task
context into a form suitable for file objects, but also allow the
policy writer to specify a different label through policy
transition rules.
Pieced together from code snippets provided by Stephen Smalley.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Stephen S
e | Slack Size | Allocation Count
> ---
> 770048 |192512| 577536 | 12032
>
> At the result, this change reduce memory usage 42bytes per each
> file_security_struct
>
> Signed-off-by: Sangwoo
Acked-by: Stephen Smalley
e | Slack Size | Allocation Count
> ---
> 770048 |192512| 577536 | 12032
>
> At the result, this change reduce memory usage 42bytes per each
> file_security_struct
>
> Signed-off-by: Sangwoo <sangwoo2.p...
On 10/05/2015 05:56 PM, Andreas Gruenbacher wrote:
> On Mon, Oct 5, 2015 at 5:08 PM, Stephen Smalley wrote:
>> Not fond of these magic initialized values.
>
> That should be a solvable problem.
>
>> Is it always safe to call inode_doinit() from all callers of
>>
On 10/06/2015 03:32 AM, Ingo Molnar wrote:
>
> * Stephen Smalley wrote:
>
>> On 10/03/2015 07:27 AM, Ingo Molnar wrote:
>>>
>>> * Stephen Smalley wrote:
>>>
>>>> diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
>>>&
Commit-ID: e1a58320a38dfa72be48a0f1a3a92273663ba6db
Gitweb: http://git.kernel.org/tip/e1a58320a38dfa72be48a0f1a3a92273663ba6db
Author: Stephen Smalley
AuthorDate: Mon, 5 Oct 2015 12:55:20 -0400
Committer: Ingo Molnar
CommitDate: Tue, 6 Oct 2015 11:11:48 +0200
x86/mm: Warn on W^X
On 10/06/2015 03:32 AM, Ingo Molnar wrote:
>
> * Stephen Smalley <s...@tycho.nsa.gov> wrote:
>
>> On 10/03/2015 07:27 AM, Ingo Molnar wrote:
>>>
>>> * Stephen Smalley <s...@tycho.nsa.gov> wrote:
>>>
>>>> diff --git a/arch/x8
On 10/05/2015 05:56 PM, Andreas Gruenbacher wrote:
> On Mon, Oct 5, 2015 at 5:08 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>> Not fond of these magic initialized values.
>
> That should be a solvable problem.
>
>> Is it always safe to call i
Commit-ID: e1a58320a38dfa72be48a0f1a3a92273663ba6db
Gitweb: http://git.kernel.org/tip/e1a58320a38dfa72be48a0f1a3a92273663ba6db
Author: Stephen Smalley <s...@tycho.nsa.gov>
AuthorDate: Mon, 5 Oct 2015 12:55:20 -0400
Committer: Ingo Molnar <mi...@kernel.org>
CommitDate: Tue, 6
On 10/03/2015 07:27 AM, Ingo Molnar wrote:
>
> * Stephen Smalley wrote:
>
>> diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
>> index 30564e2..f8b1573 100644
>> --- a/arch/x86/mm/init_64.c
>> +++ b/arch/x86/mm/init_64.c
>> @@ -115
[] ptdump_walk_pgd_level_checkwx+0x17/0x20
[] mark_rodata_ro+0xf5/0x100
[] ? rest_init+0x80/0x80
[] kernel_init+0x1d/0xe0
[] ret_from_fork+0x3f/0x70
[] ? rest_init+0x80/0x80
---[ end trace a1f23a1e42a2ac76 ]---
x86/mm: Checked W+X mappings: FAILED, 171 W+X pages found.
