On Mon, Dec 18, 2023 at 12:21 PM Stephen Smalley
wrote:
>
> On Tue, Dec 12, 2023 at 8:17 AM Maxime Coquelin
> wrote:
> >
> > This patch introduces a LSM hook for devices creation,
> > destruction (ioctl()) and opening (open()) operations,
> > checking the applic
On Tue, Dec 12, 2023 at 8:17 AM Maxime Coquelin
wrote:
>
> This patch introduces a LSM hook for devices creation,
> destruction (ioctl()) and opening (open()) operations,
> checking the application is allowed to perform these
> operations for the Virtio device type.
Can you explain why the existi
On Fri, Jan 8, 2021 at 3:17 PM Lokesh Gidra wrote:
>
> On Fri, Jan 8, 2021 at 11:35 AM Stephen Smalley
> wrote:
> >
> > On Wed, Jan 6, 2021 at 10:03 PM Paul Moore wrote:
> > >
> > > On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra
> > > wrote:
>
On Fri, Jan 8, 2021 at 12:33 AM Lokesh Gidra wrote:
>
> From: Daniel Colascione
>
> This change uses the anon_inodes and LSM infrastructure introduced in
> the previous patches to give SELinux the ability to control
> anonymous-inode files that are created using the new
> anon_inode_getfd_secure(
On Wed, Jan 6, 2021 at 10:03 PM Paul Moore wrote:
>
> On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra wrote:
> > From: Daniel Colascione
> >
> > This change uses the anon_inodes and LSM infrastructure introduced in
> > the previous patches to give SELinux the ability to control
> > anonymous-inode
On Mon, Jan 4, 2021 at 9:16 AM Stephen Smalley
wrote:
>
> On Fri, Dec 18, 2020 at 7:06 PM Stephen Brennan
> wrote:
> >
> > Smack needs its security_task_to_inode() hook to be called when a task
> > execs a new executable. Store the self_exec_id of the tas
On Fri, Dec 18, 2020 at 7:06 PM Stephen Brennan
wrote:
>
> Smack needs its security_task_to_inode() hook to be called when a task
> execs a new executable. Store the self_exec_id of the task and call the
> hook via pid_update_inode() whenever the exec_id changes.
>
> Signed-off-by: Stephen Brennan
will want to check either all of them or at
least the latest/last one. For actual verification, they would need
to load the expected policy into an identical kernel on a
pristine/known-safe system and run the sha256sum
/sys/kernel/selinux/policy there to get the expected hash.
> Signed-off-by: Laks
On Tue, Sep 8, 2020 at 8:50 AM Stephen Smalley
wrote:
>
> On Tue, Sep 8, 2020 at 8:43 AM Mickaël Salaün wrote:
> >
> >
> > On 08/09/2020 14:28, Mimi Zohar wrote:
> > > Hi Mickael,
> > >
> > > On Tue, 2020-09-08 at 09:59 +0200, Mic
On Tue, Sep 8, 2020 at 12:44 AM Lakshmi Ramasubramanian
wrote:
>
> On 9/7/20 3:32 PM, Stephen Smalley wrote:
>
> >> Signed-off-by: Lakshmi Ramasubramanian
> >> Suggested-by: Stephen Smalley
> >> Reported-by: kernel test robot # error: implicit
On Tue, Sep 8, 2020 at 8:28 AM Stephen Smalley
wrote:
>
> On Mon, Sep 7, 2020 at 5:39 PM Lakshmi Ramasubramanian
> wrote:
> >
> > Critical data structures of security modules are currently not measured.
