we only have a
few more week until the merge window I like my odds. FWIW, I
typically do a test merge on top of Linus' tree before sending the
SELinux PR just to verify that everything is relatively clean and
there are no surprises.
Ondrej, please work with David Howells to ensure that submounts are
handled correctly in his mount rework.
--
paul moore
www.paul-moore.com
M_GETCHAIN
(2018-11-29 11:32:02 -0500)
selinux/stable-4.20 PR 20181129
----
Paul Moore (1):
selinux: add support for RTM_NEWCHAIN, RTM_DELCHAIN, and RTM_GETCHAIN
On Thu, Nov 29, 2018 at 5:07 AM Ondrej Mosnacek wrote:
>
> On Wed, Nov 28, 2018 at 10:52 PM Paul Moore wrote:
> > On Tue, Nov 27, 2018 at 6:50 AM Stephen Rothwell
> > wrote:
> > > Hi Ondrej,
> > >
> > > On Tue, 27 Nov 2018 09:53:32 +0100 Ondr
R 20181115
Ondrej Mosnacek (1):
selinux: check length properly in SCTP bind hook
Paul Moore (1):
selinux: fix non-MLS handling in mls_context_to_sid()
security/selinux/hooks.c | 3 +++
security/selinux/ss/mls.c | 10 +++---
2 files changed, 10 insertions(+), 3 deletions(-)
--
uct *tsk)
> if (context->in_syscall && context->current_state ==
> AUDIT_RECORD_CONTEXT)
> audit_log_exit(context, tsk);
> if (!list_empty(&context->killed_trees))
> - audit_kill_trees(&context->killed_trees)
;in_syscall && context->current_state ==
> AUDIT_RECORD_CONTEXT)
> audit_log_exit(context, current);
>
> context->in_syscall = 0;
> context->prio = context->state == AUDIT_RECORD_CONTEXT ? ~0ULL : 0;
>
> - if (!list_empty
ec53c5000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> fc fc
> [15030.184714] >801ec53c5080: 01 fc fc fc fc fc fc fc fc fc fc fc fc fc
> fc fc
> [15030.191934]^
> [15030.195164] 801ec53c5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> fc fc
&g
On Mon, Nov 12, 2018 at 7:59 PM Qian Cai wrote:
> > On Nov 12, 2018, at 7:41 PM, Paul Moore wrote:
> > On Mon, Nov 12, 2018 at 2:39 PM Qian Cai wrote:
> >>
> >> Running the trinity fuzzer on the latest mainline (rc2) generates this,
> >>
> >>
On Mon, Nov 12, 2018 at 10:11 PM Qian Cai wrote:
> > On Nov 12, 2018, at 10:09 PM, Paul Moore wrote:
> >
> > On Mon, Nov 12, 2018 at 7:59 PM Qian Cai wrote:
> >>> On Nov 12, 2018, at 7:41 PM, Paul Moore wrote:
> >>> On Mon, Nov 12, 2018 at 2:39 PM
On Tue, Nov 13, 2018 at 8:52 AM Qian Cai wrote:
> On 11/13/18 at 8:33 AM, Paul Moore wrote:
> > On Mon, Nov 12, 2018 at 10:11 PM Qian Cai wrote:
> > > > On Nov 12, 2018, at 10:09 PM, Paul Moore wrote:
> > > >
> > > > On Mon, Nov 12, 2018 at 7:59 PM Q
the cause - Qian, can you test this patch if it fixes
> the problem?
>
> security/selinux/hooks.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 7ce683259357..a67459eb62d5 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -5318,6 +5318,9 @@ static int selinux_sctp_bind_connect(struct sock *sk,
> int optname,
> addr_buf = address;
>
> while (walk_size < addrlen) {
> + if (walk_size + sizeof(sa_family_t) > addrlen)
> + return -EINVAL;
> +
> addr = addr_buf;
> switch (addr->sa_family) {
> case AF_UNSPEC:
Good catch, I think you're right about this. I'll give Qian a bit to
see if he can verify this, but as of right now I'm going to plan on
merging this into selinux/stable-4.20.
