Re: [PATCH 2/3] selinux: add checksum to policydb

On Thu, 2017-04-27 at 19:12 +0200, Sebastien Buisson wrote: > 2017-04-27 17:18 GMT+02:00 Stephen Smalley : > > Ok, that should work as long as you just want to validate that all > > the > > clients loaded the same policy file, and aren't concerned about > > non- &g

Re: [PATCH 2/3] selinux: add checksum to policydb

On Thu, 2017-04-27 at 10:41 +0200, Sebastien Buisson wrote: > 2017-04-26 20:30 GMT+02:00 Stephen Smalley <s...@tycho.nsa.gov>: > > This seems like an odd place to trigger the computation. > > I noticed that the policy as exposed via /sys/fs/selinux/policy c

Re: [PATCH 2/3] selinux: add checksum to policydb

On Thu, 2017-04-27 at 10:41 +0200, Sebastien Buisson wrote: > 2017-04-26 20:30 GMT+02:00 Stephen Smalley : > > This seems like an odd place to trigger the computation. > > I noticed that the policy as exposed via /sys/fs/selinux/policy can > also be modified in security_set_boo

Re: [PATCH 3/3] selinux: expose policy SHA256 checksum via selinuxfs

On Thu, 2017-04-27 at 00:02 +0900, Sebastien Buisson wrote: > Expose policy SHA256 checksum via selinuxfs. > > Signed-off-by: Sebastien Buisson > --- >  security/selinux/selinuxfs.c | 20 >  1 file changed, 20 insertions(+) > > diff --git

Re: [PATCH 3/3] selinux: expose policy SHA256 checksum via selinuxfs

On Thu, 2017-04-27 at 00:02 +0900, Sebastien Buisson wrote: > Expose policy SHA256 checksum via selinuxfs. > > Signed-off-by: Sebastien Buisson > --- >  security/selinux/selinuxfs.c | 20 >  1 file changed, 20 insertions(+) > > diff --git a/security/selinux/selinuxfs.c >

Re: [PATCH 2/3] selinux: add checksum to policydb

On Thu, 2017-04-27 at 00:02 +0900, Sebastien Buisson wrote: > Add policycksum field to struct policydb. It holds the sha256 > checksum computed on the binary policy every time the notifier is > called after a policy change. > Add security_policy_cksum hook to give access to policy checksum to >

Re: [PATCH 2/3] selinux: add checksum to policydb

On Thu, 2017-04-27 at 00:02 +0900, Sebastien Buisson wrote: > Add policycksum field to struct policydb. It holds the sha256 > checksum computed on the binary policy every time the notifier is > called after a policy change. > Add security_policy_cksum hook to give access to policy checksum to >

Re: [PATCH 1/3] selinux: Implement LSM notification system

On Wed, 2017-04-26 at 08:38 -0700, Casey Schaufler wrote: > On 4/26/2017 8:02 AM, Sebastien Buisson wrote: > > From: Daniel Jurgens > > > > Add a generic notification mechanism in the LSM. Interested > > consumers > > can register a callback with the LSM and security

Re: [PATCH 1/3] selinux: Implement LSM notification system

On Wed, 2017-04-26 at 08:38 -0700, Casey Schaufler wrote: > On 4/26/2017 8:02 AM, Sebastien Buisson wrote: > > From: Daniel Jurgens > > > > Add a generic notification mechanism in the LSM. Interested > > consumers > > can register a callback with the LSM and security modules can > > produce > >

Re: [PATCH] selinux: add selinux_is_enforced() function

On Wed, 2017-04-12 at 19:07 +0200, Sebastien Buisson wrote: > 2017-04-12 18:24 GMT+02:00 Stephen Smalley <s...@tycho.nsa.gov>: > > Maybe you want to register a notifier callback on policy reload? > > See > > the archives for the SELinux support for Infiniband RDMA

Re: [PATCH] selinux: add selinux_is_enforced() function

On Wed, 2017-04-12 at 19:07 +0200, Sebastien Buisson wrote: > 2017-04-12 18:24 GMT+02:00 Stephen Smalley : > > Maybe you want to register a notifier callback on policy reload? > > See > > the archives for the SELinux support for Infiniband RDMA patches > > (which >

Re: [PATCH] selinux: add selinux_is_enforced() function

On Wed, 2017-04-12 at 17:19 +0200, Sebastien Buisson wrote: > 2017-04-12 15:58 GMT+02:00 Stephen Smalley <s...@tycho.nsa.gov>: > > Even your usage of selinux_is_enabled() looks suspect; that should > > probably go away.  Only other user of it seems to be some cred >