Signed-off-by: Stephen
Gruenbacher
Cc: Paul Moore
Cc: Stephen Smalley
Cc: Eric Paris
Cc: seli...@tycho.nsa.gov
---
include/linux/lsm_hooks.h | 6 ++
include/linux/security.h | 5 +
security/security.c | 8
security/selinux/hooks.c | 23
On 10/03/2015 07:27 AM, Ingo Molnar wrote:
>
> * Stephen Smalley <s...@tycho.nsa.gov> wrote:
>
>> diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
>> index 30564e2..f8b1573 100644
>> --- a/arch/x86/mm/init_64.c
>> +++ b/arch/x86/mm/init_64.c
>&
Gruenbacher <agrue...@redhat.com>
Cc: Paul Moore <p...@paul-moore.com>
Cc: Stephen Smalley <s...@tycho.nsa.gov>
Cc: Eric Paris <epa...@parisplace.org>
Cc: seli...@tycho.nsa.gov
---
include/linux/lsm_hooks.h | 6 ++
include/linux/security.h | 5 +++
[] ptdump_walk_pgd_level_checkwx+0x17/0x20
[] mark_rodata_ro+0xf5/0x100
[] ? rest_init+0x80/0x80
[] kernel_init+0x1d/0xe0
[] ret_from_fork+0x3f/0x70
[] ? rest_init+0x80/0x80
---[ end trace a1f23a1e42a2ac76 ]---
x86/mm: Checked W+X mappings: FAILED, 171 W+X pages found.
Signed-off-by: Stephen
[] ptdump_walk_pgd_level_checkwx+0x17/0x20
[] mark_rodata_ro+0xf5/0x100
[] ? rest_init+0x80/0x80
[] kernel_init+0x1d/0xe0
[] ret_from_fork+0x3f/0x70
[] ? rest_init+0x80/0x80
---[ end trace a1f23a1e42a2ac76 ]---
x86/mm: Checked W+X mappings: FAILED, 171 W+X pages found.
Signed-off-by: Stephen
Commit-ID: ab76f7b4ab2397ffdd2f1eb07c55697d19991d10
Gitweb: http://git.kernel.org/tip/ab76f7b4ab2397ffdd2f1eb07c55697d19991d10
Author: Stephen Smalley
AuthorDate: Thu, 1 Oct 2015 09:04:22 -0400
Committer: Ingo Molnar
CommitDate: Fri, 2 Oct 2015 09:21:06 +0200
x86/mm: Set NX on gap
[] ptdump_walk_pgd_level_checkwx+0x17/0x20
[] mark_rodata_ro+0xf5/0x100
[] ? rest_init+0x80/0x80
[] kernel_init+0x1d/0xe0
[] ret_from_fork+0x3f/0x70
[] ? rest_init+0x80/0x80
---[ end trace a1f23a1e42a2ac76 ]---
x86/mm: Checked W+X mappings: FAILED, 171 W+X pages found.
Signed-off-by: Stephen
Commit-ID: ab76f7b4ab2397ffdd2f1eb07c55697d19991d10
Gitweb: http://git.kernel.org/tip/ab76f7b4ab2397ffdd2f1eb07c55697d19991d10
Author: Stephen Smalley <s...@tycho.nsa.gov>
AuthorDate: Thu, 1 Oct 2015 09:04:22 -0400
Committer: Ingo Molnar <mi...@kernel.org>
CommitDate: Fri, 2
Warn on any residual W+x mappings if X86_PTDUMP is enabled.
Sample dmesg output:
Checking for W+x mappings
0x81755000-0x8180 684K RW GLB x
pte
Found W+x mappings. Please fix.
Signed-off-by: Stephen Smalley
---
Not sure if this is the best place
478M
pmd
Signed-off-by: Stephen Smalley
---
arch/x86/mm/init_64.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index 30564e2..df48430 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
478M
pmd
Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov>
---
arch/x86/mm/init_64.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index 30564e2..df48430 100644
--- a/arch/x86/mm/init_64.c
Warn on any residual W+x mappings if X86_PTDUMP is enabled.
Sample dmesg output:
Checking for W+x mappings
0x81755000-0x8180 684K RW GLB x
pte
Found W+x mappings. Please fix.
Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov>
---
No
On 09/29/2015 05:03 PM, Stephen Smalley wrote:
On 09/28/2015 04:00 PM, David Howells wrote:
The attached patches provide security support for unioned files where the
security involves an object-label-based LSM (such as SELinux) rather
than a
path-based LSM.
[Note that a number of the bits
On 09/29/2015 05:03 PM, Stephen Smalley wrote:
On 09/28/2015 04:00 PM, David Howells wrote:
The attached patches provide security support for unioned files where the
security involves an object-label-based LSM (such as SELinux) rather
than a
path-based LSM.
[Note that a number of the bits
) in file_has_perm() rather than
using the label on the lower inode.