> > Therefore an attestation service, for instance, would not be
re/selinux.git
>
> This patch is dependent on the following patch series and must be
> applied in the given order:
> https://patchwork.kernel.org/patch/11709527/
> https://patchwork.kernel.org/patch/11730193/
> https://patchwork.kernel.org/patch/1173075
On Tue, Sep 8, 2020 at 8:43 AM Mickaël Salaün wrote:
>
>
> On 08/09/2020 14:28, Mimi Zohar wrote:
> > Hi Mickael,
> >
> > On Tue, 2020-09-08 at 09:59 +0200, Mickaël Salaün wrote:
> >> +mode |= MAY_INTERPRETED_EXEC;
> >> +/*
> >> + * For c
re/selinux.git
>
> This patch is dependent on the following patch series and must be
> applied in the given order:
> https://patchwork.kernel.org/patch/11709527/
> https://patchwork.kernel.org/patch/11730193/
> https://patchwork.kernel.org/patch/11730757/
On Thu, Aug 13, 2020 at 2:39 PM Stephen Smalley
wrote:
>
> On Thu, Aug 13, 2020 at 10:17 AM Mickaël Salaün wrote:
> >
> >
> > On 12/08/2020 21:16, Stephen Smalley wrote:
> > > On 8/2/20 5:58 PM, Mickaël Salaün wrote:
> > >> From: Casey Schaufler
&g
n_inode { create };
>
> (The next patch in this series is necessary for making userfaultfd
> support this new interface. The example above is just
> for exposition.)
>
> Signed-off-by: Daniel Colascione
> Acked-by: Casey Schaufler
> Acked-by: Stephen Smalley
> Cc: Al V
On Wed, Aug 26, 2020 at 8:51 AM Stephen Smalley
wrote:
>
> On Tue, Aug 25, 2020 at 4:49 PM Lakshmi Ramasubramanian
> wrote:
> >
> > On 8/24/20 3:18 PM, Paul Moore wrote:
> >
> > Hi Paul,
> >
> > >>>>> Is Ondrej's re-try ap
On Tue, Aug 25, 2020 at 4:49 PM Lakshmi Ramasubramanian
wrote:
>
> On 8/24/20 3:18 PM, Paul Moore wrote:
>
> Hi Paul,
>
> > Is Ondrej's re-try approach I need to use to workaround policy reload
> > issue?
>
> No, I think perhaps we should move the mutex to selinux_state instead
succeeded at 2263 (offset 39 lines).
Hunk #3 succeeded at 2303 with fuzz 1 (offset 47 lines).
Hunk #4 succeeded at 2323 (offset 42 lines).
But otherwise it looked good to me.
Acked-by: Stephen Smalley
On Mon, Aug 24, 2020 at 2:13 PM Lakshmi Ramasubramanian
wrote:
>
> On 8/24/20 7:00 AM, Stephen Smalley wrote:
>
> >> +int security_read_policy_kernel(struct selinux_state *state,
> >> + void **data, size_t *len)
> >> +{
> &g
> /sys/kernel/security/integrity/ima/ascii_runtime_measurements | cut -d' ' -f 6
>
> This patch is dependent on the following patch series:
> https://patchwork.kernel.org/patch/11709527/
> https://patchwork.kernel.org/patch/11730193/
> https://pa
s=file
> runcon-1365 [003] 6960.955560:
> => <7f325b4ce45b>
> => <5607093efa57>
>
> Signed-off-by: Peter Enderborg
> Reviewed-by: Thiébaud Weksteen
Acked-by: Stephen Smalley
e mapped to a class by searching
> security/selinux/flask.h. The audited value is a bit field of the
> permissions described in security/selinux/av_permissions.h for the
> corresponding class.
>
> [1] https://source.android.com/devices/tech/debug/native_stack_dump
>
> Signed-off-by: Thiébaud Weksteen
> Suggested-by: Joel Fernandes
> Reviewed-by: Peter Enderborg
Acked-by: Stephen Smalley
On Thu, Aug 20, 2020 at 10:31 PM Steven Rostedt wrote:
>
> On Wed, 19 Aug 2020 09:11:08 -0400
> Stephen Smalley wrote:
>
> > So we'll need to update this plugin whenever we modify
> > security/selinux/include/classmap.h to keep them in sync. Is that a
> > c
On Thu, Aug 20, 2020 at 10:22 PM Paul Moore wrote:
>
> On Tue, Aug 18, 2020 at 8:14 AM Stephen Smalley
> wrote:
> > On Tue, Aug 18, 2020 at 4:11 AM peter enderborg
> > wrote:
>
> ...
