date:20160823

Re: [PATCH v5] Classify AF_ALG sockets

2016-08-23 Thread Guido Trentalancia

This patch for the SELinux testsuite aims to add a very simple test
for sockets in the AF_ALG namespace.

However, I met some problems while trying to run it, so testing is
needed.

 policy/Makefile   |2 -
 policy/test_alg_socket.te |   25 +
 tests/alg_socket/Makefile |5 +++
 tests/alg_socket/client.c |   66 ++
 tests/alg_socket/test |   22 +++
 5 files changed, 119 insertions(+), 1 deletion(-)

diff -pruN selinux-testsuite-git-23082016-orig/policy/Makefile 
selinux-testsuite-git-23082016/policy/Makefile
--- selinux-testsuite-git-23082016-orig/policy/Makefile 2016-08-23 
20:50:08.527633728 +0200
+++ selinux-testsuite-git-23082016/policy/Makefile  2016-08-24 
00:56:38.114854854 +0200
@@ -20,7 +20,7 @@ TARGETS = \
test_task_create.te test_task_getpgid.te test_task_getsched.te \
test_task_getsid.te test_task_setpgid.te test_task_setsched.te \
test_transition.te test_inet_socket.te test_unix_socket.te \
-   test_wait.te test_mmap.te
+   test_alg_socket.te test_wait.te test_mmap.te
 
 ifeq ($(shell [ $(POL_VERS) -ge 24 ] && echo true),true)
 TARGETS += test_bounds.te
diff -pruN selinux-testsuite-git-23082016-orig/policy/test_alg_socket.te 
selinux-testsuite-git-23082016/policy/test_alg_socket.te
--- selinux-testsuite-git-23082016-orig/policy/test_alg_socket.te   
1970-01-01 01:00:00.0 +0100
+++ selinux-testsuite-git-23082016/policy/test_alg_socket.te2016-08-24 
00:31:51.588695889 +0200
@@ -0,0 +1,25 @@
+#
+#
+# Policy for testing sockets in
+# the AF_ALG namespace (Crypto
+# API).
+#
+
+attribute algsocketdomain;
+
+# Domain for client process.
+type test_alg_socket_client_t;
+domain_type(test_alg_socket_client_t)
+unconfined_runs_test(test_alg_socket_client_t)
+typeattribute test_alg_socket_client_t testdomain;
+typeattribute test_alg_socket_client_t algsocketdomain;
+
+# client can bind socket.
+allow test_alg_socket_client_t self:alg_socket bind;
+
+# client can request to load a kernel module
+kernel_request_load_module(algsocketdomain)
+
+# Allow all of these domains to be entered from the sysadm domain.
+miscfiles_domain_entry_test_files(algsocketdomain)
+userdom_sysadm_entry_spec_domtrans_to(algsocketdomain)
diff -pruN selinux-testsuite-git-23082016-orig/tests/alg_socket/client.c 
selinux-testsuite-git-23082016/tests/alg_socket/client.c
--- selinux-testsuite-git-23082016-orig/tests/alg_socket/client.c   
1970-01-01 01:00:00.0 +0100
+++ selinux-testsuite-git-23082016/tests/alg_socket/client.c2016-08-24 
00:58:47.075516771 +0200
@@ -0,0 +1,66 @@
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+void usage(char *progname)
+{
+   fprintf(stderr,
+   "usage:  %s [succeed|fail]\n",
+   progname);
+   exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+   int succeed;
+   int sock;
+
+   if (argc != 2)
+   usage(argv[0]);
+
+   if (!strcmp(argv[1], "succeed"))
+   succeed = 1;
+   else if (!strcmp(argv[1], "fail"))
+   succeed = 0;
+   else
+   usage(argv[0]);
+
+   sock = socket(AF_ALG, SOCK_SEQPACKET, 0);
+   if (sock < 0) {
+   perror("socket");
+   exit(1);
+   }
+
+   if (succeed == 1) {
+   struct sockaddr_alg sa_good = {
+   .salg_family = AF_ALG,
+   .salg_type = "hash",
+   .salg_name = "sha256",
+   };
+
+   if (bind(sock, (struct sockaddr *) _good, sizeof(sa_good)) < 
0) {
+   perror("bind (algorithm available)");
+   close(sock);
+   exit(1);
+   }
+   } else {
+   struct sockaddr_alg sa_bad = {
+   .salg_family = AF_ALG,
+   .salg_type = "hash",
+   .salg_name = "NOTAVAILABLE",
+   };
+
+   if (bind(sock, (struct sockaddr *) _bad, sizeof(sa_bad)) < 
0) {
+   perror("bind (algorithm not available)");
+   close(sock);
+   exit(1);
+   }
+   }
+
+   close(sock);
+   exit(0);
+}
diff -pruN selinux-testsuite-git-23082016-orig/tests/alg_socket/Makefile 
selinux-testsuite-git-23082016/tests/alg_socket/Makefile
--- selinux-testsuite-git-23082016-orig/tests/alg_socket/Makefile   
1970-01-01 01:00:00.0 +0100
+++ selinux-testsuite-git-23082016/tests/alg_socket/Makefile2016-08-23 
23:07:46.866079516 +0200
@@ -0,0 +1,5 @@
+TARGETS=client
+
+all: $(TARGETS)
+clean:
+   rm -f $(TARGETS)
diff -pruN selinux-testsuite-git-23082016-orig/tests/alg_socket/test 
selinux-testsuite-git-23082016/tests/alg_socket/test
--- selinux-testsuite-git-23082016-orig/tests/alg_socket/test   1970-01-01