Now the steps I have outlined in (b) and (c) seem to be at odds with what
Dan Walsh and Stephen Smalley want - but I'm not sure I follow what that
is, let alone how to do it:
Wanted to bring back the original
On 09/27/2015 11:10 AM, Geliang Tang wrote:
Fixes the following sparse warning:
security/selinux/hooks.c:3242:5: warning: symbol 'ioctl_has_perm' was
not declared. Should it be static?
Signed-off-by: Geliang Tang
Acked-by: Stephen Smalley
---
security/selinux/hooks.c | 2 +-
1
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
sprintf returns the number of characters printed (excluding '\0'), so
we can use that and avoid duplicating the length computation.
Signed-off-by: Rasmus Villemoes
Acked-by: Stephen Smalley
---
security/selinux/ss/services.c | 5 +
1
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
This is much simpler.
Signed-off-by: Rasmus Villemoes
Acked-by: Stephen Smalley
---
security/selinux/ss/services.c | 8 +---
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/security/selinux/ss/services.c b/security
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
Signed-off-by: Rasmus Villemoes
Acked-by: Stephen Smalley
---
security/selinux/ss/services.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
security_context_to_sid() expects a const char* argument, so there's
no point in casting away the const qualifier of value.
Signed-off-by: Rasmus Villemoes
Acked-by: Stephen Smalley
---
security/selinux/hooks.c | 2 +-
1 file changed, 1
copying and the test
for scontext_len being zero hint at that).
Introduce the helper security_context_str_to_sid() to do the strlen()
call and fix all callers.
Signed-off-by: Rasmus Villemoes
Acked-by: Stephen Smalley
---
security/selinux/hooks.c| 12
security
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
A few random things I stumbled on.
While I'm pretty sure of the change in 1/5, I'm also confused, because
the doc for the reverse security_sid_to_context state that
@scontext_len is set to "the length of the string", which one would
normally
) in file_has_perm() rather than
using the label on the lower inode.
Now the steps I have outlined in (b) and (c) seem to be at odds with what
Dan Walsh and Stephen Smalley want - but I'm not sure I follow what that
is, let alone how to do it:
Wanted to bring back the original
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
This is much simpler.
Signed-off-by: Rasmus Villemoes <li...@rasmusvillemoes.dk>
Acked-by: Stephen Smalley <s...@tycho.nsa.gov>
---
security/selinux/ss/services.c | 8 +---
1 file changed, 1 insertion(+), 7 deletions(-)
copying and the test
for scontext_len being zero hint at that).
Introduce the helper security_context_str_to_sid() to do the strlen()
call and fix all callers.
Signed-off-by: Rasmus Villemoes <li...@rasmusvillemoes.dk>
Acked-by: Stephen Smalley <s...@tycho.nsa.gov>
---
security/sel
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
Signed-off-by: Rasmus Villemoes <li...@rasmusvillemoes.dk>
Acked-by: Stephen Smalley <s...@tycho.nsa.gov>
---
security/selinux/ss/services.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/securit
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
sprintf returns the number of characters printed (excluding '\0'), so
we can use that and avoid duplicating the length computation.
Signed-off-by: Rasmus Villemoes <li...@rasmusvillemoes.dk>
Acked-by: Stephen Smalley <s...@tych
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
A few random things I stumbled on.
While I'm pretty sure of the change in 1/5, I'm also confused, because
the doc for the reverse security_sid_to_context state that
@scontext_len is set to "the length of the string", which one would
normally
On 09/25/2015 06:34 PM, Rasmus Villemoes wrote:
security_context_to_sid() expects a const char* argument, so there's
no point in casting away the const qualifier of value.
Signed-off-by: Rasmus Villemoes <li...@rasmusvillemoes.dk>
Acked-by: Stephen Smalley <s...@tych
On 09/27/2015 11:10 AM, Geliang Tang wrote:
Fixes the following sparse warning:
security/selinux/hooks.c:3242:5: warning: symbol 'ioctl_has_perm' was
not declared. Should it be static?
Signed-off-by: Geliang Tang <geliangt...@163.com>
Acked-by: Stephen Smalley <s...@tych
On 09/24/2015 06:25 PM, Kees Cook wrote:
> On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley wrote:
>> Hi,
>>
>> With the attached config and 4.3-rc2 on x86_64, I see the following in
>> /sys/kernel/debug/kernel_page_tables:
>> ...
