On 12/12/2023 9:59 AM, Michael S. Tsirkin wrote:
> On Tue, Dec 12, 2023 at 08:33:39AM -0800, Casey Schaufler wrote:
>> On 12/12/2023 5:17 AM, Maxime Coquelin wrote:
>>> This patch introduces a LSM hook for devices creation,
>>> destruction (ioctl()) and opening (open(
On 12/12/2023 5:17 AM, Maxime Coquelin wrote:
> This patch introduces a LSM hook for devices creation,
> destruction (ioctl()) and opening (open()) operations,
> checking the application is allowed to perform these
> operations for the Virtio device type.
My earlier comments on a vduse specific
On 4/16/2021 9:37 AM, Roberto Sassu wrote:
>> From: Casey Schaufler [mailto:ca...@schaufler-ca.com]
>> Sent: Thursday, April 15, 2021 10:44 PM
>> On 4/15/2021 3:04 AM, Roberto Sassu wrote:
>>> This patch set depends on:
>>>
>>> https://lore.ker
On 4/15/2021 3:04 AM, Roberto Sassu wrote:
> This patch set depends on:
>
> https://lore.kernel.org/linux-integrity/20210409114313.4073-1-roberto.sa...@huawei.com/
> https://lore.kernel.org/linux-integrity/20210407105252.30721-1-roberto.sa...@huawei.com/
>
> One of the challenges that must be
On 4/8/2021 6:48 PM, James Morris wrote:
> I've added this to my tree at:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
> landlock_lsm_v33
>
> and merged that into the next-testing branch which is pulled into Linux
> next.
Thank you.
On 4/8/2021 1:49 AM, Zhongjun Tan wrote:
> From: Zhongjun Tan
>
> Delete selinux selinux_xfrm_policy_lookup() useless argument.
>
> Signed-off-by: Zhongjun Tan
> ---
> include/linux/lsm_hook_defs.h | 3 +--
> include/linux/security.h| 4 ++--
> net/xfrm/xfrm_policy.c | 6
t;
> This patch introduces the post hooks ima_inode_post_setxattr() and
> ima_inode_post_removexattr(), and adds the call to
> ima_reset_appraise_flags() in the new functions.
>
> Cc: Casey Schaufler
> Signed-off-by: Roberto Sassu
> ---
> fs/xattr.c
and hangs after.
Is this a bug fix?
> In openssh case, it use SSH_LISTEN_BACKLOG as 128.
>
> At 2021-03-30 23:42:04, "Casey Schaufler" wrote:
>> Commit f211ac154577ec9ccf07c15f18a6abf0d9bdb4ab 'net: correct
>> sk_acceptq_is_full()' breaks a system with the Smack
On 3/30/2021 12:28 PM, Mickaël Salaün wrote:
> On 30/03/2021 20:40, Casey Schaufler wrote:
>> On 3/30/2021 11:11 AM, Mickaël Salaün wrote:
>>> On 30/03/2021 19:19, Casey Schaufler wrote:
>>>> On 3/30/2021 10:01 AM, Mickaël Salaün wrote:
>>>>> Hi,
&g
On 3/30/2021 11:11 AM, Mickaël Salaün wrote:
> On 30/03/2021 19:19, Casey Schaufler wrote:
>> On 3/30/2021 10:01 AM, Mickaël Salaün wrote:
>>> Hi,
>>>
>>> Is there new comments on this patch? Could we move forward?
>> I don't see that new comments are
On 3/30/2021 11:11 AM, Mickaël Salaün wrote:
> On 30/03/2021 19:19, Casey Schaufler wrote:
>> On 3/30/2021 10:01 AM, Mickaël Salaün wrote:
>>> Hi,
>>>
>>> Is there new comments on this patch? Could we move forward?
>> I don't see that new comments are
On 3/30/2021 10:01 AM, Mickaël Salaün wrote:
> Hi,
>
> Is there new comments on this patch? Could we move forward?
I don't see that new comments are necessary when I don't see
that you've provided compelling counters to some of the old ones.
It's possible to use minimal privilege with
Commit f211ac154577ec9ccf07c15f18a6abf0d9bdb4ab 'net: correct
sk_acceptq_is_full()' breaks a system with the Smack LSM.
Reverting this change results in a return to correct behavior.