>
> > > Is there any other things we need to fix? A part 1&2 now
On Thu, Aug 20, 2020 at 6:20 AM Julia Lawall wrote:
>
> From: kernel test robot
>
> Use kmemdup rather than duplicating its implementation
>
> Generated by: scripts/coccinelle/api/memdup.cocci
>
> Fixes: c7c556f1e81b ("selinux: refactor changing booleans")
>
On 8/19/20 11:06 AM, Andy Shevchenko wrote:
On Wed, Aug 19, 2020 at 3:30 PM Stephen Smalley
wrote:
On 8/19/20 6:11 AM, Naresh Kamboju wrote:
Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
Kernel panic - not syncing: Fatal exception in interrupt
metadata:
git
On 8/19/20 9:12 AM, Paul Moore wrote:
On Wed, Aug 19, 2020 at 8:28 AM Stephen Smalley
wrote:
On 8/19/20 6:11 AM, Naresh Kamboju wrote:
Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
Kernel panic - not syncing: Fatal exception in interrupt
metadata:
git branch
On 8/18/20 12:09 PM, Steven Rostedt wrote:
On Mon, 17 Aug 2020 16:29:33 -0400
Steven Rostedt wrote:
On Mon, 17 Aug 2020 16:13:29 -0400
Stephen Smalley wrote:
Does this require a corresponding patch to userspace? Otherwise, I get
the following:
libtraceevent: No such file or directory
On 8/19/20 6:11 AM, Naresh Kamboju wrote:
Kernel panic noticed on linux next 20200819 tag on x86_64 and i386.
Kernel panic - not syncing: Fatal exception in interrupt
metadata:
git branch: master
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
git commi
booleans")
Signed-off-by: Colin Ian King
Acked-by: Stephen Smalley
---
security/selinux/ss/services.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index f6f78c65f53f..d310910fb639 100644
--- a/security/s
On 8/17/20 1:07 PM, Thiébaud Weksteen wrote:
From: Peter Enderborg
This patch adds further attributes to the event. These attributes are
helpful to understand the context of the message and can be used
to filter the events.
There are three common items. Source context, target context and tcla
ech/debug/native_stack_dump
Signed-off-by: Thiébaud Weksteen
Suggested-by: Joel Fernandes
Reviewed-by: Peter Enderborg
Acked-by: Stephen Smalley
On Tue, Aug 18, 2020 at 4:11 AM peter enderborg
wrote:
>
> On 8/17/20 10:16 PM, Stephen Smalley wrote:
> > On 8/17/20 1:07 PM, Thiébaud Weksteen wrote:
> >
> >> From: Peter Enderborg
> >>
> >> In the print out add permissions, it will look like:
ssion filtering is done on the audited, denied or
requested attributes.
Suggested-by: Steven Rostedt
Suggested-by: Stephen Smalley
Reviewed-by: Thiébaud Weksteen
Signed-off-by: Peter Enderborg
---
include/trace/events/avc.h | 11 +--
security/selinux/avc.c | 36 ++
ssion filtering is done on the audited, denied or
requested attributes.