Re: [PATCH v5] Classify AF_ALG sockets

2016-08-23 Thread Paul Moore

On Tue, Aug 23, 2016 at 10:42 AM, Stephen Smalley  wrote:
> On 08/23/2016 10:14 AM, Guido Trentalancia wrote:
>> Modify the SELinux kernel code so that it is able to classify sockets with
>> the new AF_ALG namespace (used for the user-space interface to the kernel
>> Crypto API).
>>
>> A companion patch has been created for the Reference Policy and it will be
>> posted to its mailing list, once this patch is merged.
>
> 1. Could we reclaim the redhat1 policy capability (originally reserved
> for the ptrace_child capability that was later discarded and is not used
> anywhere), or would that pose any compatibility problems (I don't think
> so, but not entirely sure)?

Yes, we *should* be able to reuse the capability, but some closer
inspection/testing would likely need to be done.  There was a thread
about this somewhere a few months ago ...

> 2. Could we generalize this to support separate classes for every
> address family implemented by Linux rather than doing them piecemeal?

I agree.  I think Guido mentioned this might take some more time, but
that is fine with me, I don't believe there is any hard deadline for
this work.

-- 
paul moore
www.paul-moore.com
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH 3/3] selinux: fix overflow and 0 length allocations

2016-08-23 Thread Paul Moore

On Tue, Aug 23, 2016 at 4:49 PM,   wrote:
> From: William Roberts 
>
> Throughout the SE Linux LSM, values taken from sepolicy are

I'll take a closer look at this patchset after LinuxCon/LSS, but
thanks for doing this ... however, one little bikeshed thing that
drives me crazy is the use of "SE Linux" instead of "SELinux".  Don't
change anything you've submitted, but in the future please use SELinux
;)

> used in places where length == 0 or length == 
> matter, find and fix these.
>
> Signed-off-by: William Roberts 
> ---
>  security/selinux/ss/conditional.c | 3 +++
>  security/selinux/ss/policydb.c| 4 
>  security/selinux/ss/private.h | 7 +++
>  3 files changed, 14 insertions(+)
>  create mode 100644 security/selinux/ss/private.h
>
> diff --git a/security/selinux/ss/conditional.c 
> b/security/selinux/ss/conditional.c
> index 456e1a9..ecc0fb6 100644
> --- a/security/selinux/ss/conditional.c
> +++ b/security/selinux/ss/conditional.c
> @@ -16,6 +16,7 @@
>  #include "security.h"
>  #include "conditional.h"
>  #include "services.h"
> +#include "private.h"
>
>  /*
>   * cond_evaluate_expr evaluates a conditional expr
> @@ -242,6 +243,8 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, 
> void *fp)
> goto err;
>
> len = le32_to_cpu(buf[2]);
> +   if (zero_or_saturated(len))
> +   goto err;
>
> rc = -ENOMEM;
> key = kmalloc(len + 1, GFP_KERNEL);
> diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
> index 4b24385..0e881f3 100644
> --- a/security/selinux/ss/policydb.c
> +++ b/security/selinux/ss/policydb.c
> @@ -38,6 +38,7 @@
>  #include "conditional.h"
>  #include "mls.h"
>  #include "services.h"
> +#include "private.h"
>
>  #define _DEBUG_HASHES
>
> @@ -1094,6 +1095,9 @@ static int str_read(char **strp, gfp_t flags, void *fp, 
> u32 len)
> int rc;
> char *str;
>
> +   if (zero_or_saturated(len))
> +   return -EINVAL;
> +
> str = kmalloc(len + 1, flags);
> if (!str)
> return -ENOMEM;
> diff --git a/security/selinux/ss/private.h b/security/selinux/ss/private.h
> new file mode 100644
> index 000..0e81a78
> --- /dev/null
> +++ b/security/selinux/ss/private.h
> @@ -0,0 +1,7 @@
> +#ifndef PRIVATE_H_
> +#define PRIVATE_H_
> +
> +#define is_saturated(x) (x == (typeof(x))-1)
> +#define zero_or_saturated(x) ((x == 0) || is_saturated(x))
> +
> +#endif
> --
> 1.9.1
>
> ___
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
> To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.



-- 
paul moore
www.paul-moore.com
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

[PATCH 3/3] selinux: fix overflow and 0 length allocations

2016-08-23 Thread william . c . roberts

From: William Roberts 

Throughout the SE Linux LSM, values taken from sepolicy are
used in places where length == 0 or length == 
matter, find and fix these.