>> ---[ High Ke
On 09/24/2015 06:25 PM, Kees Cook wrote:
> On Thu, Sep 24, 2015 at 1:26 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>> Hi,
>>
>> With the attached config and 4.3-rc2 on x86_64, I see the following in
>> /sys/kernel/debug/kernel_page_tables:
&
On 08/06/2015 11:44 AM, Seth Forshee wrote:
> On Thu, Aug 06, 2015 at 10:51:16AM -0400, Stephen Smalley wrote:
>> On 08/06/2015 10:20 AM, Seth Forshee wrote:
>>> On Wed, Aug 05, 2015 at 04:19:03PM -0500, Eric W. Biederman wrote:
>>>> Seth Forshee writes:
>>&g
On 08/06/2015 10:20 AM, Seth Forshee wrote:
> On Wed, Aug 05, 2015 at 04:19:03PM -0500, Eric W. Biederman wrote:
>> Seth Forshee writes:
>>
>>> On Wed, Jul 15, 2015 at 09:47:11PM -0500, Eric W. Biederman wrote:
Seth Forshee writes:
> Initially this will be used to eliminate the
On 08/06/2015 10:20 AM, Seth Forshee wrote:
On Wed, Aug 05, 2015 at 04:19:03PM -0500, Eric W. Biederman wrote:
Seth Forshee seth.fors...@canonical.com writes:
On Wed, Jul 15, 2015 at 09:47:11PM -0500, Eric W. Biederman wrote:
Seth Forshee seth.fors...@canonical.com writes:
Initially this
On 08/06/2015 11:44 AM, Seth Forshee wrote:
On Thu, Aug 06, 2015 at 10:51:16AM -0400, Stephen Smalley wrote:
On 08/06/2015 10:20 AM, Seth Forshee wrote:
On Wed, Aug 05, 2015 at 04:19:03PM -0500, Eric W. Biederman wrote:
Seth Forshee seth.fors...@canonical.com writes:
On Wed, Jul 15, 2015
On 07/24/2015 11:11 AM, Seth Forshee wrote:
> On Thu, Jul 23, 2015 at 11:23:31AM -0500, Seth Forshee wrote:
>> On Thu, Jul 23, 2015 at 11:36:03AM -0400, Stephen Smalley wrote:
>>> On 07/23/2015 10:39 AM, Seth Forshee wrote:
>>>> On Thu, Jul 23, 2015 at 09:57:20A
On 07/24/2015 11:11 AM, Seth Forshee wrote:
On Thu, Jul 23, 2015 at 11:23:31AM -0500, Seth Forshee wrote:
On Thu, Jul 23, 2015 at 11:36:03AM -0400, Stephen Smalley wrote:
On 07/23/2015 10:39 AM, Seth Forshee wrote:
On Thu, Jul 23, 2015 at 09:57:20AM -0400, Stephen Smalley wrote:
On 07/22/2015
On 07/27/2015 03:32 PM, Hugh Dickins wrote:
> On Fri, 24 Jul 2015, Stephen Smalley wrote:
>
>> The shm implementation internally uses shmem or hugetlbfs inodes
>> for shm segments. As these inodes are never directly exposed to
>> userspace and only accessed through
On 07/27/2015 03:32 PM, Hugh Dickins wrote:
On Fri, 24 Jul 2015, Stephen Smalley wrote:
The shm implementation internally uses shmem or hugetlbfs inodes
for shm segments. As these inodes are never directly exposed to
userspace and only accessed through the shm operations which are
already
On 07/23/2015 08:11 PM, Dave Chinner wrote:
> On Thu, Jul 23, 2015 at 12:28:33PM -0400, Stephen Smalley wrote:
>> The shm implementation internally uses shmem or hugetlbfs inodes
>> for shm segments. As these inodes are never directly exposed to
>> userspace and only acc
_64_fastpath+0x12/0x76
Reported-by: Morten Stevens
Signed-off-by: Stephen Smalley
---
This version only differs in the patch description, which restores
the original lockdep trace from Morten Stevens. It was unfortunately
mangled in the prior version.