Suggested-by: Steven Rostedt
Suggested-by: Stephen Smalley
Reviewed-by: Thiébaud Weksteen
Signed-off-by: Peter Enderborg
---
Does this require a corresponding patch to userspace? Otherwise, I get
the following:
libt
On Fri, Aug 14, 2020 at 1:07 PM peter enderborg
wrote:
>
> On 8/14/20 6:51 PM, Stephen Smalley wrote:
> > On Fri, Aug 14, 2020 at 9:05 AM Thiébaud Weksteen wrote:
> >> On Thu, Aug 13, 2020 at 5:41 PM Stephen Smalley
> >> wrote:
> >>> An explanati
On Fri, Aug 14, 2020 at 9:05 AM Thiébaud Weksteen wrote:
>
> On Thu, Aug 13, 2020 at 5:41 PM Stephen Smalley
> wrote:
> >
> > An explanation here of how one might go about decoding audited and
> > tclass would be helpful to users (even better would be a script to do
On Thu, Aug 13, 2020 at 10:17 AM Mickaël Salaün wrote:
>
>
> On 12/08/2020 21:16, Stephen Smalley wrote:
> > On 8/2/20 5:58 PM, Mickaël Salaün wrote:
> >> From: Casey Schaufler
> >>
> >> Move management of the superblock->sb_security blob out
> &g
On Thu, Aug 13, 2020 at 2:03 PM Lakshmi Ramasubramanian
wrote:
>
> On 8/13/20 10:58 AM, Stephen Smalley wrote:
> > On Thu, Aug 13, 2020 at 1:52 PM Lakshmi Ramasubramanian
> > wrote:
> >>
> >> On 8/13/20 10:42 AM, Stephen Smalley wrote:
> >>
>
On Thu, Aug 13, 2020 at 1:52 PM Lakshmi Ramasubramanian
wrote:
>
> On 8/13/20 10:42 AM, Stephen Smalley wrote:
>
> >> diff --git a/security/selinux/measure.c b/security/selinux/measure.c
> >> new file mode 100644
> >> index ..f21b7de4e2ae
> >&
m 1 "selinux-policy-hash"
/sys/kernel/security/integrity/ima/ascii_runtime_measurements | cut -d' ' -f 6
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Stephen Smalley
Reported-by: kernel test robot # error: implicit declaration
of function 'vfree
On 8/13/20 11:35 AM, peter enderborg wrote:
On 8/13/20 5:05 PM, Casey Schaufler wrote:
On 8/13/2020 7:48 AM, Thiébaud Weksteen wrote:
From: Peter Enderborg
This patch adds further attributes to the event. These attributes are
helpful to understand the context of the message and can be used
t
On 8/13/20 10:48 AM, Thiébaud Weksteen wrote:
The audit data currently captures which process and which target
is responsible for a denial. There is no data on where exactly in the
process that call occurred. Debugging can be made easier by being able to
reconstruct the unified kernel and userla
uch
space is required, and the space is allocated there.
Signed-off-by: Casey Schaufler
Reviewed-by: Kees Cook
Reviewed-by: John Johansen
Reviewed-by: Stephen Smalley
Reviewed-by: Mickaël Salaün
Link: https://lore.kernel.org/r/20190829232935.7099-2-ca...@schaufler-ca.com
---
Changes since
On Thu, Aug 6, 2020 at 9:45 AM Stephen Smalley
wrote:
>
> On 8/6/20 8:32 AM, Stephen Smalley wrote:
>
> > On 8/6/20 8:24 AM, peter enderborg wrote:
> >
> >> On 8/6/20 2:11 PM, Stephen Smalley wrote:
> >>> On 8/6/20 4:03 AM, Thiébaud Weksteen
On 8/6/20 8:32 AM, Stephen Smalley wrote:
On 8/6/20 8:24 AM, peter enderborg wrote:
On 8/6/20 2:11 PM, Stephen Smalley wrote:
On 8/6/20 4:03 AM, Thiébaud Weksteen wrote:
From: Peter Enderborg
Add further attributes to filter the trace events from AVC.
Please include sample usage and
On 8/6/20 8:24 AM, peter enderborg wrote:
On 8/6/20 2:11 PM, Stephen Smalley wrote:
On 8/6/20 4:03 AM, Thiébaud Weksteen wrote:
From: Peter Enderborg
Add further attributes to filter the trace events from AVC.
Please include sample usage and output in the description.
Im not sure where
On 8/6/20 4:03 AM, Thiébaud Weksteen wrote:
From: Peter Enderborg
Add further attributes to filter the trace events from AVC.
Please include sample usage and output in the description.
On Thu, Aug 6, 2020 at 10:51 AM peter enderborg
wrote:
>
> On 8/6/20 3:49 PM, Stephen Smalley wrote:
> > On Thu, Aug 6, 2020 at 9:45 AM Stephen Smalley
> > wrote:
> >> On 8/6/20 8:32 AM, Stephen Smalley wrote:
> >>
> >>> On 8/6/20 8:24 AM, peter
On Wed, Aug 5, 2020 at 9:20 AM Mimi Zohar wrote:
>
> On Wed, 2020-08-05 at 09:03 -0400, Stephen Smalley wrote:
> > On Wed, Aug 5, 2020 at 8:57 AM Mimi Zohar wrote:
> > > On Wed, 2020-08-05 at 08:46 -0400, Stephen Smalley wrote:
> > > > On 8/4/20 11:25 PM, Mimi
On 8/4/20 11:25 PM, Mimi Zohar wrote:
Hi Lakshmi,
There's still a number of other patch sets needing to be reviewed
before my getting to this one. The comment below is from a high level.