--
paul moore
www.paul-moore.com
> > fc
> > > fc fc
> > > [15030.191934]^
> > > [15030.195164] 801ec53c5100: fc fc fc fc fc fc fc fc fc fc fc fc fc
> > > fc
> > > fc fc
> > > [15030.202386] 801ec53c5180: fc fc fc fc fc fc fc fc fc fc fc fc f
On Tue, Dec 4, 2018 at 9:40 AM Stephen Smalley wrote:
> On 12/3/18 6:27 PM, Paul Moore wrote:
> > On Thu, Nov 29, 2018 at 5:22 PM Daniel Walsh wrote:
> >> On 11/29/18 2:47 PM, Miklos Szeredi wrote:
> >>> On Thu, Nov 29, 2018 at 5:14 PM Stephen Smalley
> &
conversion really should only
apply to normal files where you can do a copy-up.
> With SELinux we are also always checking not only the file access to the
> socker, but also checking whether the label of the client is able to
> talk to the label of the server daemon. So we are protected by a
> secondary check.
That's making some assumptions on the LSM and the LSM's loaded policy
and is not something I would want to rely on.
--
paul moore
www.paul-moore.com
t; {
> > return do_seccomp(op, flags, uargs);
> > }
> > @@ -956,10 +956,10 @@ SYSCALL_DEFINE3(seccomp, unsigned int, op, unsigned
> > int, flags,
> > *
> > * Returns 0 on success or -EINVAL on failure.
> > */
> > -long prctl_set_seccomp(unsigned long seccomp_mode, char __user *filter)
> > +long prctl_set_seccomp(unsigned long seccomp_mode, void __user *filter)
> > {
> > unsigned int op;
> > - char __user *uargs;
> > + void __user *uargs;
> >
> > switch (seccomp_mode) {
> > case SECCOMP_MODE_STRICT:
> > --
> > 2.19.1
--
paul moore
www.paul-moore.com
ial = 0;
> > - context->ctime = current_kernel_time64();
> > context->in_syscall = 1;
> > context->current_state = state;
> > context->ppid = 0;
> > + ktime_get_coarse_ts64(&context->ctime);
> > }
> >
> > /**
> > --
> > 2.9.0
> >
>
> - RGB
>
> --
> Richard Guy Briggs
> Sr. S/W Engineer, Kernel Security, Base Operating Systems
> Remote, Ottawa, Red Hat Canada
> IRC: rgb, SunRaycer
> Voice: +1.647.777.2635, Internal: (81) 32635
--
paul moore
www.paul-moore.com
| 5 -
> kernel/taskstats.c | 4 +++-
> kernel/torture.c | 6 +++--
> kernel/tracepoint.c| 3 +++
> kernel/workqueue.c | 2 ++
> 22 files changed, 122 insertions(+), 88 deletions(-)
The audit change looks fine to me, thanks Joe.
Acked-by: Paul Moore
>
sk_getsecid(tsk, &audit_sig_sid);
A gentle reminder that you should try to make you patches as
"checkpatch clean" as possible (see scripts/checkpatch.pl). There are
several 80-char warnings, which aren't fatal, but the big no-no is
below:
ERROR: do not use assignment in if condition
#72: FILE: kernel/auditsc.c:2290:
+ if (uid_valid(auid = audit_get_loginuid(tsk)))
... while I don't completely agree with everything checkpatch has to
say, I definitely agree with checkpatch when it comes to assignments
in if conditions.
--
paul moore
www.paul-moore.com
(loginuid)) {
> sessionid = (unsigned int)atomic_inc_return(&session_id);
> - if (unlikely(sessionid == (unsigned int)-1))
> + if (unlikely(sessionid == AUDIT_SID_UNSET))
> sessionid = (unsigned
> int)atomic_inc_return(&session_id);
> }
>
> --
> 1.8.3.1
>
--
paul moore
www.paul-moore.com
deletions(-)
Merged, but there was some fuzz due to the missing 1/5 patch and a
handfull of checkpatch.pl fixes. Please take a look at the commit in
the audit/next branch and if anything looks awry please send a patch
to fix it.
--
paul moore
www.paul-moore.com
hard Guy Briggs
> ---
> include/linux/audit.h | 6 ++
> kernel/auditsc.c | 7 +++
> kernel/fork.c | 2 +-
> 3 files changed, 10 insertions(+), 5 deletions(-)
Merged with some minor fuzz.