The Smack testsuite can be found at:
https://github.com/smack-team/smack-testsuite.git
The failing test
On 3/25/2021 5:44 PM, Jens Axboe wrote:
> The io_uring PF_IO_WORKER threads no longer have PF_KTHREAD set, so no
> need to special case them for credential checks.
Could you cite the commit where that change was made?
>
> Cc: Tetsuo Handa
> Signed-off-by: Jens Axboe
> ---
>
ouldn't want to see this change back-ported to a kernel
that doesn't have that change as well.
>
> Cc: Casey Schaufler
> Signed-off-by: Jens Axboe
> ---
> security/smack/smack_access.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/security/s
On 3/24/2021 4:58 AM, Dmitry Vyukov wrote:
> On Wed, Mar 24, 2021 at 12:49 PM Mimi Zohar wrote:
>> On Wed, 2021-03-24 at 12:37 +0100, Dmitry Vyukov wrote:
>>> On Wed, Mar 24, 2021 at 12:21 PM Tetsuo Handa
>>> wrote:
On 2021/03/24 20:10, Mimi Zohar wrote:
> On Wed, 2021-03-24 at 19:10
On 3/10/2021 10:17 AM, Mickaël Salaün wrote:
> On 10/03/2021 18:22, Casey Schaufler wrote:
>> On 3/10/2021 8:09 AM, Mickaël Salaün wrote:
>>> Hi,
>>>
>>> The chroot system call is currently limited to be used by processes with
>>> the CAP_SYS_CHROOT
On 3/10/2021 8:09 AM, Mickaël Salaün wrote:
> Hi,
>
> The chroot system call is currently limited to be used by processes with
> the CAP_SYS_CHROOT capability. This protects against malicious
> procesess willing to trick SUID-like binaries. The following patch
> allows unprivileged users to
interferes in the multiple LSM case.
Acked-by: Stephen Smalley
Acked-by: John Johansen
Reviewed-by: Kees Cook
Signed-off-by: Casey Schaufler
---
security/apparmor/lsm.c | 20 +---
1 file changed, 1 insertion(+), 19 deletions(-)
diff --git a/security/apparmor/lsm.c b/security/appa
case none of the
information will be displayed.
Reviewed-by: Kees Cook
Signed-off-by: Casey Schaufler
Cc: linux-...@vger.kernel.org
Cc: linux-...@vger.kernel.org
---
Documentation/ABI/testing/procfs-attr-context | 14
Documentation/security/lsm.rst| 14
fs/p
(1601152467.009:1050):
obj_selinux=unconfined_u:object_r:user_home_t:s0
Not all security modules that can provide object information
do so in all cases. It is possible that a security module won't
apply an object attribute in all cases.
Signed-off-by: Casey Schaufler
Cc: linux-au
x even though it may not actually do so.
Signed-off-by: Casey Schaufler
To: p...@paul-moore.com
To: linux-au...@redhat.com
To: r...@redhat.com
Cc: net...@vger.kernel.org
---
drivers/android/binder.c| 2 +-
include/linux/audit.h | 24
include/linux/security.h
is discarded immediately after the local associated records are
produced.
Signed-off-by: Richard Guy Briggs
Signed-off-by: Casey Schaufler
Cc: linux-au...@redhat.com
To: Richard Guy Briggs
---
include/linux/audit.h | 8
kernel/audit.h| 1 +
kernel/auditsc.c | 33
Verify that the tasks on the ends of a binder transaction
use the same "display" security module. This prevents confusion
of security "contexts".
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Scha
netlabel use the lsm_id.slot to access the
correct secid when using netlabel.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
---
include/net/netlabel.h | 8 +--
net/ipv4
Change netlink netfilter interfaces to use lsmcontext
pointers, and remove scaffolding.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Acked-by: Pablo Neira Ayuso
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
Cc: netfilter-de...@vger.kernel.org
Reviewed-by: John Johansen
Signed-off-by: Casey Schaufler
Cc: linux-...@vger.kernel.org
---
fs/nfsd/nfs4xdr.c| 23 +--
include/linux/security.h | 5 +++--
security/security.c | 13 +++--
3 files changed, 23 insertions(+), 18 deletions(-)
diff --git a/fs/nfsd
the new structure.