fs/hugetlbfs/inode.c | 2 ++
ipc/shm.c
/0x180
Jul 22 14:36:40 fc23 kernel: [81386c25] SyS_shmdt+0xb5/0x180
Jul 22 14:36:40 fc23 kernel: [81871d2e]
entry_SYSCALL_64_fastpath+0x12/0x76
Reported-by: Morten Stevens mstev...@fedoraproject.org
Signed-off-by: Stephen Smalley s...@tycho.nsa.gov
---
This version only differs
On 07/23/2015 08:11 PM, Dave Chinner wrote:
On Thu, Jul 23, 2015 at 12:28:33PM -0400, Stephen Smalley wrote:
The shm implementation internally uses shmem or hugetlbfs inodes
for shm segments. As these inodes are never directly exposed to
userspace and only accessed through the shm operations
180
[] SyS_shmdt+0xb5/0x180
[] entry_SYSCALL_64_fastpath+0x12/0x76
Reported-by: Morten Stevens
Signed-off-by: Stephen Smalley
---
fs/hugetlbfs/inode.c | 2 ++
ipc/shm.c| 2 +-
mm/shmem.c | 4 ++--
3 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/fs/hugetlbfs/ino
On 07/23/2015 10:39 AM, Seth Forshee wrote:
> On Thu, Jul 23, 2015 at 09:57:20AM -0400, Stephen Smalley wrote:
>> On 07/22/2015 04:40 PM, Stephen Smalley wrote:
>>> On 07/22/2015 04:25 PM, Stephen Smalley wrote:
>>>> On 07/22/2015 12:14 PM, Seth Forshee wrote:
>&
On 07/22/2015 04:40 PM, Stephen Smalley wrote:
> On 07/22/2015 04:25 PM, Stephen Smalley wrote:
>> On 07/22/2015 12:14 PM, Seth Forshee wrote:
>>> On Wed, Jul 22, 2015 at 12:02:13PM -0400, Stephen Smalley wrote:
>>>> On 07/16/2015 09:23 AM, Stephen Smalley wrote:
>
On 07/22/2015 04:40 PM, Stephen Smalley wrote:
On 07/22/2015 04:25 PM, Stephen Smalley wrote:
On 07/22/2015 12:14 PM, Seth Forshee wrote:
On Wed, Jul 22, 2015 at 12:02:13PM -0400, Stephen Smalley wrote:
On 07/16/2015 09:23 AM, Stephen Smalley wrote:
On 07/15/2015 03:46 PM, Seth Forshee wrote
On 07/23/2015 10:39 AM, Seth Forshee wrote:
On Thu, Jul 23, 2015 at 09:57:20AM -0400, Stephen Smalley wrote:
On 07/22/2015 04:40 PM, Stephen Smalley wrote:
On 07/22/2015 04:25 PM, Stephen Smalley wrote:
On 07/22/2015 12:14 PM, Seth Forshee wrote:
On Wed, Jul 22, 2015 at 12:02:13PM -0400
] remove_vma+0x45/0x80
[81222a30] do_munmap+0x2b0/0x460
[81386bbb] ? SyS_shmdt+0x4b/0x180
[81386c25] SyS_shmdt+0xb5/0x180
[81871d2e] entry_SYSCALL_64_fastpath+0x12/0x76
Reported-by: Morten Stevens mstev...@fedoraproject.org
Signed-off-by: Stephen Smalley s
On 07/22/2015 08:46 AM, Morten Stevens wrote:
> 2015-06-17 13:45 GMT+02:00 Morten Stevens :
>> 2015-06-15 8:09 GMT+02:00 Daniel Wagner :
>>> On 06/14/2015 06:48 PM, Hugh Dickins wrote:
It appears that, at some point last year, XFS made directory handling
changes which bring it into
On 07/22/2015 04:25 PM, Stephen Smalley wrote:
> On 07/22/2015 12:14 PM, Seth Forshee wrote:
>> On Wed, Jul 22, 2015 at 12:02:13PM -0400, Stephen Smalley wrote:
>>> On 07/16/2015 09:23 AM, Stephen Smalley wrote:
>>>> On 07/15/2015 03:46 PM, Seth Forshee wrote:
&
On 07/22/2015 12:14 PM, Seth Forshee wrote:
> On Wed, Jul 22, 2015 at 12:02:13PM -0400, Stephen Smalley wrote:
>> On 07/16/2015 09:23 AM, Stephen Smalley wrote:
>>> On 07/15/2015 03:46 PM, Seth Forshee wrote:
>>>> Unprivileged users should not be able to supply secur
On 07/16/2015 09:23 AM, Stephen Smalley wrote:
> On 07/15/2015 03:46 PM, Seth Forshee wrote:
>> Unprivileged users should not be able to supply security labels
>> in filesystems, nor should they be able to supply security
>> contexts in unprivileged mounts. For any