Signed-off-by: William Roberts 
---
 security/selinux/ss/conditional.c | 3 +++
 security/selinux/ss/policydb.c| 4 
 security/selinux/ss/private.h | 7 +++
 3 files changed, 14 insertions(+)
 create mode 100644 security/selinux/ss/private.h

diff --git a/security/selinux/ss/conditional.c 
b/security/selinux/ss/conditional.c
index 456e1a9..ecc0fb6 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -16,6 +16,7 @@
 #include "security.h"
 #include "conditional.h"
 #include "services.h"
+#include "private.h"
 
 /*
  * cond_evaluate_expr evaluates a conditional expr
@@ -242,6 +243,8 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, 
void *fp)
goto err;
 
len = le32_to_cpu(buf[2]);
+   if (zero_or_saturated(len))
+   goto err;
 
rc = -ENOMEM;
key = kmalloc(len + 1, GFP_KERNEL);
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 4b24385..0e881f3 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -38,6 +38,7 @@
 #include "conditional.h"
 #include "mls.h"
 #include "services.h"
+#include "private.h"
 
 #define _DEBUG_HASHES
 
@@ -1094,6 +1095,9 @@ static int str_read(char **strp, gfp_t flags, void *fp, 
u32 len)
int rc;
char *str;
 
+   if (zero_or_saturated(len))
+   return -EINVAL;
+
str = kmalloc(len + 1, flags);
if (!str)
return -ENOMEM;
diff --git a/security/selinux/ss/private.h b/security/selinux/ss/private.h
new file mode 100644
index 000..0e81a78
--- /dev/null
+++ b/security/selinux/ss/private.h
@@ -0,0 +1,7 @@
+#ifndef PRIVATE_H_
+#define PRIVATE_H_
+
+#define is_saturated(x) (x == (typeof(x))-1)
+#define zero_or_saturated(x) ((x == 0) || is_saturated(x))
+
+#endif
-- 
1.9.1

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

[PATCH 2/3] selinux: initialize structures

2016-08-23 Thread william . c . roberts

From: William Roberts 

libsepol pointed out an issue where its possible to have
an unitialized jmp and invalid dereference, fix this.
While we're here, zero allocate all the *_val_to_struct
structures.

Signed-off-by: William Roberts 
---
 security/selinux/ss/policydb.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 992a315..4b24385 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -541,21 +541,21 @@ static int policydb_index(struct policydb *p)
 
rc = -ENOMEM;
p->class_val_to_struct =
-   kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)),
+   kzalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)),
GFP_KERNEL);
if (!p->class_val_to_struct)
goto out;
 
rc = -ENOMEM;
p->role_val_to_struct =
-   kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
+   kzalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
GFP_KERNEL);
if (!p->role_val_to_struct)
goto out;
 
rc = -ENOMEM;
p->user_val_to_struct =
-   kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
+   kzalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
GFP_KERNEL);
if (!p->user_val_to_struct)
goto out;
@@ -964,7 +964,7 @@ int policydb_context_isvalid(struct policydb *p, struct 
context *c)
 * Role must be authorized for the type.
 */
role = p->role_val_to_struct[c->role - 1];
-   if (!ebitmap_get_bit(>types, c->type - 1))
+   if (!role || !ebitmap_get_bit(>types, c->type - 1))
/* role may not be associated with type */
return 0;
 
-- 
1.9.1

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

[PATCH 1/3] selinux: detect invalid ebitmap

2016-08-23 Thread william . c . roberts

From: William Roberts 

When count is 0 and the highbit is not zero, the ebitmap is not
valid and the internal node is not allocated. This causes issues
when routines, like mls_context_isvalid() attempt to use the
ebitmap_for_each_bit() and ebitmap_node_get_bit() as they assume
a highbit > 0 will have a node allocated.
---
 security/selinux/ss/ebitmap.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
index 894b6cd..7d10e5d 100644
--- a/security/selinux/ss/ebitmap.c
+++ b/security/selinux/ss/ebitmap.c
@@ -374,6 +374,9 @@ int ebitmap_read(struct ebitmap *e, void *fp)
goto ok;
}
 
+   if (e->highbit && !count)
+   goto bad;
+
for (i = 0; i < count; i++) {
rc = next_entry(, fp, sizeof(u32));
if (rc < 0) {
-- 
1.9.1

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH v3 2/2] genhomedircon: add support for %group syntax

2016-08-23 Thread Stephen Smalley

On 08/22/2016 05:03 PM, Gary Tierney wrote:
> semanage-login supports login mappings using the %group syntax, but
> genhomedircon does not expand groups to the users belonging to them.
> 
> This commit adds support for generating home directory contexts for login
> mappings using the group syntax and adds error reporting for handling cases
> where there is ambiguity due to a user belonging to multiple groups mapped by
> semanage-login. If a login mapping is added for the user which belongs to
> multiple groups it will take precedence and resolve the ambiguity issue.
> 
> Signed-off-by: Gary Tierney 

Thanks, applied both patches.