Reviewed-by: Kees Cook
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
Cc: linux-au...@redhat.com
Cc: netfilter-de...@vger.kernel.org
---
drivers/android/binder.c| 26 +++-
include/linux
allocates and destroys
them on each use, whereas Smack provides a pointer to an entry
in a list that never goes away.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Signed-off-by: Casey Schaufler
Cc: linux-integr...@vger.kernel.org
Cc: net...@vger.kernel.org
Cc
ot;interface_lsm" requires that all security modules using
setprocattr hooks allow the action. Each security module is
responsible for defining its policy.
AppArmor hook provided by John Johansen
SELinux hook provided by Stephen Smalley
Signed-off-by: Casey Schaufler
Cc: Kees Cook
Cc: S
The IMA interfaces ima_get_action() and ima_match_policy()
call LSM functions that use lsmblobs. Change the IMA functions
to pass the lsmblob to be compatible with the LSM functions.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Signed-off-by: Casey Schaufler
Cc
-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: linux-integr...@vger.kernel.org
Cc: linux-au...@redhat.com
---
include/linux/security.h | 2 +-
kernel/audit.c| 25 +++
kernel/audit.h| 3 ++-
kernel
-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: linux-integr...@vger.kernel.org
Cc: linux-au...@redhat.com
---
include/linux/security.h| 7 ---
kernel/auditsc.c| 6 +-
security/integrity/ima/ima_policy.c | 4 +---
security/security.c | 11
-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: linux-integr...@vger.kernel.org
Cc: linux-au...@redhat.com
Cc: net...@vger.kernel.org
---
drivers/android/binder.c | 12 +-
include/linux/security.h | 7 ++--
kernel/audit.c| 16 +++-
kernel
-by: John Johansen
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: linux-au...@redhat.com
---
include/linux/security.h | 7 ---
kernel/auditsc.c | 7 ++-
security/security.c | 12 +---
3 files changed, 19 insertions(+), 7 deletions
a secid to a string, as can occur in the
audit code.
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
Cc: linux-au...@redhat.com
Cc: netfilter-de...@vger.kernel.org
To: Pablo Neira Ayuso
To: Paul Moore
---
drivers/android/binder.c| 12 +-
include/linux
the lsmblob.
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
Cc: netfilter-de...@vger.kernel.org
To: Pablo Neira Ayuso
---
include/linux/security.h | 26 ++--
kernel/cred.c | 4 +---
net/netfilter/nft_meta.c | 10
net/netfilter
instead of a secid.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
To: David Howells
---
include/linux/cred.h | 3 ++-
include/linux/security.h | 5 +++--
kernel/cred.c| 10 ++
security
() is dropped.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: linux-au...@redhat.com
Cc: linux-integr...@vger.kernel.org
To: Mimi Zohar
---
include/linux/security.h| 7 ---
kernel/auditfilter.c
registered module
that supports the audit_rule_match() LSM hook. Allow the user
to specify in the IMA policy an lsm= option to specify the
security module to use for a particular rule.
Signed-off-by: Casey Schaufler
To: Mimi Zohar
To: linux-integr...@vger.kernel.org
---
Documentation/ABI/testing
Provide interfaces to map LSM slot numbers and LSM names.
Update the LSM registration code to save this information.
Signed-off-by: Casey Schaufler
---
include/linux/security.h | 4
security/security.c | 45
2 files changed, 49 insertions
.
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Acked-by: John Johansen
Signed-off-by: Casey Schaufler
Cc:
Cc: linux-au...@redhat.com
Cc: linux-security-mod...@vger.kernel.org
Cc: seli...@vger.kernel.org
To: Mimi Zohar
---
include/linux/audit.h | 4 +-
include/linux/lsm_ho
ore
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Signed-off-by: Casey Schaufler
---
include/linux/lsm_hooks.h | 1 +
security/apparmor/include/net.h | 6 ++-
security/apparmor/lsm.c | 38 ---
security/security.c |
is using an earlier version of this patchset in
their distribution to enable stacking for containers.
Performance measurements to date have the change within the "noise".