--
paul moore
www.paul-moore.com
int return_valid,
> long return_code)
> {
> - struct audit_context *context = tsk->audit_context;
> + struct audit_context *context = tsk->audit.ctx;
>
> if (!context)
> return NULL;
> @@ -2066,8 +2066,8 @@ int audit_set_loginuid(kuid_t loginuid)
> sessionid = (unsigned
> int)atomic_inc_return(&session_id);
> }
>
> - task->sessionid = sessionid;
> - task->loginuid = loginuid;
> + task->audit.sessionid = sessionid;
> + task->audit.loginuid = loginuid;
> out:
> audit_log_set_loginuid(oldloginuid, loginuid, oldsessionid,
> sessionid, rc);
> return rc;
> --
> 1.8.3.1
>
--
paul moore
www.paul-moore.com
e likely going to need to "associate" this record (audit speak for
making the first parameter non-NULL) with others for the audit
container ID work. If you do it now, Richard's patches will likely
get a few lines smaller and that will surely make him a bit happier :)
> We would have to fix current->context in this case since it is NULL. We get
> to this location by root cat'ing a policy or writing a policy filename into
> /sys/kernel/security/ima/policy.
Perhaps I'm missing something, but current in this case should point
to the process which is writing to the policy file, yes?
--
paul moore
www.paul-moore.com
100644
> --- a/net/netlabel/netlabel_user.c
> +++ b/net/netlabel/netlabel_user.c
> @@ -101,7 +101,7 @@ struct audit_buffer *netlbl_audit_start_common(int type,
> char *secctx;
> u32 secctx_len;
>
> - if (audit_enabled == 0)
> + if (!audit_enabled)
> return NULL;
>
> audit_buf = audit_log_start(audit_context(), GFP_ATOMIC, type);
> --
> 1.8.3.1
>
--
paul moore
www.paul-moore.com
t; (sig == SIGTERM || sig == SIGHUP ||
> sig == SIGUSR1 || sig == SIGUSR2)) {
> audit_sig_pid = task_tgid_nr(current);
> - if (uid_valid(current->loginuid))
> - audit_sig_uid = current->loginuid;
> + auid = audit_get_loginuid(current);
> + if (uid_valid(auid))
> + audit_sig_uid = auid;
> else
> audit_sig_uid = uid;
> security_task_getsecid(current, &audit_sig_sid);
> --
> 1.8.3.1
>
--
paul moore
www.paul-moore.com
t, GFP_KERNEL,
> + ab = audit_log_start(audit_context(), GFP_KERNEL,
> AUDIT_CONFIG_CHANGE);
> if (unlikely(!ab))
> return;
> --
> 1.8.3.1
--
paul moore
www.paul-moore.com
audit_kill_trees(&context->killed_trees);
>
> @@ -2071,8 +2104,8 @@ int audit_set_loginuid(kuid_t loginuid)
> sessionid = (unsigned
> int)atomic_inc_return(&session_id);
> }
>
> - task->sessionid = sessionid;
> - task->loginuid = loginuid;
> + task->audit->sessionid = sessionid;
> + task->audit->loginuid = loginuid;
> out:
> audit_log_set_loginuid(oldloginuid, loginuid, oldsessionid,
> sessionid, rc);
> return rc;
> diff --git a/kernel/fork.c b/kernel/fork.c
> index cd18448..92ab849 100644
> --- a/kernel/fork.c
> +++ b/kernel/fork.c
> @@ -1713,7 +1713,7 @@ static __latent_entropy struct task_struct
> *copy_process(
> p->start_time = ktime_get_ns();
> p->real_start_time = ktime_get_boot_ns();
> p->io_context = NULL;
> - audit_set_context(p, NULL);
> + p->audit = NULL;
> cgroup_fork(p);
> #ifdef CONFIG_NUMA
> p->mempolicy = mpol_dup(p->mempolicy);
> --
> 1.8.3.1
--
paul moore
www.paul-moore.com
G_AUDITSYSCALL
> p->audit = NULL;
> +#endif /* CONFIG_AUDITSYSCALL */
> cgroup_fork(p);
> #ifdef CONFIG_NUMA
> p->mempolicy = mpol_dup(p->mempolicy);
> --
> 1.8.3.1
--
paul moore
www.paul-moore.com
return;
> - audit_log_format(ab, "auid=%u ses=%u" ,loginuid, sessionid);
> + audit_log_session_info(ab);
> audit_log_task_context(ab);
> audit_log_format(ab, " op=%s", action);
> audit_log_key(ab, rule->filterkey);
> --
> 1.8.3.1
>
--
paul moore
www.paul-moore.com
On Tue, Dec 11, 2018 at 9:45 PM Richard Guy Briggs wrote:
> On 2018-12-11 18:26, Paul Moore wrote:
> > On Tue, Dec 11, 2018 at 5:41 PM Richard Guy Briggs wrote:
> > > On 2018-12-11 17:31, Paul Moore wrote:
> > > > On Mon, Dec 10, 2018 at 5:18 PM Rich
), 9 deletions(-)
Just to get this out of the way, don't use "moar", spell it properly.