Re: [PATCH] selinux: add selinux_is_enforced() function

On Wed, 2017-04-12 at 17:19 +0200, Sebastien Buisson wrote: > 2017-04-12 15:58 GMT+02:00 Stephen Smalley : > > Even your usage of selinux_is_enabled() looks suspect; that should > > probably go away.  Only other user of it seems to be some cred > > validity > > che

Re: [PATCH] selinux: add selinux_is_enforced() function

On Wed, 2017-04-12 at 17:11 +0200, Sebastien Buisson wrote: > 2017-04-12 16:35 GMT+02:00 Stephen Smalley <s...@tycho.nsa.gov>: > > How are you using this SELinux information in the kernel and/or in > > userspace?  What's the purpose of it?  What are you comparing it > >

Re: [PATCH] selinux: add selinux_is_enforced() function

On Wed, 2017-04-12 at 17:11 +0200, Sebastien Buisson wrote: > 2017-04-12 16:35 GMT+02:00 Stephen Smalley : > > How are you using this SELinux information in the kernel and/or in > > userspace?  What's the purpose of it?  What are you comparing it > > against?  Why do y

Re: [PATCH] selinux: add selinux_is_enforced() function

On Wed, 2017-04-12 at 15:30 +0200, Sebastien Buisson wrote: > 2017-04-12 13:55 GMT+02:00 Paul Moore : > > As currently written this code isn't something we would want to > > merge > > upstream for two important reasons: > > > > * No clear user of this functionality.  There

Re: [PATCH] selinux: add selinux_is_enforced() function

On Wed, 2017-04-12 at 15:30 +0200, Sebastien Buisson wrote: > 2017-04-12 13:55 GMT+02:00 Paul Moore : > > As currently written this code isn't something we would want to > > merge > > upstream for two important reasons: > > > > * No clear user of this functionality.  There needs to be a well > >

Re: [PATCH] selinux: add selinux_is_enforced() function

On Wed, 2017-04-12 at 15:30 +0200, Sebastien Buisson wrote: > 2017-04-12 13:55 GMT+02:00 Paul Moore : > > As currently written this code isn't something we would want to > > merge > > upstream for two important reasons: > > > > * No abstraction layer at the LSM interface.  The

Re: [PATCH] selinux: add selinux_is_enforced() function

On Wed, 2017-04-12 at 15:30 +0200, Sebastien Buisson wrote: > 2017-04-12 13:55 GMT+02:00 Paul Moore : > > As currently written this code isn't something we would want to > > merge > > upstream for two important reasons: > > > > * No abstraction layer at the LSM interface.  The core kernel code >

Re: [PATCH] selinux: add selinux_status_get_seq() function

On Wed, 2017-04-12 at 18:12 +0900, Sebastien Buisson wrote: > Add selinux_status_get_seq() function to give access to sequence > number of current SELinux policy loaded to the rest of the kernel. > > Signed-off-by: Sebastien Buisson > --- >  include/linux/selinux.h  |  7

Re: [PATCH] selinux: add selinux_status_get_seq() function

On Wed, 2017-04-12 at 18:12 +0900, Sebastien Buisson wrote: > Add selinux_status_get_seq() function to give access to sequence > number of current SELinux policy loaded to the rest of the kernel. > > Signed-off-by: Sebastien Buisson > --- >  include/linux/selinux.h  |  7 +++ >  

Re: [PATCH] selinux: add selinux_is_enforced() function

On Wed, 2017-04-12 at 18:06 +0900, Sebastien Buisson wrote: > Add selinux_is_enforced() function to give access to SELinux > enforcement to the rest of the kernel. > > Signed-off-by: Sebastien Buisson > --- >  include/linux/selinux.h | 5 + >  

Re: [PATCH] selinux: add selinux_is_enforced() function

On Wed, 2017-04-12 at 18:06 +0900, Sebastien Buisson wrote: > Add selinux_is_enforced() function to give access to SELinux > enforcement to the rest of the kernel. > > Signed-off-by: Sebastien Buisson > --- >  include/linux/selinux.h | 5 + >  security/selinux/exports.c  |

Re: [PATCH] selinux: Fix SBLABEL_MNT for NFS mounts

On Thu, 2017-03-30 at 13:41 -0400, J. Bruce Fields wrote: > On Thu, Mar 30, 2017 at 01:27:07PM -0400, Stephen Smalley wrote: > > On Thu, 2017-03-30 at 09:49 +0200, Tomeu Vizoso wrote: > > > On 29 March 2017 at 23:34, J. Bruce Fields <bfie...@redhat.com> > > > wr