The sockperf and dbench results are on the order of 0.2% to 0.8%
difference, with better performance being as common
iately invoke EVM
as well. Instead of:
ima_do_stuff(x, y, z);
evm_do_stuff(x, y, z);
how about
integrity_do_stuff(x, y, z);
>
> Cc: Casey Schaufler
> Signed-off-by: Roberto Sassu
> ---
> fs/xattr.c| 2 ++
> include/linux/ima.h
On 2/14/2021 10:21 AM, Mimi Zohar wrote:
> Hi Casey,
>
> On Tue, 2021-01-26 at 08:40 -0800, Casey Schaufler wrote:
>> Integrity measurement may filter on security module information
>> and needs to be clear in the case of multiple active security
>> modules which app
On 2/22/2021 1:12 PM, Nicolas Iooss wrote:
> On Mon, Feb 22, 2021 at 9:32 PM Casey Schaufler
> wrote:
>> On 2/22/2021 10:31 AM, Mickaël Salaün wrote:
>>> On 22/02/2021 17:51, Casey Schaufler wrote:
>>>> On 2/22/2021 7:06 AM, Mickaël Salaün wrote:
>>&g
On 2/22/2021 10:31 AM, Mickaël Salaün wrote:
> On 22/02/2021 17:51, Casey Schaufler wrote:
>> On 2/22/2021 7:06 AM, Mickaël Salaün wrote:
>>> From: Mickaël Salaün
>>>
>>> Add a new option CONFIG_LSM_AUTO to enable users to delegate default LSM
>>> stac
th a make
> oldconfig.
>
> CONFIG_LSM and CONFIG_LSM_AUTO depend on CONFIG_SECURITY, which makes
> sense because an LSM depends on the security framework.
>
> Cc: Casey Schaufler
> Cc: James Morris
> Cc: Kees Cook
> Cc: Serge E. Hallyn
> Signed-off-by: Mickaël Salaün
> L
Hello Linus
Here is a Smack change for the 5.12 release. It introduces bound checking
for the smackfs administrative interfaces where they were missing.
--
The following changes since commit 1048ba83fb1c00cd24172e23e8263972f6b5d9ac:
Linux 5.11-rc6 (2021-01-31 13:50:09 -0800)
are available
On 2/14/2021 10:21 AM, Mimi Zohar wrote:
> Hi Casey,
>
> On Tue, 2021-01-26 at 08:40 -0800, Casey Schaufler wrote:
>> Integrity measurement may filter on security module information
>> and needs to be clear in the case of multiple active security
>> modules which app
On 2/5/2021 6:17 AM, Serge E. Hallyn wrote:
> On Tue, Feb 02, 2021 at 05:27:03PM +0100, Mickaël Salaün wrote:
>> From: Casey Schaufler
>>
>> Move management of the superblock->sb_security blob out of the
>> individual security modules and into the security infrastruc
On 2/5/2021 6:17 AM, Serge E. Hallyn wrote:
> On Tue, Feb 02, 2021 at 05:27:03PM +0100, Mickaël Salaün wrote:
>> From: Casey Schaufler
>>
>> Move management of the superblock->sb_security blob out of the
>> individual security modules and into the security infrastruc
On 2/2/2021 11:13 AM, Sabyrzhan Tasbolatov wrote:
>> if PAGE_SIZE >= SMK_LOADSIZE all legitimate requests can be made
>> using PAGE_SIZE as a limit. Your example with 19990 spaces before
>> the data demonstrates that the interface is inadequately documented.
>> Tizen and Automotive Grade Linux are
On 2/2/2021 9:12 AM, Topi Miettinen wrote:
> On 2.2.2021 17.30, Casey Schaufler wrote:
>> On 2/2/2021 4:05 AM, Topi Miettinen wrote:
>>> On 26.1.2021 18.40, Casey Schaufler wrote:
>>>> This patchset provides the changes required for
>>>> the AppArmor secu
On 2/2/2021 4:05 AM, Topi Miettinen wrote:
> On 26.1.2021 18.40, Casey Schaufler wrote:
>> This patchset provides the changes required for
>> the AppArmor security module to stack safely with any other.