Beyond that, it's not clear to me from your cover letter if you are
proposing these patches as an "or" or as an "and"; assuming the
patch(es) are reasonable, do you want us to merge both of these
patches, or only the one we like the most?
--
paul moore
www.paul-moore.com
reviously included header files, I
like leaving it as an explicit include to help document the dependency
and protect us from changes in the other header files.
--
paul moore
www.paul-moore.com
On Thu, Dec 13, 2018 at 8:33 PM YueHaibing wrote:
> On 2018/12/14 7:42, Paul Moore wrote:
> > On Sun, Dec 9, 2018 at 1:25 AM YueHaibing wrote:
> >> Remove duplicated include.
> >>
> >> Signed-off-by: YueHaibing
> >> ---
> >>
On Fri, Dec 14, 2018 at 11:27 AM Richard Guy Briggs wrote:
> On 2018-12-12 08:03, Paul Moore wrote:
> > On Fri, Nov 16, 2018 at 12:34 PM Richard Guy Briggs wrote:
> > > On user and remote filesystems, a forced umount can still hang due to
> > > attemting to f
n on sending the revert to Linus? I just
tested v4.20-rc6 and the problem persists.
--
paul moore
www.paul-moore.com
e changes
>
> kernel/audit.c | 33 +++------
> kernel/audit.h | 4 ++--
> kernel/audit_fsnotify.c | 4 ++--
> kernel/audit_tree.c | 28 +++-
> kernel/audit_watch.c| 8 +---
> kernel/auditfilter.c| 2 +-
> kernel/auditsc.c| 12 ++--
> 7 files changed, 54 insertions(+), 37 deletions(-)
In order to make sure expectations are set appropriately, as we are at
-rc6 right now this is not something that would go into audit/next now
(assuming everything looks okay on review), it would go into
audit/next *after* the upcoming merge window.
--
paul moore
www.paul-moore.com
On Tue, Dec 11, 2018 at 5:41 PM Richard Guy Briggs wrote:
> On 2018-12-11 17:31, Paul Moore wrote:
> > On Mon, Dec 10, 2018 at 5:18 PM Richard Guy Briggs wrote:
...
> > > Richard Guy Briggs (4):
> > > audit: give a clue what CONFIG_CHANGE op was involved
On Thu, Nov 1, 2018 at 6:07 PM Richard Guy Briggs wrote:
> On 2018-10-19 19:15, Paul Moore wrote:
> > On Sun, Aug 5, 2018 at 4:32 AM Richard Guy Briggs
wrote:
> > > The audit-related parameters in struct task_struct
should ideally be
> > > collected together and access
On Thu, Nov 1, 2018 at 2:49 PM Richard Guy Briggs wrote:
> On 2018-10-19 19:17, Paul Moore wrote:
> > On Sun, Aug 5, 2018 at 4:33 AM Richard Guy Briggs
wrote:
> > > Standalone audit records have the timestamp and serial
number generated
> > > on the fly and as s
On Wed, Oct 31, 2018 at 5:17 PM Richard Guy Briggs wrote:
> On 2018-10-19 19:17, Paul Moore wrote:
> > On Sun, Aug 5, 2018 at 4:33 AM Richard Guy Briggs
wrote:
> > > Add audit container identifier auxiliary record to tty
logging rule
> > > event standalone records
with other upstream review to get other angles and to
> take some of the load and responsibility off the primary maintainer.