On 07/16/2015 09:23 AM, Stephen Smalley wrote:
On 07/15/2015 03:46 PM, Seth Forshee wrote:
Unprivileged users should not be able to supply security labels
in filesystems, nor should they be able to supply security
contexts in unprivileged mounts. For any mount where s_user_ns
On 07/22/2015 12:14 PM, Seth Forshee wrote:
On Wed, Jul 22, 2015 at 12:02:13PM -0400, Stephen Smalley wrote:
On 07/16/2015 09:23 AM, Stephen Smalley wrote:
On 07/15/2015 03:46 PM, Seth Forshee wrote:
Unprivileged users should not be able to supply security labels
in filesystems, nor should
On 07/22/2015 04:25 PM, Stephen Smalley wrote:
On 07/22/2015 12:14 PM, Seth Forshee wrote:
On Wed, Jul 22, 2015 at 12:02:13PM -0400, Stephen Smalley wrote:
On 07/16/2015 09:23 AM, Stephen Smalley wrote:
On 07/15/2015 03:46 PM, Seth Forshee wrote:
Unprivileged users should not be able
On 07/22/2015 08:46 AM, Morten Stevens wrote:
2015-06-17 13:45 GMT+02:00 Morten Stevens mstev...@fedoraproject.org:
2015-06-15 8:09 GMT+02:00 Daniel Wagner w...@monom.org:
On 06/14/2015 06:48 PM, Hugh Dickins wrote:
It appears that, at some point last year, XFS made directory handling
changes
On 07/15/2015 03:46 PM, Seth Forshee wrote:
> Unprivileged users should not be able to supply security labels
> in filesystems, nor should they be able to supply security
> contexts in unprivileged mounts. For any mount where s_user_ns is
> not init_user_ns, force the use of SECURITY_FS_USE_NONE
On 07/15/2015 09:05 PM, Andy Lutomirski wrote:
> On Jul 15, 2015 3:34 PM, "Eric W. Biederman" wrote:
>>
>> Seth Forshee writes:
>>
>>> On Wed, Jul 15, 2015 at 04:06:35PM -0500, Eric W. Biederman wrote:
Casey Schaufler writes:
> On 7/15/2015 12:46 PM, Seth Forshee wrote:
>>
On 07/15/2015 03:46 PM, Seth Forshee wrote:
Unprivileged users should not be able to supply security labels
in filesystems, nor should they be able to supply security
contexts in unprivileged mounts. For any mount where s_user_ns is
not init_user_ns, force the use of SECURITY_FS_USE_NONE
On 07/15/2015 09:05 PM, Andy Lutomirski wrote:
On Jul 15, 2015 3:34 PM, Eric W. Biederman ebied...@xmission.com wrote:
Seth Forshee seth.fors...@canonical.com writes:
On Wed, Jul 15, 2015 at 04:06:35PM -0500, Eric W. Biederman wrote:
Casey Schaufler ca...@schaufler-ca.com writes:
On
On 07/08/2015 09:37 AM, Stephen Smalley wrote:
> On 07/08/2015 06:25 AM, Paul Osmialowski wrote:
>> Originates from:
>>
>> https://github.com/lmctl/kdbus.git (branch: kdbus-lsm-v4.for-systemd-v212)
>> commit: aa0885489d19be92fa41c6f0a71df28763228a40
>>
&g
On 07/10/2015 12:48 PM, David Herrmann wrote:
> Hi
>
> On Fri, Jul 10, 2015 at 4:47 PM, Stephen Smalley wrote:
>> On 07/10/2015 09:43 AM, David Herrmann wrote:
>>> On Fri, Jul 10, 2015 at 3:25 PM, Stephen Smalley wrote:
>>>> On 07/09/2015 06:22 PM, Da
On 07/08/2015 09:37 AM, Stephen Smalley wrote:
> On 07/08/2015 06:25 AM, Paul Osmialowski wrote:
>> Originates from:
>>
>> https://github.com/lmctl/kdbus.git (branch: kdbus-lsm-v4.for-systemd-v212)
>> commit: aa0885489d19be92fa41c6f0a71df28763228a40
>>
&g
On 07/10/2015 09:43 AM, David Herrmann wrote:
> Hi
>
> On Fri, Jul 10, 2015 at 3:25 PM, Stephen Smalley wrote:
>> On 07/09/2015 06:22 PM, David Herrmann wrote:
>>> To be clear, faking metadata has one use-case, and one use-case only:
>>> dbus1 compatibility
and ashmem.