On Tue, 2020-08-04 at 17:43 -0700, Lakshmi Ramasubramanian wrote:
Critical data structures of security m
On Wed, Aug 5, 2020 at 8:57 AM Mimi Zohar wrote:
>
> On Wed, 2020-08-05 at 08:46 -0400, Stephen Smalley wrote:
> > On 8/4/20 11:25 PM, Mimi Zohar wrote:
> >
> > > Hi Lakshmi,
> > >
> > > There's still a number of other patch sets needing to be
On 8/5/20 11:07 AM, Tyler Hicks wrote:
On 2020-08-05 10:27:43, Stephen Smalley wrote:
On Wed, Aug 5, 2020 at 9:20 AM Mimi Zohar wrote:
On Wed, 2020-08-05 at 09:03 -0400, Stephen Smalley wrote:
On Wed, Aug 5, 2020 at 8:57 AM Mimi Zohar wrote:
On Wed, 2020-08-05 at 08:46 -0400, Stephen
On 8/4/20 11:20 AM, Stephen Smalley wrote:
On 8/3/20 6:08 PM, Lakshmi Ramasubramanian wrote:
On 8/3/20 2:07 PM, Stephen Smalley wrote:
[ 68.870715] irq event stamp: 23486085
[ 68.870715] hardirqs last enabled at (23486085):
[] _raw_spin_unlock_irqrestore+0x46/0x60
[ 68.870715
On 8/3/20 6:08 PM, Lakshmi Ramasubramanian wrote:
On 8/3/20 2:07 PM, Stephen Smalley wrote:
[ 68.870715] irq event stamp: 23486085
[ 68.870715] hardirqs last enabled at (23486085):
[] _raw_spin_unlock_irqrestore+0x46/0x60
[ 68.870715] hardirqs last disabled at (23486084
On 8/3/20 4:37 PM, Lakshmi Ramasubramanian wrote:
On 8/3/20 1:29 PM, Stephen Smalley wrote:
On 8/3/20 4:00 PM, Stephen Smalley wrote:
On Mon, Aug 3, 2020 at 12:14 PM Lakshmi Ramasubramanian
wrote:
On 8/3/20 8:11 AM, Stephen Smalley wrote:
Possibly I'm missing something but with
On 8/3/20 4:00 PM, Stephen Smalley wrote:
On Mon, Aug 3, 2020 at 12:14 PM Lakshmi Ramasubramanian
wrote:
On 8/3/20 8:11 AM, Stephen Smalley wrote:
Possibly I'm missing something but with these patches applied on top of
next-integrity, and the following lines added to /etc/ima/ima-p
On Mon, Aug 3, 2020 at 12:14 PM Lakshmi Ramasubramanian
wrote:
>
> On 8/3/20 8:11 AM, Stephen Smalley wrote:
> >
> > Possibly I'm missing something but with these patches applied on top of
> > next-integrity, and the following lines added to /etc/ima/ima-policy:
&
-f 1
grep -m 1 "selinux-policy-hash"
/sys/kernel/security/integrity/ima/ascii_runtime_measurements | cut -d' ' -f 4
Signed-off-by: Lakshmi Ramasubramanian
Suggested-by: Stephen Smalley
Reported-by: kernel test robot # error: implicit declaration
of function '
On Thu, Jul 30, 2020 at 10:29 AM peter enderborg
wrote:
>
> I did manage to rebase it but this is about my approach.
>
> Compared to Thiébaud Weksteen patch this adds:
>
> 1 Filtering. Types goes to trace so we can put up a filter for contexts or
> type etc.