>
> In my test, when kernel command line has apparmor before selinux in ls
On 2/1/2021 9:47 AM, Jason A. Donenfeld wrote:
> Hi Andy & others,
>
> I was reversing some NT stuff recently and marveling over how wild and
> crazy things are over in Windows-land. A few things related to process
> creation caught my interest:
>
> - It's possible to create a new process with an
On 1/28/2021 6:24 AM, Tetsuo Handa wrote:
> On 2021/01/28 22:27, Sabyrzhan Tasbolatov wrote:
>>> Doesn't this change break legitimate requests like
>>>
>>> char buffer[2];
>>>
>>> memset(buffer, ' ', sizeof(buffer));
>>> memcpy(buffer + sizeof(buffer) - 10, "foo", 3);
>>> write(fd,
On 1/26/2021 10:42 AM, Richard Guy Briggs wrote:
> On 2021-01-26 08:41, Casey Schaufler wrote:
>> Standalone audit records have the timestamp and serial number generated
>> on the fly and as such are unique, making them standalone. This new
>> function audit_alloc_local() ge
interferes in the multiple LSM case.
Acked-by: Stephen Smalley
Acked-by: John Johansen
Reviewed-by: Kees Cook
Signed-off-by: Casey Schaufler
---
security/apparmor/lsm.c | 20 +---
1 file changed, 1 insertion(+), 19 deletions(-)
diff --git a/security/apparmor/lsm.c b/security/appa
case none of the
information will be displayed.
Reviewed-by: Kees Cook
Signed-off-by: Casey Schaufler
Cc: linux-...@vger.kernel.org
Cc: linux-...@vger.kernel.org
---
Documentation/ABI/testing/procfs-attr-context | 14
Documentation/security/lsm.rst| 14
fs/p
(1601152467.009:1050):
obj_selinux=unconfined_u:object_r:user_home_t:s0
Not all security modules that can provide object information
do so in all cases. It is possible that a security module won't
apply an object attribute in all cases.
Signed-off-by: Casey Schaufler
Cc: linux-au
x even though it may not actually do so.
Signed-off-by: Casey Schaufler
To: p...@paul-moore.com
To: linux-au...@redhat.com
To: r...@redhat.com
Cc: net...@vger.kernel.org
---
drivers/android/binder.c| 2 +-
include/linux/audit.h | 24
include/linux/security.h
is discarded immediately after the local associated records are
produced.
Signed-off-by: Richard Guy Briggs
Signed-off-by: Casey Schaufler
Cc: linux-au...@redhat.com
To: Richard Guy Briggs
---
include/linux/audit.h | 8
kernel/audit.h| 1 +
kernel/auditsc.c | 33
Verify that the tasks on the ends of a binder transaction
use the same "display" security module. This prevents confusion
of security "contexts".
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Scha
-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: linux-integr...@vger.kernel.org
Cc: linux-au...@redhat.com
---
include/linux/security.h| 7 ---
kernel/auditsc.c| 6 +-
security/integrity/ima/ima_policy.c | 4 +---
security/security.c | 11
.
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Acked-by: John Johansen
Signed-off-by: Casey Schaufler
Cc:
Cc: linux-au...@redhat.com
Cc: linux-security-mod...@vger.kernel.org
Cc: seli...@vger.kernel.org
To: Mimi Zohar
---
include/linux/audit.h | 4 +-
include/linux/lsm_ho
netlabel use the lsm_id.slot to access the
correct secid when using netlabel.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
---
include/net/netlabel.h | 8 +--
net/ipv4
ore
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Signed-off-by: Casey Schaufler
---
include/linux/lsm_hooks.h | 1 +
security/apparmor/include/net.h | 6 ++-
security/apparmor/lsm.c | 38 ---
security/security.c |
-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: linux-integr...@vger.kernel.org
Cc: linux-au...@redhat.com
Cc: net...@vger.kernel.org
---
drivers/android/binder.c | 12 +-
include/linux/security.h | 7 ++--
kernel/audit.c| 16 +++-
kernel
ate have the change within the "noise".
The sockperf and dbench results are on the order of 0.2% to 0.8%
difference, with better performance being as common as worse. The
benchmarks were run with AppArmor and Smack on Ubuntu.
https://github.com/cschaufler/lsm-stacking.git#stack-5.11
Change netlink netfilter interfaces to use lsmcontext
pointers, and remove scaffolding.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Acked-by: Pablo Neira Ayuso
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
Cc: netfilter-de...@vger.kernel.org
-by: John Johansen
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: linux-au...@redhat.com
---
include/linux/security.h | 7 ---
kernel/auditsc.c | 7 ++-
security/security.c | 12 +---
3 files changed, 19 insertions(+), 7 deletions
Reviewed-by: John Johansen
Signed-off-by: Casey Schaufler
Cc: linux-...@vger.kernel.org
---
fs/nfsd/nfs4xdr.c| 23 +--
include/linux/security.h | 5 +++--
security/security.c | 13 +++--
3 files changed, 23 insertions(+), 18 deletions(-)
diff --git a/fs/nfsd
a secid to a string, as can occur in the
audit code.