>
> I expect to submit a v5 within a week without having had those questions
> directly answered, but with some ideas of what to check and verify
> before I resubmit. Most of the changes have been sitting in that branch
> for two months, already rebased one kernel version and will need
> updating again.
--
paul moore
www.paul-moore.com
he entire set first before commenting.
The most recent reply to patch 0/10 wasn't saved as a draft before sending.
> On 2019-01-03 15:10, Paul Moore wrote:
> > On Thu, Nov 1, 2018 at 6:07 PM Richard Guy Briggs wrote:
> > > On 2018-10-19 19:15, Paul Moore wrote:
> > &g
pendently of chunk
audit: Guarantee forward progress of chunk untagging
audit: Drop all unused chunk nodes during deletion
audit: Simplify locking around untag_chunk()
audit: Replace chunk attached to mark instead of replacing mark
audit: Use 'mark' name for fsnotify_m
| 222 +--
security/selinux/ss/services.h| 2 +-
security/selinux/ss/sidtab.c | 609 ++-
security/selinux/ss/sidtab.h | 96 +++--
10 files changed, 626 insertions(+), 397 deletions(-)
--
paul moore
www.paul-moore.com
On Thu, Dec 27, 2018 at 10:34 AM Richard Guy Briggs wrote:
> On 2018-10-31 15:30, Richard Guy Briggs wrote:
> > On 2018-10-19 19:18, Paul Moore wrote:
> > > On Sun, Aug 5, 2018 at 4:33 AM Richard Guy Briggs wrote:
> > > > Add audit container identifier auxili
On October 10, 2018 11:34:11 AM Jann Horn wrote:
> On Wed, Oct 10, 2018 at 5:32 PM Paul Moore wrote:
>> On Tue, Oct 9, 2018 at 9:36 AM Jann Horn wrote:
>>> +cc selinux people explicitly, since they probably have opinions on this
>>
>> I just spent about twenty
/selinux/ss/mls.h | 2 +-
security/selinux/ss/policydb.c | 2 +-
security/selinux/ss/services.c | 12 +--
5 files changed, 88 insertions(+), 111 deletions(-)
--
paul moore
www.paul-moore.com
On Oct 20, 2023 "Michael S. Tsirkin" wrote:
>
> This patch introduces LSM hooks for devices creation,
> destruction and opening operations, checking the
> application is allowed to perform these operations for
> the Virtio device type.
>
> Signed-off-by: Maxime Coquelin
> ---
> drivers/vdpa/vd
On Mon, Dec 18, 2023 at 12:21 PM Stephen Smalley
wrote:
> On Tue, Dec 12, 2023 at 8:17 AM Maxime Coquelin
> wrote:
> > This patch introduces a LSM hook for devices creation,
> > destruction (ioctl()) and opening (open()) operations,
> > checking the application is allowed to perform these
> > ope
On Aug 17, 2023 Paul Moore wrote:
>
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
> (for arra
y indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> functions).
>
> As found with Coccinelle[1], add __counted_by for struct sidtab_str_cache.
>
> [1]
> https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
>
> Cc: Paul Moore
> C
urity/selinux/ss/hashtab.c | 2 +-
security/selinux/ss/services.c | 10 +--
security/selinux/xfrm.c | 2 +-
23 files changed, 294 insertions(+), 105 deletions(-)
--
paul moore
www.paul-moore.com
() return void
Zheng Yongjun (1):
kernel/audit: convert comma to semicolon
kernel/audit.c | 4 ++--
kernel/auditsc.c | 16
2 files changed, 10 insertions(+), 10 deletions(-)
--
paul moore
www.paul-moore.com
he netdev and LSM lists you will see that there are a
set of users who care very much about this functionality. Our support of
CIPSO is helping Linux operate in areas it wouldn't be able to elsewhere and
I consider that a "win".
--
paul moore
linux security @ hp
-
To unsubscribe fr
On Sunday 30 September 2007 4:16:18 am Andrew Morton wrote:
> - hm, netlabels. Who might be a suitable person to review that code?
> Seems that Paul Moore is the man. Maybe he'd be interested in taking a
> look over it (please?)
Yep, I've been tracking Casey's work
ection attempts.
Please take a look at the existing LSM stream connection request hooks as
well as how SELinux makes use of them.