Re: [PATCH] selinux: Fix SBLABEL_MNT for NFS mounts

On Thu, 2017-03-30 at 13:41 -0400, J. Bruce Fields wrote: > On Thu, Mar 30, 2017 at 01:27:07PM -0400, Stephen Smalley wrote: > > On Thu, 2017-03-30 at 09:49 +0200, Tomeu Vizoso wrote: > > > On 29 March 2017 at 23:34, J. Bruce Fields > > > wrote: > > > > O

Re: [PATCH] selinux: Fix SBLABEL_MNT for NFS mounts

On Thu, 2017-03-30 at 09:49 +0200, Tomeu Vizoso wrote: > On 29 March 2017 at 23:34, J. Bruce Fields > wrote: > > On Wed, Mar 29, 2017 at 05:27:23PM +0200, Tomeu Vizoso wrote: > > > Labelling of files in a NFSv4.2 currently fails with ENOTSUPP > > > because > > > the mount

Re: [PATCH] selinux: Fix SBLABEL_MNT for NFS mounts

On Thu, 2017-03-30 at 09:49 +0200, Tomeu Vizoso wrote: > On 29 March 2017 at 23:34, J. Bruce Fields > wrote: > > On Wed, Mar 29, 2017 at 05:27:23PM +0200, Tomeu Vizoso wrote: > > > Labelling of files in a NFSv4.2 currently fails with ENOTSUPP > > > because > > > the mount point doesn't have

Re: [PATCH] security: selinux: allow per-file labeling for cgroupfs

On Fri, 2017-03-10 at 15:01 -0500, Paul Moore wrote: > On Thu, Feb 9, 2017 at 10:58 AM, Antonio Murdaca > wrote: > > > > This patch allows genfscon per-file labeling for cgroupfs. For > > instance, > > this allows to label the "release_agent" file within each > > cgroup

Re: [PATCH] security: selinux: allow per-file labeling for cgroupfs

On Fri, 2017-03-10 at 15:01 -0500, Paul Moore wrote: > On Thu, Feb 9, 2017 at 10:58 AM, Antonio Murdaca > wrote: > > > > This patch allows genfscon per-file labeling for cgroupfs. For > > instance, > > this allows to label the "release_agent" file within each > > cgroup mount and limit writes to

[PATCH] fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks

checked when required for the operation. Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov> --- fs/namei.c | 20 ++-- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index d41fab7..482414a 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -

[PATCH] fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks

checked when required for the operation. Signed-off-by: Stephen Smalley --- fs/namei.c | 20 ++-- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index d41fab7..482414a 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -340,22 +340,14 @@ int

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

On Thu, 2017-03-09 at 18:28 +0100, Greg KH wrote: > On Mon, Feb 27, 2017 at 04:23:28PM -0500, Stephen Smalley wrote: > > > > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > > > > > > On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley <s.

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

On Thu, 2017-03-09 at 18:28 +0100, Greg KH wrote: > On Mon, Feb 27, 2017 at 04:23:28PM -0500, Stephen Smalley wrote: > > > > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > > > > > > On Mon, Feb 27, 2017 at 11:53 AM, Step

[tip:timers/urgent] timerfd: Only check CAP_WAKE_ALARM when it is needed

Commit-ID: 25b68a8f0ab13a98de02650208ec927796659898 Gitweb: http://git.kernel.org/tip/25b68a8f0ab13a98de02650208ec927796659898 Author: Stephen Smalley <s...@tycho.nsa.gov> AuthorDate: Fri, 17 Feb 2017 10:13:59 -0500 Committer: Thomas Gleixner <t...@linutronix.de> CommitDate

[tip:timers/urgent] timerfd: Only check CAP_WAKE_ALARM when it is needed

Commit-ID: 25b68a8f0ab13a98de02650208ec927796659898 Gitweb: http://git.kernel.org/tip/25b68a8f0ab13a98de02650208ec927796659898 Author: Stephen Smalley AuthorDate: Fri, 17 Feb 2017 10:13:59 -0500 Committer: Thomas Gleixner CommitDate: Wed, 1 Mar 2017 12:53:44 +0100 timerfd: Only check

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

On Mon, 2017-02-27 at 19:18 -0500, Paul Moore wrote: > On Mon, Feb 27, 2017 at 4:23 PM, Stephen Smalley <s...@tycho.nsa.gov> > wrote: > > > > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > > > > > > On Mon, Feb 27, 2017 at 11:53 AM,