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
Cc: linux-au...@redhat.com
Cc: netfilter-de...@vger.kernel.org
To: Pablo Neira Ayuso
To: Paul Moore
---
drivers/android/binder.c| 12 +-
include/linux
the lsmblob.
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
Cc: netfilter-de...@vger.kernel.org
To: Pablo Neira Ayuso
---
include/linux/security.h | 26 ++--
kernel/cred.c | 4 +---
net/netfilter/nft_meta.c | 10
net/netfilter
the new structure.
Reviewed-by: Kees Cook
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: net...@vger.kernel.org
Cc: linux-au...@redhat.com
Cc: netfilter-de...@vger.kernel.org
---
drivers/android/binder.c| 26 +++-
include/linux
instead of a secid.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
To: David Howells
---
include/linux/cred.h | 3 ++-
include/linux/security.h | 5 +++--
kernel/cred.c| 10 ++
security
allocates and destroys
them on each use, whereas Smack provides a pointer to an entry
in a list that never goes away.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Signed-off-by: Casey Schaufler
Cc: linux-integr...@vger.kernel.org
Cc: net...@vger.kernel.org
Cc
registered module
that supports the audit_rule_match() LSM hook. Allow the user
to specify in the IMA policy an lsm= option to specify the
security module to use for a particular rule.
Signed-off-by: Casey Schaufler
To: Mimi Zohar
To: linux-integr...@vger.kernel.org
---
Documentation/ABI/testing
ot;interface_lsm" requires that all security modules using
setprocattr hooks allow the action. Each security module is
responsible for defining its policy.
AppArmor hook provided by John Johansen
SELinux hook provided by Stephen Smalley
Signed-off-by: Casey Schaufler
Cc: Kees Cook
Cc: S
() is dropped.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: linux-au...@redhat.com
Cc: linux-integr...@vger.kernel.org
To: Mimi Zohar
---
include/linux/security.h| 7 ---
kernel/auditfilter.c
The IMA interfaces ima_get_action() and ima_match_policy()
call LSM functions that use lsmblobs. Change the IMA functions
to pass the lsmblob to be compatible with the LSM functions.
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Acked-by: Stephen Smalley
Signed-off-by: Casey Schaufler
Cc
Provide interfaces to map LSM slot numbers and LSM names.
Update the LSM registration code to save this information.
Signed-off-by: Casey Schaufler
---
include/linux/security.h | 4
security/security.c | 45
2 files changed, 49 insertions
-by: Stephen Smalley
Acked-by: Paul Moore
Signed-off-by: Casey Schaufler
Cc: linux-integr...@vger.kernel.org
Cc: linux-au...@redhat.com
---
include/linux/security.h | 2 +-
kernel/audit.c| 25 +++
kernel/audit.h| 3 ++-
kernel
On 1/24/2021 6:36 AM, Sabyrzhan Tasbolatov wrote:
> syzbot found WARNINGs in several smackfs write operations where
> bytes count is passed to memdup_user_nul which exceeds
> GFP MAX_ORDER. Check count size if bigger SMK_LONGLABEL,
> for smk_write_syslog if bigger than PAGE_SIZE - 1.