> ---
>  libsemanage/src/genhomedircon.c | 311 
> +++-
>  1 file changed, 243 insertions(+), 68 deletions(-)
> 
> diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
> index 698b907..cce3884 100644
> --- a/libsemanage/src/genhomedircon.c
> +++ b/libsemanage/src/genhomedircon.c
> @@ -48,6 +48,8 @@
>  #include 
>  #include 
>  #include 
> +#include 
> +#include 
>  
>  /* paths used in get_home_dirs() */
>  #define PATH_ETC_USERADD "/etc/default/useradd"
> @@ -98,6 +100,7 @@ typedef struct user_entry {
>   char *prefix;
>   char *home;
>   char *level;
> + char *login;
>   struct user_entry *next;
>  } genhomedircon_user_entry_t;
>  
> @@ -486,6 +489,11 @@ static int USER_CONTEXT_PRED(const char *string)
>   return (int)(strstr(string, TEMPLATE_USER) != NULL);
>  }
>  
> +static int STR_COMPARATOR(const void *a, const void *b)
> +{
> + return strcmp((const char *) a, (const char *) b);
> +}
> +
>  /* make_tempate
>   * @params the settings holding the paths to various files
>   * @parampredfunction pointer to function to use as filter for slurp
> @@ -652,6 +660,24 @@ static int write_user_context(genhomedircon_settings_t * 
> s, FILE * out,
>   return write_replacements(s, out, tpl, repl);
>  }
>  
> +static int seuser_sort_func(const void *arg1, const void *arg2)
> +{
> + const semanage_seuser_t **u1 = (const semanage_seuser_t **) arg1;
> + const semanage_seuser_t **u2 = (const semanage_seuser_t **) arg2;;
> + const char *name1 = semanage_seuser_get_name(*u1);
> + const char *name2 = semanage_seuser_get_name(*u2);
> +
> + if (name1[0] == '%' && name2[0] == '%') {
> + return 0;
> + } else if (name1[0] == '%') {
> + return 1;
> + } else if (name2[0] == '%') {
> + return -1;
> + }
> +
> + return strcmp(name1, name2);
> +}
> +
>  static int user_sort_func(semanage_user_t ** arg1, semanage_user_t ** arg2)
>  {
>   return strcmp(semanage_user_get_name(*arg1),
> @@ -665,7 +691,8 @@ static int name_user_cmp(char *key, semanage_user_t ** 
> val)
>  
>  static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n,
>  const char *u, const char *g, const char *sen,
> -const char *pre, const char *h, const char *l)
> +const char *pre, const char *h, const char *l,
> +const char *ln)
>  {
>   genhomedircon_user_entry_t *temp = NULL;
>   char *name = NULL;
> @@ -675,6 +702,7 @@ static int push_user_entry(genhomedircon_user_entry_t ** 
> list, const char *n,
>   char *prefix = NULL;
>   char *home = NULL;
>   char *level = NULL;
> + char *lname = NULL;
>  
>   temp = malloc(sizeof(genhomedircon_user_entry_t));
>   if (!temp)
> @@ -700,6 +728,9 @@ static int push_user_entry(genhomedircon_user_entry_t ** 
> list, const char *n,
>   level = strdup(l);
>   if (!level)
>   goto cleanup;
> + lname = strdup(ln);
> + if (!lname)
> + goto cleanup;
>  
>   temp->name = name;
>   temp->uid = uid;
> @@ -708,6 +739,7 @@ static int push_user_entry(genhomedircon_user_entry_t ** 
> list, const char *n,
>   temp->prefix = prefix;
>   temp->home = home;
>   temp->level = level;
> + temp->login = lname;
>   temp->next = (*list);
>   (*list) = temp;
>  
> @@ -721,6 +753,7 @@ static int push_user_entry(genhomedircon_user_entry_t ** 
> list, const char *n,
>   free(prefix);
>   free(home);
>   free(level);
> + free(lname);
>   free(temp);
>   return STATUS_ERR;
>  }
> @@ -741,6 +774,7 @@ static void pop_user_entry(genhomedircon_user_entry_t ** 
> list)
>   free(temp->prefix);
>   free(temp->home);
>   free(temp->level);
> + free(temp->login);
>   free(temp);
>  }
>  
> @@ -790,7 +824,8 @@ static int setup_fallback_user(genhomedircon_settings_t * 
> s)
>  
>   if (push_user_entry(&(s->fallback), FALLBACK_NAME,
>   FALLBACK_UIDGID, FALLBACK_UIDGID,
> - seuname, prefix, "", level) != 0)
> + seuname, prefix, "", level,