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

On Mon, 2017-02-27 at 19:18 -0500, Paul Moore wrote: > On Mon, Feb 27, 2017 at 4:23 PM, Stephen Smalley > wrote: > > > > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > > > > > > On Mon, Feb 27, 2017 at 11:53 AM, S

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

On Mon, 2017-02-27 at 14:42 -0500, Stephen Smalley wrote: > On Thu, 2017-02-23 at 19:01 -0500, Paul Moore wrote: > > > > On Thu, Feb 23, 2017 at 1:43 PM, John Stultz <john.stu...@linaro.or > > g> > > wrote: > > > > > > > > > Hey fol

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

On Mon, 2017-02-27 at 14:42 -0500, Stephen Smalley wrote: > On Thu, 2017-02-23 at 19:01 -0500, Paul Moore wrote: > > > > On Thu, Feb 23, 2017 at 1:43 PM, John Stultz > g> > > wrote: > > > > > > > > > Hey folks, > > >    I've n

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley <s...@tycho.nsa.gov> > wrote: > > > > > > > > I can reproduce it on angler (with a back-port of just that > > > patch), > > >

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley > wrote: > > > > > > > > I can reproduce it on angler (with a back-port of just that > > > patch), > > > although I am u

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

On Mon, 2017-02-27 at 16:23 -0500, Stephen Smalley wrote: > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > > > > On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley <s...@tycho.nsa.go > > v> > > wrote: > > > > > > > > > &

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

On Mon, 2017-02-27 at 16:23 -0500, Stephen Smalley wrote: > On Mon, 2017-02-27 at 12:48 -0800, Nick Kralevich wrote: > > > > On Mon, Feb 27, 2017 at 11:53 AM, Stephen Smalley > v> > > wrote: > > > > > > > > > > > > >

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

On Thu, 2017-02-23 at 19:01 -0500, Paul Moore wrote: > On Thu, Feb 23, 2017 at 1:43 PM, John Stultz > wrote: > > > > Hey folks, > >    I've not been able to figure out why yet, but I wanted to raise > > the > > issue that last night I found I couldn't boot Android on my

Re: [Regression?] 1ea0ce4069 ("selinux: allow changing labels for cgroupfs") stops Android from booting

On Thu, 2017-02-23 at 19:01 -0500, Paul Moore wrote: > On Thu, Feb 23, 2017 at 1:43 PM, John Stultz > wrote: > > > > Hey folks, > >    I've not been able to figure out why yet, but I wanted to raise > > the > > issue that last night I found I couldn't boot Android on my Hikey > > board with

[PATCH] fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks

checked when required for the operation. Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov> --- fs/namei.c | 20 ++-- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index ad74877..8736e4a 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -

[PATCH] fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks

checked when required for the operation. Signed-off-by: Stephen Smalley --- fs/namei.c | 20 ++-- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index ad74877..8736e4a 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -340,22 +340,14 @@ int

[PATCH] timerfd: only check CAP_WAKE_ALARM when it is needed

even when no privilege was exercised, and is inefficient. Flip the order of the tests in both functions so that we only call capable() if the capability is truly required for the operation. Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov> --- fs/timerfd.c | 8 1 file chan

[PATCH] timerfd: only check CAP_WAKE_ALARM when it is needed

even when no privilege was exercised, and is inefficient. Flip the order of the tests in both functions so that we only call capable() if the capability is truly required for the operation. Signed-off-by: Stephen Smalley --- fs/timerfd.c | 8 1 file changed, 4 insertions(+), 4 deletions

Re: [PATCH v2] security: selinux: allow changing labels for cgroupfs

also allow containers to write only to the systemd > cgroup > for instance, while the other cgroups are kept with cgroup_t label. > > Signed-off-by: Antonio Murdaca <run...@redhat.com> Acked-by: Stephen Smalley <s...@tycho.nsa.gov> > --- > Changes in v2: >   - whit

Re: [PATCH v2] security: selinux: allow changing labels for cgroupfs

also allow containers to write only to the systemd > cgroup > for instance, while the other cgroups are kept with cgroup_t label. > > Signed-off-by: Antonio Murdaca Acked-by: Stephen Smalley > --- > Changes in v2: >   - whitelist cgroup2 fs type > >  secur

Re: SELinux lead to soft lockup when pid 1 proceess reap child

On Mon, 2017-01-09 at 19:29 +0100, Oleg Nesterov wrote: > Seriously, could someone explain why do we need the > security_task_wait() > hook at all? I would be ok with killing it. IIRC, the original motivation was to block an unauthorized data flow from child to parent when the child context