>* post_recv_datagram is added in skb_recv_datagram.
Can you explain to me why this is not possible using the existing
security_socket_sock_rcv_skb() LSM hook?
ually
> compiles
>
> Signed-off-by: Richard Guy Briggs
> ---
> arch/powerpc/include/asm/syscall.h |7 +++
> include/uapi/linux/audit.h |1 +
> 2 files changed, 8 insertions(+), 0 deletions(-)
Looks reasonable to me from an audit perspective, but I'll
panic() an actual panic().
This goes hand in hand with the comment above regarding the case where the
pruning thread may not exist.
> + } else {
> + wake_up_process(prune_thread);
> + audit_tree_group = fsnotify_alloc_group(&audit_tree_ops);
> +
rtions(+), 1 deletions(-)
The audit changes look fine to me, but as I mentioned earlier, this should go
in via the ppc tree and not the audit tree.
Acked-by: Paul Moore
> diff --git a/arch/powerpc/include/asm/syscall.h
> b/arch/powerpc/include/asm/syscall.h index 6fa2708..d1934e5 100644
&
able in the git repository at:
git://git.infradead.org/users/pcmoore/audit upstream
for you to fetch changes up to 0f7e94ee40d06f7a04e039392dfee8244bd8a7e0:
Merge branch 'next' into upstream for v3.19 (2014-12-09 14:38:30 -0500)
-----
On Wed, Dec 31, 2014 at 5:54 PM, Linus Torvalds
wrote:
> On Wed, Dec 31, 2014 at 2:08 PM, Paul Moore wrote:
>>
>> The getname/putname hacks work in the normal file case, but it falls apart
>> when you start talking about AF_UNIX socket files where the filename string
>
On Wed, Dec 31, 2014 at 7:01 PM, Al Viro wrote:
> On Wed, Dec 31, 2014 at 05:08:12PM -0500, Paul Moore wrote:
>
>> The getname/putname hacks work in the normal file case, but it falls apart
>> when you start talking about AF_UNIX socket files where the filename string
>>
in the git repository at:
git://git.infradead.org/users/pcmoore/audit upstream
for you to fetch changes up to 041d7b98ffe59c59fdd639931dea7d74f9aa9a59:
audit: restore AUDIT_LOGINUID unset ABI (2014-12-23 16:40:18 -0500)
----
Paul Moor
ittle bit later at another subsystem
It looks like it doesn't like something in audit_compare_dname_path();
I'll take a look and see what I can find, there is a patch in -rc2
which touched some related code.
I didn't see this problem in my earlier testing, can you share your .co
On Monday, December 29, 2014 05:24:38 PM Toralf Förster wrote:
> On 12/29/2014 05:21 PM, Paul Moore wrote:
> > On Mon, Dec 29, 2014 at 11:07 AM, Toralf Förster wrote:
> >> A x86 KVM guest running at a 64 bit Gentoo hardened host system the
> >> following crashes appeared
On Monday, December 29, 2014 09:18:44 PM Toralf Förster wrote:
> On 12/29/2014 08:41 PM, Paul Moore wrote:
> > To help verify that I'm heading down the right path, could you share your
> > audit configuration as well? If that's not possible, can you at least
> > con
On Tuesday, December 30, 2014 09:11:32 AM Paul Moore wrote:
> On Monday, December 29, 2014 09:18:44 PM Toralf Förster wrote:
> > On 12/29/2014 08:41 PM, Paul Moore wrote:
> > > To help verify that I'm heading down the right path, could you share
> > > your audit c
On Wednesday, December 31, 2014 11:57:16 AM Toralf Förster wrote:
> On 12/30/2014 07:46 PM, Paul Moore wrote:
> > @@ -1862,7 +1864,7 @@ void __audit_inode(struct filename *name, const
> > struct dentry *dentry,
>
> repairing this line and applying it to 3.19-rc2 of the KVM
7;ll defer
that for later. On the plus side, only audit users should be impacted
by the string copying.