>
> 2 It tries also to cover non denie
On 7/28/20 12:02 PM, Thiébaud Weksteen wrote:
On Tue, Jul 28, 2020 at 5:12 PM Paul Moore wrote:
Perhaps it would be helpful if you provided an example of how one
would be expected to use this new tracepoint? That would help put
things in the proper perspective.
The best example is the one I
On 7/28/20 8:49 AM, Thiébaud Weksteen wrote:
Thanks for the review! I'll send a new revision of the patch with the
%x formatter and using the TP_CONDITION macro.
On adding further information to the trace event, I would prefer
adding the strict minimum to be able to correlate the event with the
On Fri, Jul 24, 2020 at 5:15 AM Thiébaud Weksteen wrote:
>
> The audit data currently captures which process and which target
> is responsible for a denial. There is no data on where exactly in the
> process that call occurred. Debugging can be made easier by being able to
> reconstruct the unifie
On Mon, Jul 20, 2020 at 2:27 PM Lakshmi Ramasubramanian
wrote:
>
> On 7/20/20 10:49 AM, Stephen Smalley wrote:
>
> >>>
> >>> Looks like the template used is ima-ng which doesn't include the
> >>> measured buffer. Please set template t
On Mon, Jul 20, 2020 at 1:40 PM Stephen Smalley
wrote:
>
> On Mon, Jul 20, 2020 at 1:34 PM Lakshmi Ramasubramanian
> wrote:
> >
> > On 7/20/20 10:06 AM, Stephen Smalley wrote:
> >
> > >> The above will ensure the following sequence will be measured:
>
On Mon, Jul 20, 2020 at 1:34 PM Lakshmi Ramasubramanian
wrote:
>
> On 7/20/20 10:06 AM, Stephen Smalley wrote:
>
> >> The above will ensure the following sequence will be measured:
> >>#1 State A - Measured
> >>#2 Change from State A to State B - Mea
On Mon, Jul 20, 2020 at 11:17 AM Lakshmi Ramasubramanian
wrote:
> Thanks for trying out the changes. Please let me know the defects you find.
>
> Just to let you know - I am making the following change (will update in
> the next patch):
>
> => Save the last policy hash and state string in selinu
cy | cut -d' ' -f 1
>
> cat /sys/kernel/security/integrity/ima/ascii_runtime_measurements | grep -m
> 1 "selinux-policy-hash" | cut -d' ' -f 6
>
> Signed-off-by: Lakshmi Ramasubramanian
> Suggested-by: Stephen Smalley
> ---
> diff --git a/securi
On Thu, Jul 16, 2020 at 3:13 PM Lakshmi Ramasubramanian
wrote:
>
> On 7/16/20 11:54 AM, Stephen Smalley wrote:
> > Not sure about this error handling approach (silent, proceeding as if
> > the length was zero and then later failing with ENOMEM on every
> > attempt?). I
hat the above measurement
matches a given state and policy, e.g. the sha256sum commands and
inputs to reproduce the same from an expected state and policy?
>
> Signed-off-by: Lakshmi Ramasubramanian
> Suggested-by: Stephen Smalley
> ---
> diff --git a/security/selinux/measure.c b/s
;openperm=1;extsockclass=1;alwaysnetwork=0;cgroupseclabel=1;nnpnosuidtransition=1;genfsseclabelsymlink=0;
>
> The data for selinux-policy-hash in the above measurement is
> the SHA256 hash of the SELinux policy.
>
> Signed-off-by: Lakshmi Ramasubramanian
> Suggested-by: Stephen Smalley
> ---
] never runs.
>
> So return -1 if the loop never runs.
>
> Signed-off-by: Tom Rix
Acked-by: Stephen Smalley
clang didn't complain about the similar pattern in
security/selinux/ss/services.c:constraint_expr_eval()?