Re: SELinux lead to soft lockup when pid 1 proceess reap child

On Mon, 2017-01-09 at 19:29 +0100, Oleg Nesterov wrote: > Seriously, could someone explain why do we need the > security_task_wait() > hook at all? I would be ok with killing it. IIRC, the original motivation was to block an unauthorized data flow from child to parent when the child context

Re: [PATCH v3 3/3] selinux: require EXECMEM for forced ptrace poke

- minor: symmetric comment (Ingo Molnar) > - use helper struct (Ingo Molnar) > - add new policy capability for enabling forced write checks >(Stephen Smalley) > > Signed-off-by: Jann Horn <j...@thejh.net> > --- > security/selinux/hooks.c| 15

Re: [PATCH v3 3/3] selinux: require EXECMEM for forced ptrace poke

- minor: symmetric comment (Ingo Molnar) > - use helper struct (Ingo Molnar) > - add new policy capability for enabling forced write checks >(Stephen Smalley) > > Signed-off-by: Jann Horn > --- > security/selinux/hooks.c| 15 +++ > securi

Re: selinux: should execmem disable shmat(..., SHM_EXEC)?

On 10/26/2016 04:31 PM, Topi Miettinen wrote: > Hi, > > Maybe this is a stupid question and I didn't test this with SELinux, but > it looks to me that SELinux execmem does not prevent process from > getting writable and executable memory mappings by using shmat(..., > SHM_EXEC). Shouldn't this be

Re: selinux: should execmem disable shmat(..., SHM_EXEC)?

On 10/26/2016 04:31 PM, Topi Miettinen wrote: > Hi, > > Maybe this is a stupid question and I didn't test this with SELinux, but > it looks to me that SELinux execmem does not prevent process from > getting writable and executable memory mappings by using shmat(..., > SHM_EXEC). Shouldn't this be

Re: [PATCH v2 3/3] selinux: require EXECMEM for forced ptrace poke

On 09/28/2016 06:54 PM, Jann Horn wrote: > This is a breaking change for SELinux users that restrict EXECMEM: It might > break gdb if gdb is executed in a domain that does not have EXECMEM > privilege over the debuggee domain. Since this would break compatibility with existing SELinux policies,

Re: [PATCH v2 3/3] selinux: require EXECMEM for forced ptrace poke

On 09/28/2016 06:54 PM, Jann Horn wrote: > This is a breaking change for SELinux users that restrict EXECMEM: It might > break gdb if gdb is executed in a domain that does not have EXECMEM > privilege over the debuggee domain. Since this would break compatibility with existing SELinux policies,

Re: [PATCH 1/9] security, overlayfs: provide copy up security hook for unioned files

which are suitable for new file > creation during copy up. Caller will use new creds to create file and then > revert back to old creds and release new creds. > > Signed-off-by: Vivek Goyal <vgo...@redhat.com> Acked-by: Stephen Smalley <s...@tycho.nsa.gov>

Re: [PATCH 1/9] security, overlayfs: provide copy up security hook for unioned files

which are suitable for new file > creation during copy up. Caller will use new creds to create file and then > revert back to old creds and release new creds. > > Signed-off-by: Vivek Goyal Acked-by: Stephen Smalley > --- > fs/overlayfs/copy_up.c| 15 +

Re: [PATCH 6/9] security, overlayfs: Provide hook to correctly label newly created files

nes > the label/context dentry will get if it had been created by task in upper > and modify passed set of creds appropriately. Caller makes use of these new > creds for file creation. > > Signed-off-by: Vivek Goyal <vgo...@redhat.com> Acked-by: Stephen Smalley <s...@t

Re: [PATCH 6/9] security, overlayfs: Provide hook to correctly label newly created files

nes > the label/context dentry will get if it had been created by task in upper > and modify passed set of creds appropriately. Caller makes use of these new > creds for file creation. > > Signed-off-by: Vivek Goyal Acked-by: Stephen Smalley > --- > fs/overlayfs/dir.c

Re: [PATCH 3/9] security,overlayfs: Provide security hook for copy up of xattrs for overlay file

ts the xattr to be discarded on the copy, -EOPNOTSUPP > if the security module does not handle/manage the xattr, or a -errno > upon an error. > > Signed-off-by: David Howells <dhowe...@redhat.com> > Signed-off-by: Vivek Goyal <vgo...@redhat.com> Acked-by: Stephen Smalley <

