; > - int trc; > + int display = lsm_task_display(current); > > hlist_for_each_entry(hp, _hook_heads.audit_rule_init, list) { > if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) > continue; > - trc = hp->hook.audit_rule_init(field, op, rulestr, > -[hp->lsmid->slot]); > - if (trc == 0) > - one_is_good = true; > - else > - rc = trc; > + if (display != LSMBLOB_INVALID && display != hp->lsmid->slot) > + continue; > + return hp->hook.audit_rule_init(field, op, rulestr, > + [hp->lsmid->slot]); > } > - if (one_is_good) > - return 0; > - return rc; > + return 0; > } > > int security_audit_rule_known(struct audit_krule *krule) > @@ -2805,6 +2842,8 @@ int security_audit_rule_match(struct lsmblob *blob, u32 > field, u32 op, > continue; > if (lsmrule[hp->lsmid->slot] == NULL) > continue; > + if (lsmrule[hp->lsmid->slot] == NULL) > + continue; > rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot], > field, op, > [hp->lsmid->slot]); > diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c > index dcabf6bd8faa..15fa4b7eb2e6 100644 > --- a/security/smack/smackfs.c > +++ b/security/smack/smackfs.c > @@ -185,7 +185,8 @@ static void smk_netlabel_audit_set(struct netlbl_audit > *nap) > > nap->loginuid = audit_get_loginuid(current); > nap->sessionid = audit_get_sessionid(current); > - nap->secid = skp->smk_secid; > + lsmblob_init(>lsmdata, 0); > + nap->lsmdata.secid[smack_lsmid.slot] = skp->smk_secid; > } > > /* > -- James Morris -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [dm-devel] [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE)

On Thu, 6 Aug 2020, Mimi Zohar wrote: > On Thu, 2020-08-06 at 09:51 +1000, James Morris wrote: > > On Wed, 5 Aug 2020, Mimi Zohar wrote: > > > > > If block layer integrity was enough, there wouldn't have been a need > > > for fs-verity. Even fs-verity is

Re: [dm-devel] [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE)

usted rootfs. Future versions will support FS-Verity, at least. IPE was designed to be extensible in this way, with a strong separation of mechanism and policy. Whatever is implemented for NFS should be able to plug in to IPE pretty easily. -- James Morris -- Linux-audit mailing list Linux-a

Re: [dm-devel] [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE)

is able to attend, so I've submitted a BoF proposal: https://www.linuxplumbersconf.org/event/7/abstracts/732/ -- James Morris -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [dm-devel] [RFC PATCH v5 00/11] Integrity Policy Enforcement LSM (IPE)

differentiate yours by making it more Kconfig > based, but policy has a way of becoming user space supplied because > the distros hate config options, so I think you're going to end up > with a policy parser very like IMAs. -- James Morris -- Linux-audit mailing list

Re: [PATCH v19 17/23] LSM: security_secid_to_secctx in netlink netfilter

ger.kernel.org I'd like to see Paul's acks on any networking related changes. -- James Morris -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH v19 13/23] LSM: Specify which LSM to display

hansen > SELinux hook provided by Stephen Smalley > > Reviewed-by: Kees Cook > Acked-by: Stephen Smalley > Acked-by: Paul Moore > Signed-off-by: Casey Schaufler jj: do you have any review/feedback on this? -- James Morris -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH v19 21/23] Audit: Add a new record for multiple object LSM attributes

p and serial number. > > Signed-off-by: Casey Schaufler > Cc: linux-audit@redhat.com These audit patches will need ack/review from Paul. -- James Morris -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH v22 06/23] LSM: Use lsmblob in security_secid_to_secctx

mary maintainers on the To: line or they may miss the email. -- James Morris -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [PATCH v22 05/23] LSM: Use lsmblob in security_secctx_to_secid

ng back a secid. > The infrastructure passes the correct entry from the lsmblob. > > Signed-off-by: Casey Schaufler > Cc: net...@vger.kernel.org You probably need to include Netfilter maintainers specifically for this (added them + the Netfilter list). This also needs signoffs from LS