Signed-off-by: Stephen Smalley
---
security/selinux/hooks.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6231081..564079c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3283
On 07/10/2015 05:05 AM, David Herrmann wrote:
> Hi
>
> On Fri, Jul 10, 2015 at 12:56 AM, Casey Schaufler
> wrote:
>> On 7/9/2015 3:22 PM, David Herrmann wrote:
>>> Regarding requiring CAP_SYS_ADMIN, I don't really see the point. In
>>> the kdbus security model, if you don't trust the
On 07/09/2015 06:22 PM, David Herrmann wrote:
> Hi
>
> On Thu, Jul 9, 2015 at 8:26 PM, Stephen Smalley wrote:
>> Hi,
>>
>> I have a concern with the support for faked credentials in kdbus, but
>> don't know enough about the original motivation or intended use
On 07/10/2015 03:48 AM, Hugh Dickins wrote:
> On Thu, 9 Jul 2015, Stephen Smalley wrote:
>> On 07/09/2015 04:23 AM, Hugh Dickins wrote:
>>> On Wed, 8 Jul 2015, Stephen Smalley wrote:
>>>> On 07/08/2015 09:13 AM, Stephen Smalley wrote:
>>>>> On Sun,
On 07/10/2015 03:48 AM, Hugh Dickins wrote:
On Thu, 9 Jul 2015, Stephen Smalley wrote:
On 07/09/2015 04:23 AM, Hugh Dickins wrote:
On Wed, 8 Jul 2015, Stephen Smalley wrote:
On 07/08/2015 09:13 AM, Stephen Smalley wrote:
On Sun, Jun 14, 2015 at 12:48 PM, Hugh Dickins hu...@google.com wrote
On 07/10/2015 05:05 AM, David Herrmann wrote:
Hi
On Fri, Jul 10, 2015 at 12:56 AM, Casey Schaufler
ca...@schaufler-ca.com wrote:
On 7/9/2015 3:22 PM, David Herrmann wrote:
Regarding requiring CAP_SYS_ADMIN, I don't really see the point. In
the kdbus security model, if you don't trust the
.
Signed-off-by: Stephen Smalley s...@tycho.nsa.gov
---
security/selinux/hooks.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6231081..564079c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3283,7
On 07/10/2015 09:43 AM, David Herrmann wrote:
Hi
On Fri, Jul 10, 2015 at 3:25 PM, Stephen Smalley s...@tycho.nsa.gov wrote:
On 07/09/2015 06:22 PM, David Herrmann wrote:
To be clear, faking metadata has one use-case, and one use-case only:
dbus1 compatibility
In dbus1, clients connect
On 07/09/2015 06:22 PM, David Herrmann wrote:
Hi
On Thu, Jul 9, 2015 at 8:26 PM, Stephen Smalley s...@tycho.nsa.gov wrote:
Hi,
I have a concern with the support for faked credentials in kdbus, but
don't know enough about the original motivation or intended use case to
evaluate
On 07/10/2015 12:48 PM, David Herrmann wrote:
Hi
On Fri, Jul 10, 2015 at 4:47 PM, Stephen Smalley s...@tycho.nsa.gov wrote:
On 07/10/2015 09:43 AM, David Herrmann wrote:
On Fri, Jul 10, 2015 at 3:25 PM, Stephen Smalley s...@tycho.nsa.gov wrote:
On 07/09/2015 06:22 PM, David Herrmann wrote
On 07/08/2015 09:37 AM, Stephen Smalley wrote:
On 07/08/2015 06:25 AM, Paul Osmialowski wrote:
Originates from:
https://github.com/lmctl/kdbus.git (branch: kdbus-lsm-v4.for-systemd-v212)
commit: aa0885489d19be92fa41c6f0a71df28763228a40
Signed-off-by: Karol Lewandowski k.lewando
On 07/08/2015 09:37 AM, Stephen Smalley wrote:
On 07/08/2015 06:25 AM, Paul Osmialowski wrote:
Originates from:
https://github.com/lmctl/kdbus.git (branch: kdbus-lsm-v4.for-systemd-v212)
commit: aa0885489d19be92fa41c6f0a71df28763228a40
Signed-off-by: Karol Lewandowski k.lewando