Re: [PATCH 3/9] security,overlayfs: Provide security hook for copy up of xattrs for overlay file

ts the xattr to be discarded on the copy, -EOPNOTSUPP > if the security module does not handle/manage the xattr, or a -errno > upon an error. > > Signed-off-by: David Howells > Signed-off-by: Vivek Goyal Acked-by: Stephen Smalley > --- > fs/overlayfs/copy_up.c| 7 +++

Re: [PATCH 6/9] security, overlayfs: Provide hook to correctly label newly created files

On 07/13/2016 10:57 AM, Stephen Smalley wrote: > On 07/13/2016 10:44 AM, Vivek Goyal wrote: >> During a new file creation we need to make sure new file is created with the >> right label. New file is created in upper/ so effectively file should get >> label as if task had

Re: [PATCH 5/9] selinux: Pass security pointer to determine_inode_label()

rity pointer from. > > Signed-off-by: Vivek Goyal <vgo...@redhat.com> Acked-by: Stephen Smalley <s...@tycho.nsa.gov> > --- > security/selinux/hooks.c | 19 ++- > 1 file changed, 10 insertions(+), 9 deletions(-) > > diff --git a/security/selin

Re: [PATCH 7/9] selinux: Implement dentry_create_files_as() hook

off-by: Vivek Goyal <vgo...@redhat.com> Acked-by: Stephen Smalley <s...@tycho.nsa.gov> > --- > security/selinux/hooks.c | 22 ++ > 1 file changed, 22 insertions(+) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index ae

Re: [PATCH 5/9] selinux: Pass security pointer to determine_inode_label()

rity pointer from. > > Signed-off-by: Vivek Goyal Acked-by: Stephen Smalley > --- > security/selinux/hooks.c | 19 ++- > 1 file changed, 10 insertions(+), 9 deletions(-) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 4fda

Re: [PATCH 6/9] security, overlayfs: Provide hook to correctly label newly created files

On 07/13/2016 10:57 AM, Stephen Smalley wrote: > On 07/13/2016 10:44 AM, Vivek Goyal wrote: >> During a new file creation we need to make sure new file is created with the >> right label. New file is created in upper/ so effectively file should get >> label as if task had

Re: [PATCH 7/9] selinux: Implement dentry_create_files_as() hook

gned-off-by: Vivek Goyal Acked-by: Stephen Smalley > --- > security/selinux/hooks.c | 22 ++ > 1 file changed, 22 insertions(+) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index ae11fd9..77eb5a8 100644 > --- a/security/sel

Re: [PATCH 6/9] security, overlayfs: Provide hook to correctly label newly created files

On 07/13/2016 10:44 AM, Vivek Goyal wrote: > During a new file creation we need to make sure new file is created with the > right label. New file is created in upper/ so effectively file should get > label as if task had created file in upper/. > > We switched to mounter's creds for actual file

Re: [PATCH 6/9] security, overlayfs: Provide hook to correctly label newly created files

On 07/13/2016 10:44 AM, Vivek Goyal wrote: > During a new file creation we need to make sure new file is created with the > right label. New file is created in upper/ so effectively file should get > label as if task had created file in upper/. > > We switched to mounter's creds for actual file

Re: [PATCH 2/9] selinux: Implementation for inode_copy_up() hook

t mount > cases. In case of non-context mount, overlay inode will have the label > of lower file and in case of context mount, overlay inode will have > the label from context= mount option. > > Signed-off-by: Vivek Goyal <vgo...@redhat.com> Acked-by: Stephen Smalley <s...@ty

Re: [PATCH 4/9] selinux: Implementation for inode_copy_up_xattr() hook

opy up label as newly created file got its label from context= option. > > Signed-off-by: Vivek Goyal <vgo...@redhat.com> Acked-by: Stephen Smalley <s...@tycho.nsa.gov> > --- > security/selinux/hooks.c | 16 > 1 file changed, 16 insertions(+) > > dif

Re: [PATCH 2/9] selinux: Implementation for inode_copy_up() hook

t mount > cases. In case of non-context mount, overlay inode will have the label > of lower file and in case of context mount, overlay inode will have > the label from context= mount option. > > Signed-off-by: Vivek Goyal Acked-by: Stephen Smalley > --- > security/selinux/hoo

Re: [PATCH 4/9] selinux: Implementation for inode_copy_up_xattr() hook

opy up label as newly created file got its label from context= option. > > Signed-off-by: Vivek Goyal Acked-by: Stephen Smalley > --- > security/selinux/hooks.c | 16 > 1 file changed, 16 insertions(+) > > diff --git a/security/selinux/hooks.c b/security/selinux