Reported-by: Toralf Foerster
Signed-off-by: Paul Moore
---
kernel/auditsc.c | 49 -
1 file changed, 40 insertions(+), 9 deletions(-)
diff
549d1be96401c23e0b:
audit: create private file name copies when auditing inodes (2014-12-30
09:26:21 -0500)
--------
Paul Moore (1):
audit: create private file name copies when auditing inodes
ker
On Wednesday, December 31, 2014 01:23:14 PM Linus Torvalds wrote:
> On Wed, Dec 31, 2014 at 12:33 PM, Paul Moore wrote:
> > One audit patch to resolve a panic/oops when recording filenames in the
> > audit log, see the mail archive link below. The fix isn't as nice as I
&
On Wednesday, January 21, 2015 09:36:34 PM Guenter Roeck wrote:
> On 01/21/2015 08:59 PM, Paul Moore wrote:
> > This patchset has some important changes from the previous revision,
> > namely a fix from Al Viro (included in 2/5) that resolves a boot panic
> > on some sy
On Thursday, January 22, 2015 07:54:29 AM Al Viro wrote:
> On Wed, Jan 21, 2015 at 09:36:34PM -0800, Guenter Roeck wrote:
> > On 01/21/2015 08:59 PM, Paul Moore wrote:
> > >This patchset has some important changes from the previous revision,
> > >namely a fix from Al
On Thursday, January 22, 2015 11:09:42 AM Richard Guy Briggs wrote:
> On 15/01/22, Paul Moore wrote:
> > In order to ensure that filenames are not released before the audit
> > subsystem is done with the strings there are a number of hacks built
> > into the fs and audit subs
On Thursday, January 22, 2015 11:23:44 AM Paul Moore wrote:
> On Thursday, January 22, 2015 07:54:29 AM Al Viro wrote:
> > On Wed, Jan 21, 2015 at 09:36:34PM -0800, Guenter Roeck wrote:
> > > On 01/21/2015 08:59 PM, Paul Moore wrote:
> > > >This patchset has s
On Thursday, January 22, 2015 09:40:01 PM Al Viro wrote:
> On Thu, Jan 22, 2015 at 09:29:03PM +, Al Viro wrote:
> > On Thu, Jan 22, 2015 at 04:25:13PM -0500, Paul Moore wrote:
> > > Your experimental branch looks good to me, thanks.
> >
> > Pushed into for-ne
On Friday, January 23, 2015 05:30:56 AM Al Viro wrote:
> On Thu, Jan 22, 2015 at 09:40:01PM +, Al Viro wrote:
> > On Thu, Jan 22, 2015 at 09:29:03PM +, Al Viro wrote:
> > > On Thu, Jan 22, 2015 at 04:25:13PM -0500, Paul Moore wrote:
> > > > Your experimental b
l this audit-filename-handling overhaul go through?
> Through Paul's audit-next or Al's vfs-next tree?
Al wanted to carry the patchset so that is where it lives now, you should see
it arrive in Linus' tree via the VFS tree.
--
paul moore
security @ redhat
--
To unsubscribe
now if you get stuck on anything. Thanks for helping
out.
-Paul
--
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo
TY_FS_USE_TASK ||
> + /* Special handling. Genfs but also in-core setxattr handler */
> + !strcmp(sb->s_type->name, "sysfs") ||
> + !strcmp(sb->s_type->name, "pstore") ||
> + !strcmp(sb->s_type->name, "debugfs") ||
&g
mfs, yes? If so, I'm not sure this matters
that much from a practical point of view; Stephen or someone else from the
SELinux list may have some thoughts on this.
--
paul moore
security @ redhat
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel"
On Wednesday, January 14, 2015 04:37:17 PM Richard Guy Briggs wrote:
> On 15/01/08, Paul Moore wrote:
> > In order to ensure that filenames are not released before the audit
> > subsystem is done with the strings there are a number of hacks built
> > into the fs and audit subs
In preparation for expanded use in the kernel, make getname_kernel()
more useful by allowing it to handle any legal filename length.
Signed-off-by: Paul Moore
---
fs/namei.c | 34 --
1 file changed, 20 insertions(+), 14 deletions(-)
diff --git a/fs/namei.c b
ed in taking this for the next v3.19-rcX
release, otherwise I'll toss it into linux-next for v3.20.
-Paul
---
Paul Moore (5):
fs: rework getname_kernel to handle up to PATH_MAX sized filenames
fs: create proper filename objects using getname_kernel()
audit: enable filename rec
filenames in the audit log and other odd audit
record entries. This patch fixes the filename matching code and
restores some sanity to the filename audit records.