Hi,
I have a concern with the support for faked credentials in kdbus, but
don't know enough about the original motivation or intended use case to
evaluate it concretely. I raised this issue during the "kdbus for
4.1-rc1" thread a while back but none of the kdbus maintainers
responded, and the
On 07/09/2015 04:23 AM, Hugh Dickins wrote:
> On Wed, 8 Jul 2015, Stephen Smalley wrote:
>> On 07/08/2015 09:13 AM, Stephen Smalley wrote:
>>> On Sun, Jun 14, 2015 at 12:48 PM, Hugh Dickins wrote:
>>>> It appears that, at some point last year, XFS made directory han
Hi,
I have a concern with the support for faked credentials in kdbus, but
don't know enough about the original motivation or intended use case to
evaluate it concretely. I raised this issue during the kdbus for
4.1-rc1 thread a while back but none of the kdbus maintainers
responded, and the one
On 07/09/2015 04:23 AM, Hugh Dickins wrote:
On Wed, 8 Jul 2015, Stephen Smalley wrote:
On 07/08/2015 09:13 AM, Stephen Smalley wrote:
On Sun, Jun 14, 2015 at 12:48 PM, Hugh Dickins hu...@google.com wrote:
It appears that, at some point last year, XFS made directory handling
changes which
On 07/08/2015 01:47 PM, Casey Schaufler wrote:
> On 7/8/2015 10:29 AM, Linus Torvalds wrote:
>> On Wed, Jul 8, 2015 at 10:17 AM, Linus Torvalds
>> wrote:
>>> Decoding the "Code:" line shows that this is the "->fw_id" dereference in
>>>
>>> if (add_uevent_var(env, "FIRMWARE=%s",
On 07/08/2015 09:13 AM, Stephen Smalley wrote:
> On Sun, Jun 14, 2015 at 12:48 PM, Hugh Dickins wrote:
>> It appears that, at some point last year, XFS made directory handling
>> changes which bring it into lockdep conflict with shmem_zero_setup():
>> it is surprising
On 07/08/2015 06:25 AM, Paul Osmialowski wrote:
> This adds implementation of three smack callbacks sitting behind kdbus
> security hooks as proposed by Karol Lewandowski.
>
> Originates from:
>
> git://git.infradead.org/users/pcmoore/selinux (branch: working-kdbus)
> commit:
On 07/08/2015 06:25 AM, Paul Osmialowski wrote:
> Originates from:
>
> https://github.com/lmctl/kdbus.git (branch: kdbus-lsm-v4.for-systemd-v212)
> commit: aa0885489d19be92fa41c6f0a71df28763228a40
>
> Signed-off-by: Karol Lewandowski
> Signed-off-by: Paul Osmialowski
> ---
> ipc/kdbus/bus.c
On Sun, Jun 14, 2015 at 12:48 PM, Hugh Dickins wrote:
> It appears that, at some point last year, XFS made directory handling
> changes which bring it into lockdep conflict with shmem_zero_setup():
> it is surprising that mmap() can clone an inode while holding mmap_sem,
> but that has been so
On 07/08/2015 06:25 AM, Paul Osmialowski wrote:
Originates from:
https://github.com/lmctl/kdbus.git (branch: kdbus-lsm-v4.for-systemd-v212)
commit: aa0885489d19be92fa41c6f0a71df28763228a40
Signed-off-by: Karol Lewandowski k.lewando...@samsung.com
Signed-off-by: Paul Osmialowski
On Sun, Jun 14, 2015 at 12:48 PM, Hugh Dickins hu...@google.com wrote:
It appears that, at some point last year, XFS made directory handling
changes which bring it into lockdep conflict with shmem_zero_setup():
it is surprising that mmap() can clone an inode while holding mmap_sem,
but that
401 - 500 of 1023 matches
Mail list logo