Re: [PATCH 1/9] security, overlayfs: provide copy up security hook for unioned files

On 07/13/2016 10:44 AM, Vivek Goyal wrote: > Provide a security hook to label new file correctly when a file is copied > up from lower layer to upper layer of a overlay/union mount. > > This hook can prepare a new set of creds which are suitable for new file > creation during copy up. Caller will

Re: [PATCH 1/9] security, overlayfs: provide copy up security hook for unioned files

On 07/13/2016 10:44 AM, Vivek Goyal wrote: > Provide a security hook to label new file correctly when a file is copied > up from lower layer to upper layer of a overlay/union mount. > > This hook can prepare a new set of creds which are suitable for new file > creation during copy up. Caller will

Re: [PATCH 3/7] security,overlayfs: Provide security hook for copy up of xattrs for overlay file

On 07/08/2016 12:19 PM, Vivek Goyal wrote: > Provide a security hook which is called when xattrs of a file are being > copied up. This hook is called once for each xattr and LSM can return 0 > to access the xattr, 1 to reject xattr, -EOPNOTSUPP if none of the lsms > claim to know xattr and a

Re: [PATCH 3/7] security,overlayfs: Provide security hook for copy up of xattrs for overlay file

On 07/08/2016 12:19 PM, Vivek Goyal wrote: > Provide a security hook which is called when xattrs of a file are being > copied up. This hook is called once for each xattr and LSM can return 0 > to access the xattr, 1 to reject xattr, -EOPNOTSUPP if none of the lsms > claim to know xattr and a

Re: [PATCH 1/7] security, overlayfs: provide copy up security hook for unioned files

On 07/08/2016 12:19 PM, Vivek Goyal wrote: > Provide a security hook to label new file correctly when a file is copied > up from lower layer to upper layer of a overlay/union mount. > > This hook can prepare a new set of creds which are suitable for new file > creation during copy up. Caller will

Re: [PATCH 1/7] security, overlayfs: provide copy up security hook for unioned files

On 07/08/2016 12:19 PM, Vivek Goyal wrote: > Provide a security hook to label new file correctly when a file is copied > up from lower layer to upper layer of a overlay/union mount. > > This hook can prepare a new set of creds which are suitable for new file > creation during copy up. Caller will

Re: Documenting ptrace access mode checking

On 06/21/2016 05:41 AM, Michael Kerrisk (man-pages) wrote: > Hi Jann, Stephen, et al. > > Jann, since you recently committed a patch in this area, and Stephen, > since you committed 006ebb40d3d much further back in time, I wonder if > you might help me by reviewing the text below that I propose

Re: Documenting ptrace access mode checking

On 06/21/2016 05:41 AM, Michael Kerrisk (man-pages) wrote: > Hi Jann, Stephen, et al. > > Jann, since you recently committed a patch in this area, and Stephen, > since you committed 006ebb40d3d much further back in time, I wonder if > you might help me by reviewing the text below that I propose

Re: [PATCH] LSM: Reorder security_capset to do access checks properly

On 06/01/2016 04:30 PM, Casey Schaufler wrote: > On 6/1/2016 1:06 PM, Stephen Smalley wrote: >> On 06/01/2016 03:27 PM, Casey Schaufler wrote: >>> Subject: [PATCH] LSM: Reorder security_capset to do access checks properly >>> >>> The security module hooks

Re: [PATCH] LSM: Reorder security_capset to do access checks properly

On 06/01/2016 04:30 PM, Casey Schaufler wrote: > On 6/1/2016 1:06 PM, Stephen Smalley wrote: >> On 06/01/2016 03:27 PM, Casey Schaufler wrote: >>> Subject: [PATCH] LSM: Reorder security_capset to do access checks properly >>> >>> The security module hooks

Re: [PATCH] LSM: Reorder security_capset to do access checks properly

On 06/01/2016 03:27 PM, Casey Schaufler wrote: > Subject: [PATCH] LSM: Reorder security_capset to do access checks properly > > The security module hooks that check whether a process should > be able to set a new capset are currently called after the new > values are set in cap_capset(). This

Re: [PATCH] LSM: Reorder security_capset to do access checks properly

On 06/01/2016 03:27 PM, Casey Schaufler wrote: > Subject: [PATCH] LSM: Reorder security_capset to do access checks properly > > The security module hooks that check whether a process should > be able to set a new capset are currently called after the new > values are set in cap_capset(). This