Re: [PATCH 0/2] genhomedircon: add support for %group syntax

2016-08-23 Thread Stephen Smalley

On 08/23/2016 09:18 AM, Jason Zaman wrote:
> On Tue, Aug 23, 2016 at 08:54:17AM -0400, Stephen Smalley wrote:
>> On 08/22/2016 04:22 PM, Gary Tierney wrote:
>>> From: Gary Tierney 
>>>
>>> Re-spin of my original patch that adds support for logins mapped using the
>>> group %syntax to genhomedircon.  This version includes fixes for the issues
>>> raised by Jason and splits the bugfix into a separate commit.
>>>
>>> There was a bit of confusion about the MLS level, I think, since 
>>> semanage-user
>>> supports a default MLS level and not semanage-login.  So it wouldn't be 
>>> possible
>>> for a login to have a more specific level than the fallback login in that 
>>> case.
>>> Though the bugfix still addresses an issue with home directories outside of
>>> /home / LU_HOMEDIRCETORY and is required for the second commit.
>>
>> semanage login can set a more limited range for a Linux user than what
>> is allowed for the SELinux user.  Thus, you can have a single SELinux
>> user that is authorized for a wider range but narrow its scope on a
>> per-Linux-user basis via semanage login.
> 
> semanage user has --level and --range
> semanage login has only --range.
> You mean setting --range on a specific linux user to be a subset of what
> is in the semanage user range?

Yes; you can set it to either a subrange or even just a single level
within the user range, and thereby constrain that particular Linux user
to only that subrange or level.  Avoids requiring one to define a
separate SELinux user for every possible level/range that you want to
authorize for an individual Linux user.  That's why semanage login range
(aka seusers range) exists.

> What exactly is semanage user --level used for then? and which one(s?)

It depends. It won't be used at all if it doesn't fall within the
semanage login range for the Linux user - then the semanage login
range's low level wins.  If it does fall within the semanage login range
for the Linux user, then it is used as the low level for the user's
context at login time.

The logic is rather complicated, both as a result of historical changes
(original MLS -> modern MLS model, introduction of seusers and semanage
login) and by various use cases.  There is quite a bit of historical
baggage and complexity in the computation of user contexts at login time
that I'd like to see eliminated and consolidated; currently it is spread
across pam_selinux, libselinux, and the kernel.

> of all these values matter for genhomedircon? Is it --level or is it just the
> lowest one within login --range?

Presently appears to always use the semanage user level.  That's correct
in the case where it falls within the semanage login range, but not in
the other case.

> meriadoc ~ #  semanage user -l
> Labelling  MLS/   MLS/
> SELinux UserPrefix MCS Level  MCS Range  SELinux 
> Roles
> 
> rootsysadm s0 s0-s0:c0.c1023 staff_r 
> sysadm_r
> 
> In the prev version of the patch, I thought you meant the "s0" here which
> doesnt exist in semanage login -l.

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

[PATCH] Update libsepol to support the policy capability for AF_ALG sockets

2016-08-23 Thread Guido Trentalancia

Update libsepol with the new policy capability needed to classify
sockets in the AF_ALG namespace (Crypto API).

Signed-off-by: Guido Trentalancia 
---
 include/sepol/policydb/polcaps.h |1 +
 src/polcaps.c|1 +
 2 files changed, 2 insertions(+)

diff -pru libsepol-git-23082016/include/sepol/policydb/polcaps.h 
libsepol-git-23082016-alg_socket/include/sepol/policydb/polcaps.h
--- libsepol-git-23082016/include/sepol/policydb/polcaps.h  2016-08-23 
17:08:58.690837319 +0200
+++ libsepol-git-23082016-alg_socket/include/sepol/policydb/polcaps.h   
2016-08-23 17:13:52.794644956 +0200
@@ -11,6 +11,7 @@ enum {
POLICYDB_CAPABILITY_OPENPERM,
POLICYDB_CAPABILITY_REDHAT1, /* reserved for RH testing of ptrace_child 
*/
POLICYDB_CAPABILITY_ALWAYSNETWORK,
+   POLICYDB_CAPABILITY_ALGSOCKET, /* Crypto API socket namespace */
__POLICYDB_CAPABILITY_MAX
 };
 #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
diff -pru libsepol-git-23082016/src/polcaps.c 
libsepol-git-23082016-alg_socket/src/polcaps.c
--- libsepol-git-23082016/src/polcaps.c 2016-08-23 17:08:58.696837395 +0200
+++ libsepol-git-23082016-alg_socket/src/polcaps.c  2016-08-23 
17:11:49.145026939 +0200
@@ -10,6 +10,7 @@ static const char *polcap_names[] = {
"open_perms",   /* POLICYDB_CAPABILITY_OPENPERM */
"redhat1",  /* POLICYDB_CAPABILITY_REDHAT1, aka 
ptrace_child */
"always_check_network", /* POLICYDB_CAPABILITY_ALWAYSNETWORK */
+   "alg_socket",   /* POLICYDB_CAPABILITY_ALGSOCKET 
(Crypto API socket namespace) */
NULL
 };
 
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

[PATCH v5] Classify AF_ALG sockets

2016-08-23 Thread Guido Trentalancia

Modify the SELinux kernel code so that it is able to classify sockets with
the new AF_ALG namespace (used for the user-space interface to the kernel
Crypto API).