Signed-off-by: Paul Moore
---
kernel/auditsc.c | 34 +-
1 file changed, 25 insertions(+), 9 deletions
Enable recording of filenames in getname_kernel() and remove the
kludgy workaround in __audit_inode() now that we have proper filename
logging for kernel users.
Signed-off-by: Paul Moore
---
fs/namei.c |1 +
kernel/auditsc.c | 40 +++-
2 files
ned-off-by: Paul Moore
---
fs/namei.c| 29 +++---
include/linux/audit.h |3 -
include/linux/fs.h|9 +---
kernel/audit.h| 17 +---
kernel/auditsc.c | 101 -
5 files changed, 26 insertions(+), 133
persists until the
audit subsystem is finished with it.
Signed-off-by: Paul Moore
---
fs/exec.c | 11 +--
fs/namei.c | 34 ++
fs/open.c | 11 +--
3 files changed, 44 insertions(+), 12 deletions(-)
diff --git a/fs/exec.c b/fs/exec.c
index
gt; Could we only print it if the mount is being done with non-default behaviour
> perhaps?
I'm very curious to hear Stephen's opinion on the issue, but I wonder how much
this would honestly impact us if we removed this message in the case where we
mount the filesystem with a know
On Thursday, January 08, 2015 02:34:57 PM Paul Moore wrote:
> On Thursday, January 08, 2015 02:08:22 PM Dave Jones wrote:
> > systemd has started mounting a tmpfs in /run/user/ every time a
> > session begins. So after ssh'ing into a box a number of times, dmesg
unk)
> for (n = 0; n < chunk->count; n++)
> list_del_init(&chunk->owners[n].list);
> spin_unlock(&hash_lock);
> + mutex_unlock(&audit_filter_mutex);
> if (need_prune)
> audit_schedule_prune();
> -
userspace will reject all logins. This should be removed when we
> - * support non init namespaces!!
> - */
> if (current_user_ns() != &init_user_ns)
> - return -ECONNREFUSED;
> + return -EPERM;
While I haven't had reason to test thi
es, I wonder if we could limit the
messages to the initial namespace ... ?
--
paul moore
security @ redhat
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majo
On Friday, January 09, 2015 01:24:51 PM Calvin Owens wrote:
> On Friday 01/09 at 15:33 -0500, Paul Moore wrote:
> > While I haven't had reason to test this code lately, last I knew it was
> > working, what problems are you seeing Calvin? Also, with what
> > distribution?
systemd has taken over cron too? I suppose that is a logical extension,
but still...
--
paul moore
www.paul-moore.com
On January 9, 2015 4:01:29 PM Dominick Grift wrote:
On Fri, 2015-01-09 at 15:55 -0500, Paul Moore wrote:
> On Friday, January 09, 2015 02:13:29 PM Dave Jones wr
;unknown behavior"
case.
> Is there going to be another place to look see what the labeling behavior is
> for all mounted filesystems?
I imagine we could create something in securityfs for that, you want to write
a patch Chris? :)
--
paul moore
security @ redhat
--
To unsubscribe fr
struct netlbl_lsm_secattr *secattr)
> @@ -80,11 +78,6 @@ static inline int mls_export_netlbl_cat(struct context
> *context, {
> return -ENOMEM;
> }
> -static inline int mls_import_netlbl_cat(struct context *context,
> - struct netlbl_lsm_secat
rrent kernel audit API to determine the possibility of
transitioning to a less ugly API. I'll leave the door open for messages
needed to fix bugs, but that's it. If we do end up providing a new API and
record format, I want to limit the number of message types in the existing
API.
My
On Thursday, January 08, 2015 11:50:23 AM Paul Moore wrote:
> There have been some patches added to v3.19-rcX to fix various
> problems in the way audit handles filenames but they have been hacks
> on top of hacks, not really something we want long term. This
> patchset reworks t
On Monday, January 12, 2015 09:11:21 AM Imre Palik wrote:
> On 01/08/15 22:53, Paul Moore wrote:
> > On Tuesday, January 06, 2015 03:51:20 PM Imre Palik wrote:
> >> From: "Palik, Imre"
> >>
> >> When file auditing is enabled, during a low memory sit
201 - 300 of 1335 matches
Mail list logo