On Mon, Jun 15, 2020 at 12:45 PM Lakshmi Ramasubramanian
wrote:
>
> On 6/15/20 4:57 AM, Stephen Smalley wrote:
> > I think I mentioned this on a previous version of these patches, but I
> > would recommend including more than just the enabled and enforcing
> > states in
On Mon, Jun 15, 2020 at 10:59 AM Mimi Zohar wrote:
>
> On Mon, 2020-06-15 at 09:33 -0400, Stephen Smalley wrote:
> > On Fri, Jun 12, 2020 at 10:42 PM Lakshmi Ramasubramanian
> > wrote:
> > >
> > > The data maintained by the security modules could be tampered
On Fri, Jun 12, 2020 at 10:42 PM Lakshmi Ramasubramanian
wrote:
>
> The data maintained by the security modules could be tampered with by
> malware. The LSM needs to periodically query the state of
> the security modules and measure the data when the state is changed.
>
> Define a workqueue for ha
On Mon, Jun 15, 2020 at 7:57 AM Stephen Smalley
wrote:
> I think I mentioned this on a previous version of these patches, but I
> would recommend including more than just the enabled and enforcing
> states in your measurement. Other low-hanging fruit would be the
> other selinux_st
On Fri, Jun 12, 2020 at 10:42 PM Lakshmi Ramasubramanian
wrote:
>
> SELinux needs to implement the interface function, security_state(), for
> the LSM to gather SELinux data for measuring. Define the security_state()
> function in SELinux.
>
> The security modules should be able to notify the LSM
2e27fd05b418 ("selinux: convert cond_list
to array").
Acked-by: Stephen Smalley
es
> and setting their return pointers to NULL and the return len to 0
>
> Signed-off-by: Tom Rix
Acked-by: Stephen Smalley
On Wed, Jun 10, 2020 at 2:10 PM wrote:
>
> From: Tom Rix
>
> Clang's static analysis tool reports these double free memory errors.
>
> security/selinux/ss/services.c:2987:4: warning: Attempt to free released
> memory [unix.Malloc]
> kfree(bnames[i]);
>
On Wed, Jun 3, 2020 at 11:59 PM James Morris wrote:
>
> On Wed, 1 Apr 2020, Daniel Colascione wrote:
>
> > Daniel Colascione (3):
> > Add a new LSM-supporting anonymous inode interface
> > Teach SELinux about anonymous inodes
> > Wire UFFD up to SELinux
> >
> > fs/anon_inodes.c
On Thu, Jun 4, 2020 at 11:28 AM Casey Schaufler wrote:
>
> On 6/4/2020 5:45 AM, Stephen Smalley wrote:
> > On Wed, Jun 3, 2020 at 6:39 PM Casey Schaufler
> > wrote:
> >> On 6/3/2020 3:12 PM, James Morris wrote:
> >>> On Wed, 3 Jun 2020, Casey Schaufler
On Wed, Jun 3, 2020 at 6:39 PM Casey Schaufler wrote:
>
> On 6/3/2020 3:12 PM, James Morris wrote:
> > On Wed, 3 Jun 2020, Casey Schaufler wrote:
> >
> >> The use of security modules was expected to be rare.
> > This is not correct. Capabilities were ported to LSM and stacked from the
> > beginnin
On Fri, May 15, 2020 at 12:45 PM David Howells wrote:
> I can go back to the enum patch for the moment if you and Casey can put up
> with that for the moment?
Yes, let's do that.
On Thu, May 14, 2020 at 12:59 PM David Howells wrote:
>
> How about this then?
>
> David
> ---
> commit fa37b6c7e2f86d16ede1e0e3cb73857152d51825
> Author: David Howells
> Date: Thu May 14 17:48:55 2020 +0100
>
> keys: Move permissions checking decisions into the checking code
>
> Overha
On Thu, May 14, 2020 at 11:45 AM Kees Cook wrote:
>
> On Thu, May 14, 2020 at 08:22:01AM -0400, Stephen Smalley wrote:
> > On Wed, May 13, 2020 at 11:05 PM Kees Cook wrote:
> > >
> > > On Wed, May 13, 2020 at 04:27:39PM -0700, Kees Cook wrote:
> > > > Li
On Thu, May 14, 2020 at 10:41 AM Kees Cook wrote:
>
> On Thu, May 14, 2020 at 08:22:01AM -0400, Stephen Smalley wrote:
> > On Wed, May 13, 2020 at 11:05 PM Kees Cook wrote:
> > >
> > > On Wed, May 13, 2020 at 04:27:39PM -0700, Kees Cook wrote:
> > > > Li
On Thu, May 14, 2020 at 8:08 AM Stephen Smalley
wrote:
>
> On Wed, May 13, 2020 at 7:13 PM David Howells wrote:
> >
> > Stephen Smalley wrote:
> >
> > > > (3) An override due to CAP_SYS_ADMIN.