A companion patch has been created for the Reference Policy and it will be
posted to its mailing list, once this patch is merged.

Signed-off-by: Guido Trentalancia 
---
 security/selinux/hooks.c|5 +
 security/selinux/include/classmap.h |2 ++
 security/selinux/include/security.h |2 ++
 security/selinux/selinuxfs.c|3 ++-
 security/selinux/ss/services.c  |6 +-
 5 files changed, 16 insertions(+), 2 deletions(-)

diff -pru linux-4.7.2-orig/security/selinux/hooks.c 
linux-4.7.2/security/selinux/hooks.c
--- linux-4.7.2-orig/security/selinux/hooks.c   2016-08-22 22:31:27.737767819 
+0200
+++ linux-4.7.2/security/selinux/hooks.c2016-08-22 22:40:29.102526024 
+0200
@@ -1315,6 +1315,11 @@ static inline u16 socket_type_to_securit
return SECCLASS_KEY_SOCKET;
case PF_APPLETALK:
return SECCLASS_APPLETALK_SOCKET;
+   case PF_ALG:
+   if (selinux_policycap_algsocket)
+   return SECCLASS_ALG_SOCKET;
+   else
+   return SECCLASS_SOCKET;
}
 
return SECCLASS_SOCKET;
diff -pru linux-4.7.2-orig/security/selinux/include/classmap.h 
linux-4.7.2/security/selinux/include/classmap.h
--- linux-4.7.2-orig/security/selinux/include/classmap.h2016-08-22 
22:31:27.754768030 +0200
+++ linux-4.7.2/security/selinux/include/classmap.h 2016-08-22 
22:32:14.795355585 +0200
@@ -144,6 +144,8 @@ struct security_class_mapping secclass_m
  { COMMON_SOCK_PERMS, NULL } },
{ "appletalk_socket",
  { COMMON_SOCK_PERMS, NULL } },
+   { "alg_socket",
+ { COMMON_SOCK_PERMS, NULL } },
{ "packet",
  { "send", "recv", "relabelto", "forward_in", "forward_out", NULL } },
{ "key",
diff -pru linux-4.7.2-orig/security/selinux/include/security.h 
linux-4.7.2/security/selinux/include/security.h
--- linux-4.7.2-orig/security/selinux/include/security.h2016-03-14 
05:28:54.0 +0100
+++ linux-4.7.2/security/selinux/include/security.h 2016-08-22 
22:53:57.911660238 +0200
@@ -75,6 +75,7 @@ enum {
POLICYDB_CAPABILITY_OPENPERM,
POLICYDB_CAPABILITY_REDHAT1,
POLICYDB_CAPABILITY_ALWAYSNETWORK,
+   POLICYDB_CAPABILITY_ALGSOCKET,
__POLICYDB_CAPABILITY_MAX
 };
 #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
@@ -82,6 +83,7 @@ enum {
 extern int selinux_policycap_netpeer;
 extern int selinux_policycap_openperm;
 extern int selinux_policycap_alwaysnetwork;
+extern int selinux_policycap_algsocket;
 
 /*
  * type_datum properties
diff -pru linux-4.7.2-orig/security/selinux/selinuxfs.c 
linux-4.7.2/security/selinux/selinuxfs.c
--- linux-4.7.2-orig/security/selinux/selinuxfs.c   2016-03-14 
05:28:54.0 +0100
+++ linux-4.7.2/security/selinux/selinuxfs.c2016-08-23 14:19:43.945217071 
+0200
@@ -46,7 +46,8 @@ static char *policycap_names[] = {
"network_peer_controls",
"open_perms",
"redhat1",
-   "always_check_network"
+   "always_check_network",
+   "alg_socket"
 };
 
 unsigned int selinux_checkreqprot = CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE;
diff -pru linux-4.7.2-orig/security/selinux/ss/services.c 
linux-4.7.2/security/selinux/ss/services.c
--- linux-4.7.2-orig/security/selinux/ss/services.c 2016-08-05 
21:27:22.275588616 +0200
+++ linux-4.7.2/security/selinux/ss/services.c  2016-08-23 14:33:19.85535 
+0200
@@ -26,9 +26,10 @@
  *
  *  Added support for bounds domain and audit messaged on masked permissions
  *
- * Updated: Guido Trentalancia 
+ * Updated: Guido Trentalancia 
  *
  *  Added support for runtime switching of the policy type
+ *  Added support for classifying the AF_ALG sockets (Crypto API)
  *
  * Copyright (C) 2008, 2009 NEC Corporation
  * Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P.
@@ -73,6 +74,7 @@
 int selinux_policycap_netpeer;
 int selinux_policycap_openperm;
 int selinux_policycap_alwaysnetwork;
+int selinux_policycap_algsocket;
 
 static DEFINE_RWLOCK(policy_rwlock);
 