>
>
On 1/12/2021 1:36 AM, pna...@codeaurora.org wrote:
> On 2021-01-08 22:41, Casey Schaufler wrote:
>> On 1/8/2021 1:49 AM, Preeti Nagar wrote:
>>> The changes introduce a new security feature, RunTime Integrity Check
>>> (RTIC), designed to protect Linux Kernel at runtime
On 1/8/2021 1:49 AM, Preeti Nagar wrote:
> The changes introduce a new security feature, RunTime Integrity Check
> (RTIC), designed to protect Linux Kernel at runtime. The motivation
> behind these changes is:
> 1. The system protection offered by SE for Android relies on the
> assumption of
On 12/28/2020 5:53 PM, Mimi Zohar wrote:
> On Mon, 2020-12-28 at 15:20 -0800, Casey Schaufler wrote:
>> On 12/28/2020 2:14 PM, Mimi Zohar wrote:
>>> On Mon, 2020-12-28 at 12:06 -0800, Casey Schaufler wrote:
>>>> On 12/28/2020 11:24 AM, Mimi Zohar wrote:
>>>&
On 12/28/2020 2:14 PM, Mimi Zohar wrote:
> On Mon, 2020-12-28 at 12:06 -0800, Casey Schaufler wrote:
>> On 12/28/2020 11:24 AM, Mimi Zohar wrote:
>>> Hi Casey,
>>>
>>> On Fri, 2020-11-20 at 12:14 -0800, Casey Schaufler wrote:
>>>> diff --git a/secu
On 12/28/2020 11:24 AM, Mimi Zohar wrote:
> Hi Casey,
>
> On Fri, 2020-11-20 at 12:14 -0800, Casey Schaufler wrote:
>> diff --git a/security/security.c b/security/security.c
>> index 5da8b3643680..d01363cb0082 100644
>> --- a/security/security.c
>> +++ b/sec
On 12/28/2020 9:54 AM, Mimi Zohar wrote:
> Hi Casey,
>
> On Fri, 2020-11-20 at 12:14 -0800, Casey Schaufler wrote:
>> When more than one security module is exporting data to
>> audit and networking sub-systems a single 32 bit integer
>> is no longer sufficient
-for-5.11
for you to fetch changes up to 942cb357ae7d9249088e3687ee6a00ed2745a0c7:
Smack: Handle io_uring kernel thread privileges (2020-12-22 15:34:24 -0800)
Casey Schaufler (1):
Smack: Handle io_uring kernel thread privileges
Smack assumes that kernel threads are privileged for smackfs
operations. This was necessary because the credential of the
kernel thread was not related to a user operation. With io_uring
the credential does reflect a user's rights and can be used.
Suggested-by: Jens Axboe
Signed-off-by: Casey
On 12/15/2020 2:04 PM, Eric W. Biederman wrote:
> Casey Schaufler writes:
>
>> On 12/13/2020 3:00 PM, Paul Moore wrote:
>>> On Sun, Dec 13, 2020 at 11:30 AM Matthew Wilcox wrote:
>>>> On Sun, Dec 13, 2020 at 08:22:32AM -0600, Eric W. Biederman wr
Hello Linus
Here are the Smack tree changes for the v5.11 release. There are no functional
changes. There a code clean-up and some function header comment corrections.
--
The following changes since commit f8394f232b1eab649ce2df5c5f15b0e528c92091:
Linux 5.10-rc3 (2020-11-08 16:10:16 -0800)
On 12/13/2020 3:00 PM, Paul Moore wrote:
> On Sun, Dec 13, 2020 at 11:30 AM Matthew Wilcox wrote:
>> On Sun, Dec 13, 2020 at 08:22:32AM -0600, Eric W. Biederman wrote:
>>> Matthew Wilcox writes:
>>>
On Thu, Dec 03, 2020 at 04:02:12PM -0800, Stephen Brennan wrote:
> -void
On 12/13/2020 8:29 AM, Matthew Wilcox wrote:
> On Sun, Dec 13, 2020 at 08:22:32AM -0600, Eric W. Biederman wrote:
>> Matthew Wilcox writes:
>>
>>> On Thu, Dec 03, 2020 at 04:02:12PM -0800, Stephen Brennan wrote:
-void pid_update_inode(struct task_struct *task, struct inode *inode)
(1601152467.009:1050):
obj_selinux=unconfined_u:object_r:user_home_t:s0
Not all security modules that can provide object information
do so in all cases. It is possible that a security module won't
apply an object attribute in all cases.
Signed-off-by: Casey Schaufler
Cc: linux-au
interferes in the multiple LSM case.
Acked-by: Stephen Smalley
Acked-by: John Johansen
Reviewed-by: Kees Cook
Signed-off-by: Casey Schaufler
---
security/apparmor/lsm.c | 20 +---
1 file changed, 1 insertion(+), 19 deletions(-)
diff --git a/security/apparmor/lsm.c b/security/appa
1 - 100 of 2105 matches
Mail list logo