Re: PROBLEM: Resume form hibernate broken by setting NX on gap

On 05/20/2016 07:34 AM, Rafael J. Wysocki wrote: > On Fri, May 20, 2016 at 9:15 AM, Ingo Molnar wrote: >> >> * Logan Gunthorpe wrote: >> >>> Hi, >>> >>> I have been working on a bug that causes my laptop to freeze during >>> resume from hibernation. I did a

Re: PROBLEM: Resume form hibernate broken by setting NX on gap

On 05/20/2016 07:34 AM, Rafael J. Wysocki wrote: > On Fri, May 20, 2016 at 9:15 AM, Ingo Molnar wrote: >> >> * Logan Gunthorpe wrote: >> >>> Hi, >>> >>> I have been working on a bug that causes my laptop to freeze during >>> resume from hibernation. I did a bisect to find the offending commit:

Re: Linux 4.4 MW: Boot under Xen fails with CONFIG_DEBUG_WX enabled: RIP: ptdump_walk_pgd_level_core

On 11/04/2015 01:28 PM, Sander Eikelenboom wrote: On 2015-11-04 16:52, Stephen Smalley wrote: On 11/04/2015 06:55 AM, Sander Eikelenboom wrote: Hi All, I just tried to boot with the current linus mergewindow tree under Xen. It fails with a kernel panic at boot with the new "CONFIG_DEB

Re: Linux 4.4 MW: Boot under Xen fails with CONFIG_DEBUG_WX enabled: RIP: ptdump_walk_pgd_level_core

On 11/04/2015 06:55 AM, Sander Eikelenboom wrote: Hi All, I just tried to boot with the current linus mergewindow tree under Xen. It fails with a kernel panic at boot with the new "CONFIG_DEBUG_WX" option enabled. Disabling it makes the kernel boot fine. The splat: [ 18.424241] Freeing

Re: Linux 4.4 MW: Boot under Xen fails with CONFIG_DEBUG_WX enabled: RIP: ptdump_walk_pgd_level_core

On 11/04/2015 06:55 AM, Sander Eikelenboom wrote: Hi All, I just tried to boot with the current linus mergewindow tree under Xen. It fails with a kernel panic at boot with the new "CONFIG_DEBUG_WX" option enabled. Disabling it makes the kernel boot fine. The splat: [ 18.424241] Freeing

Re: Linux 4.4 MW: Boot under Xen fails with CONFIG_DEBUG_WX enabled: RIP: ptdump_walk_pgd_level_core

On 11/04/2015 01:28 PM, Sander Eikelenboom wrote: On 2015-11-04 16:52, Stephen Smalley wrote: On 11/04/2015 06:55 AM, Sander Eikelenboom wrote: Hi All, I just tried to boot with the current linus mergewindow tree under Xen. It fails with a kernel panic at boot with the new "CONFIG_DEB

Re: [PATCH] lkdtm: fix ACCESS_USERSPACE test

On 10/27/2015 08:12 PM, Greg KH wrote: On Tue, Oct 27, 2015 at 04:47:53PM -0400, Stephen Smalley wrote: Add a copy_to_user() call to the ACCESS_USERSPACE test prior to attempting direct dereferencing of the user address to ensure the page is present. Otherwise, a fault occurs on arm kernels

Re: [PATCH] lkdtm: fix ACCESS_USERSPACE test

On 10/27/2015 08:12 PM, Greg KH wrote: On Tue, Oct 27, 2015 at 04:47:53PM -0400, Stephen Smalley wrote: Add a copy_to_user() call to the ACCESS_USERSPACE test prior to attempting direct dereferencing of the user address to ensure the page is present. Otherwise, a fault occurs on arm kernels

[PATCH] lkdtm: fix ACCESS_USERSPACE test

fault: page domain fault (0x01b) at 0xb6f7d000 ... Signed-off-by: Stephen Smalley --- drivers/misc/lkdtm.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c index b5abe34..11fdadc 100644 --- a/drivers/misc/lkdtm.c +++ b/drivers

[PATCH] lkdtm: fix ACCESS_USERSPACE test

fault: page domain fault (0x01b) at 0xb6f7d000 ... Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov> --- drivers/misc/lkdtm.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c index b5abe34..11fdadc 100644 --- a/driver

Re: [PATCH v2 5/7] selinux: Add support for unprivileged mounts from user namespaces

task context into a form suitable for file objects, but also allow the policy writer to specify a different label through policy transition rules. Pieced together from code snippets provided by Stephen Smalley. Signed-off-by: Seth Forshee Acked-by: Stephen Smalley --- security/selinux

<    1   2   3   4   5   6   7   8   9   10   >