@@ -2016,6 +2018,8 @@ static void security_load_policycaps(voi
  POLICYDB_CAPABILITY_OPENPERM);
selinux_policycap_alwaysnetwork = ebitmap_get_bit(,
  
POLICYDB_CAPABILITY_ALWAYSNETWORK);
+   selinux_policycap_algsocket = ebitmap_get_bit(,
+ 
POLICYDB_CAPABILITY_ALGSOCKET);
 }
 
 static int security_preserve_bools(struct policydb *p);
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email

Re: [PATCH 0/2] genhomedircon: add support for %group syntax

2016-08-23 Thread Stephen Smalley

On 08/23/2016 09:50 AM, Gary Tierney wrote:
> On Tue, Aug 23, 2016 at 08:54:17AM -0400, Stephen Smalley wrote:
>> On 08/22/2016 04:22 PM, Gary Tierney wrote:
>>> From: Gary Tierney 
>>>
>>> Re-spin of my original patch that adds support for logins mapped using the
>>> group %syntax to genhomedircon.  This version includes fixes for the issues
>>> raised by Jason and splits the bugfix into a separate commit.
>>>
>>> There was a bit of confusion about the MLS level, I think, since 
>>> semanage-user
>>> supports a default MLS level and not semanage-login.  So it wouldn't be 
>>> possible
>>> for a login to have a more specific level than the fallback login in that 
>>> case.
>>> Though the bugfix still addresses an issue with home directories outside of
>>> /home / LU_HOMEDIRCETORY and is required for the second commit.
>>
>> semanage login can set a more limited range for a Linux user than what
>> is allowed for the SELinux user.  Thus, you can have a single SELinux
>> user that is authorized for a wider range but narrow its scope on a
>> per-Linux-user basis via semanage login.
>>
>>>
>>> Gary Tierney (2):
>>>   genhomedircon: generate contexts for logins mapped to the default user
>>>   genhomedircon: add support for %group syntax
>>>
>>>  libsemanage/src/genhomedircon.c | 314 
>>> +++-
>>>  1 file changed, 243 insertions(+), 71 deletions(-)
>>>
>>
> 
> Yes, it's possible for a more specific range, and not level.  Though, the 
>
> current behavior of genhomedircon is to replace any instance of "s0" with the 
>
> users (semanage-user) level.  Should the range of the login be used here 
> instead?
> I'm unsure about this.

That's true; that seems wrong to me but your patch didn't introduce it
so it won't hold up merging of your patches.




> Also, there's an identical v3 of this patch above to get rid of the erroneous 
>
> committer / signed-off-by / author information in this patch.  Sorry about
>
> that.


___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH 0/2] genhomedircon: add support for %group syntax

2016-08-23 Thread Gary Tierney

On Tue, Aug 23, 2016 at 08:54:17AM -0400, Stephen Smalley wrote:
> On 08/22/2016 04:22 PM, Gary Tierney wrote:
> > From: Gary Tierney 
> > 
> > Re-spin of my original patch that adds support for logins mapped using the
> > group %syntax to genhomedircon.  This version includes fixes for the issues
> > raised by Jason and splits the bugfix into a separate commit.
> > 
> > There was a bit of confusion about the MLS level, I think, since 
> > semanage-user
> > supports a default MLS level and not semanage-login.  So it wouldn't be 
> > possible
> > for a login to have a more specific level than the fallback login in that 
> > case.
> > Though the bugfix still addresses an issue with home directories outside of
> > /home / LU_HOMEDIRCETORY and is required for the second commit.
> 
> semanage login can set a more limited range for a Linux user than what
> is allowed for the SELinux user.  Thus, you can have a single SELinux
> user that is authorized for a wider range but narrow its scope on a
> per-Linux-user basis via semanage login.
> 
> > 
> > Gary Tierney (2):
> >   genhomedircon: generate contexts for logins mapped to the default user
> >   genhomedircon: add support for %group syntax
> > 
> >  libsemanage/src/genhomedircon.c | 314 
> > +++-
> >  1 file changed, 243 insertions(+), 71 deletions(-)
> > 
> 

Yes, it's possible for a more specific range, and not level.  Though, the   
 
current behavior of genhomedircon is to replace any instance of "s0" with the   
 
users (semanage-user) level.  Should the range of the login be used here 
instead?
I'm unsure about this.  
 

 
Also, there's an identical v3 of this patch above to get rid of the erroneous   
 
committer / signed-off-by / author information in this patch.  Sorry about  
 
that.