> > >
> > > CAP_SYS_ADMIN should never sk
On Wed, May 13, 2020 at 11:05 PM Kees Cook wrote:
>
> On Wed, May 13, 2020 at 04:27:39PM -0700, Kees Cook wrote:
> > Like, couldn't just the entire thing just be:
> >
> > diff --git a/fs/namei.c b/fs/namei.c
> > index a320371899cf..0ab18e19f5da 100644
> > --- a/fs/namei.c
> > +++ b/fs/namei.c
> >
On Wed, May 13, 2020 at 7:13 PM David Howells wrote:
>
> Stephen Smalley wrote:
>
> > > (3) An override due to CAP_SYS_ADMIN.
> >
> > CAP_SYS_ADMIN should never skip SELinux checking. Even for Smack,
> > there is a separate capability (CAP_MAC_ADMIN) for t
On Tue, May 5, 2020 at 11:33 AM Mickaël Salaün wrote:
>
> Enable to forbid access to files open with O_MAYEXEC. Thanks to the
> noexec option from the underlying VFS mount, or to the file execute
> permission, userspace can enforce these execution policies. This may
> allow script interpreters t
On Tue, May 12, 2020 at 6:33 PM David Howells wrote:
>
> Since the meaning of combining the KEY_NEED_* constants is undefined, make
> it so that you can't do that by turning them into an enum.
>
> The enum is also given some extra values to represent special
> circumstances, such as:
>
> (1) The
On Mon, Apr 27, 2020 at 12:48 PM Stephen Smalley
wrote:
>
> On Mon, Apr 27, 2020 at 12:19 PM Casey Schaufler
> wrote:
> >
> > On 4/23/2020 3:24 PM, Casey Schaufler wrote:
> > > On 4/22/2020 10:12 AM, Casey Schaufler wrote:
> > >> On 4/22/2020 9:55 AM,
On 10/14/19 1:03 PM, Joel Fernandes (Google) wrote:
In current mainline, the degree of access to perf_event_open(2) system
call depends on the perf_event_paranoid sysctl. This has a number of
limitations:
1. The sysctl is only a single value. Many types of accesses are controlled
based on t
idn't previously exist.
Signed-off-by: David Howells
Acked-by: Stephen Smalley
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 74dd46de01b6..88df06969bed 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6533,6 +6533,17 @@
On 7/31/19 8:27 PM, Paul Moore wrote:
On Wed, Jul 31, 2019 at 1:26 PM Casey Schaufler wrote:
On 7/31/2019 8:34 AM, Aaron Goidel wrote:
As of now, setting watches on filesystem objects has, at most, applied a
check for read access to the inode, and in the case of fanotify, requires
CAP_SYS_ADMI
On 7/10/19 12:38 PM, Casey Schaufler wrote:
On 7/10/2019 6:34 AM, Aaron Goidel wrote:
As of now, setting watches on filesystem objects has, at most, applied a
check for read access to the inode, and in the case of fanotify, requires
CAP_SYS_ADMIN. No specific security hook or permission check ha
watch imply the
ability to receive all notifications for the watched object. Aside from
friendliness to application developers, the latter also yields stable,
sane policy and better performance.
Signed-off-by: David Howells
cc: Casey Schaufler
cc: Stephen Smalley
cc: linux-security-mod
On 6/27/19 2:06 PM, James Morris wrote:
On Thu, 27 Jun 2019, Stephen Smalley wrote:
There are two scenarios where finer-grained distinctions make sense:
- Users may need to enable specific functionality that falls under the
umbrella of "confidentiality" or "integrity" lock
1 - 100 of 584 matches
Mail list logo