Re: [PATCH v22 16/23] LSM: security_secid_to_secctx in netlink netfilter

0 +627,8 @@ nfqnl_build_packet_message(struct net *net, struct > > nfqnl_instance *queue, > > } > > > > nlh->nlmsg_len = skb->len; > > - if (seclen) { > > - lsmcontext_init(, secdata, seclen, 0); > > - security_release_secctx(); > > - } > > + if (context.len) > > + security_release_secctx(); > > return skb; > > > > nla_put_failure: > > @@ -643,10 +636,8 @@ nfqnl_build_packet_message(struct net *net, struct > > nfqnl_instance *queue, > > kfree_skb(skb); > > net_err_ratelimited("nf_queue: error creating packet message\n"); > > nlmsg_failure: > > - if (seclen) { > > - lsmcontext_init(, secdata, seclen, 0); > > - security_release_secctx(); > > - } > > + if (context.len) > > + security_release_secctx(); > > return NULL; > > } > > > > -- > > 2.24.1 > > > -- James Morris -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit

Re: [ANNOUNCE][CFP] Linux Security Summit 2021

Two further (and hopefully final) changes: - LSS 2021 will now be a hybrid event, catering to both in-person and remote attendees and presenters - The CFP is extended to July 11th. On Wed, 26 May 2021, James Morris wrote: > Note that the venue of LSS 2021 has now changed to Seat

Re: [ANNOUNCE][CFP] Linux Security Summit 2021

Note that the venue of LSS 2021 has now changed to Seattle, USA. See https://events.linuxfoundation.org/linux-security-summit-north-america/ The new event dates are 29 September to 01 October. The CFP closes on June 27th. On Tue, 9 Feb 2021, James Morris wrote

[ANNOUNCE][CFP] Linux Security Summit 2021

mmit #linuxsecuritysummit PROGRAM COMMITTEE The program committee for LSS 2021 is: * James Morris, Microsoft * Serge Hallyn, Cisco * Paul Moore, Cisco * Stephen Smalley, NSA * Elena Reshetova, Intel * John Johansen, Canonical * Kees Cook, Google * Casey Schaufler, I

Re: security_task_getsecid() and subjective vs objective task creds

On Thu, 18 Feb 2021, Paul Moore wrote: > Hi all, > > When looking into a problem I noticed that audit was recording the > wrong subject label for a process. Is this a public bug? It would be good to know what the extent of this issue may be and whether it warrants a CVE. --

Re: [RFC PATCH 1/4] lsm: separate security_task_getsecid() into subjective and objective variants

(secid, , _sz); > if (ret) { > return_error = BR_FAILED_REPLY; Can someone from the Android project confirm this is correct for binder? -- James Morris -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit

Re: [ANNOUNCE][CFP] Linux Security Summit 2021

For folks presenting remotely, the deadline for video talks is extended to 20th September, 2021. Reminder: you can keep track LSS event information via: https://twitter.com/LinuxSecSummit -- James Morris -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman

Re: [ANNOUNCE][CFP] Linux Security Summit North America 2022

On Tue, 8 Feb 2022, James Morris wrote: > * Event:September 23-24 Correction: This should be 23-24 June per the top of the email. -- James Morris -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit

[ANNOUNCE][CFP] Linux Security Summit North America 2022

https://twitter.com/LinuxSecSummit #linuxsecuritysummit PROGRAM COMMITTEE The program committee for LSS 2021 is: * James Morris, Microsoft * Serge Hallyn, Cisco * Paul Moore, Microsoft * Stephen Smalley, NSA * Elena Reshetova, Intel * John Johansen, Canonical

[ANNOUNCE] Linux Security Summit North Americ (LSS-NA) CfP

. This will be a three day event, co-located with Open Source Summit North America [1]. The LSS-NA CfP is open until March 1st, 2023. Note that announcements relating to the Linux Security Summit may be found now on the Fediverse, via: https://social.kernel.org/LinuxSecSummit -- James Morris [1] https