-- 
Gary Tierney

GPG fingerprint: 412C 0EF9 C305 68E6 B660  BDAF 706E D765 85AA 79D8
https://sks-keyservers.net/pks/lookup?op=get=0x706ED76585AA79D8
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH v4] Classify AF_ALG sockets

2016-08-23 Thread Paul Moore

On Tue, Aug 23, 2016 at 9:05 AM, Stephen Smalley  wrote:
> On 08/22/2016 06:36 PM, Paul Moore wrote:
>> On Mon, Aug 22, 2016 at 5:04 PM, Guido Trentalancia
>>  wrote:
>>> Modify the SELinux kernel code so that it is able to classify sockets with
>>> the new AF_ALG namespace (used for the user-space interface to the kernel
>>> Crypto API).
>>>
>>> A companion patch has been created for the Reference Policy and it will be
>>> posted to its mailing list, once this patch is merged.
>>>
>>> Signed-off-by: Guido Trentalancia 
>>> ---
>>>  security/selinux/hooks.c|5 +
>>>  security/selinux/include/classmap.h |2 ++
>>>  security/selinux/include/security.h |2 ++
>>>  security/selinux/ss/services.c  |3 +++
>>>  4 files changed, 12 insertions(+)
>>
>> You are still missing the policy capability code for
>> security/selinux/selinuxfs.c.  I think it would also be a good idea to
>> write a test for this and add it to the selinux-testsuite; not only
>> will this help us confirm this code works as expected, but it will
>> demonstrate what the new policy would look like and help establish a
>> regression test for future use.
>>
>>  * https://github.com/SELinuxProject/selinux-testsuite
>
> I also think that if we are going to go to the trouble of adding a new
> policy capability for this (versus just relying on
> handle_unknown=allow), then we ought to identify and define all socket
> classes that we think we might want.  Otherwise we'll end up with 50
> different policy capabilities, one for each new socket class.

To be clear, we can't rely only on the new/unknown object class
handling for this particular case since this change would convert some
of the existing generic socket access checks to the algsocket access
checks which could result in undesired access for policies which set
handle_unknown=allow.  The new/unknown object class handling works
well for new access controls, but sometimes has problems with modified
access controls.

As far as additional socket classes are concerned, it does some
reasonable to add more than just AF_ALG in an effort to try and
consolidate things.  Guido, is this something you would be willing to
work on?

-- 
paul moore
www.paul-moore.com
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH 0/2] genhomedircon: add support for %group syntax

2016-08-23 Thread Jason Zaman

On Tue, Aug 23, 2016 at 08:54:17AM -0400, Stephen Smalley wrote:
> On 08/22/2016 04:22 PM, Gary Tierney wrote:
> > From: Gary Tierney 
> > 
> > Re-spin of my original patch that adds support for logins mapped using the
> > group %syntax to genhomedircon.  This version includes fixes for the issues
> > raised by Jason and splits the bugfix into a separate commit.
> > 
> > There was a bit of confusion about the MLS level, I think, since 
> > semanage-user
> > supports a default MLS level and not semanage-login.  So it wouldn't be 
> > possible
> > for a login to have a more specific level than the fallback login in that 
> > case.
> > Though the bugfix still addresses an issue with home directories outside of
> > /home / LU_HOMEDIRCETORY and is required for the second commit.
> 
> semanage login can set a more limited range for a Linux user than what
> is allowed for the SELinux user.  Thus, you can have a single SELinux
> user that is authorized for a wider range but narrow its scope on a
> per-Linux-user basis via semanage login.

semanage user has --level and --range
semanage login has only --range.
You mean setting --range on a specific linux user to be a subset of what
is in the semanage user range?

What exactly is semanage user --level used for then? and which one(s?)
of all these values matter for genhomedircon? Is it --level or is it just the
lowest one within login --range?

meriadoc ~ #  semanage user -l
Labelling  MLS/   MLS/
SELinux UserPrefix MCS Level  MCS Range  SELinux 
Roles

rootsysadm s0 s0-s0:c0.c1023 staff_r 
sysadm_r

In the prev version of the patch, I thought you meant the "s0" here which
doesnt exist in semanage login -l.

-- Jason

> > Gary Tierney (2):
> >   genhomedircon: generate contexts for logins mapped to the default user
> >   genhomedircon: add support for %group syntax
> > 
> >  libsemanage/src/genhomedircon.c | 314 
> > +++-
> >  1 file changed, 243 insertions(+), 71 deletions(-)
> > 
> 
> ___
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
> To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH v4] Classify AF_ALG sockets

2016-08-23 Thread Stephen Smalley

On 08/22/2016 06:36 PM, Paul Moore wrote:
> On Mon, Aug 22, 2016 at 5:04 PM, Guido Trentalancia
>  wrote:
>> Modify the SELinux kernel code so that it is able to classify sockets with
>> the new AF_ALG namespace (used for the user-space interface to the kernel
>> Crypto API).
>>
>> A companion patch has been created for the Reference Policy and it will be
>> posted to its mailing list, once this patch is merged.
>>
>> Signed-off-by: Guido Trentalancia 
>> ---
>>  security/selinux/hooks.c|5 +
>>  security/selinux/include/classmap.h |2 ++
>>  security/selinux/include/security.h |2 ++
>>  security/selinux/ss/services.c  |3 +++
>>  4 files changed, 12 insertions(+)
> 
> You are still missing the policy capability code for
> security/selinux/selinuxfs.c.  I think it would also be a good idea to
> write a test for this and add it to the selinux-testsuite; not only
> will this help us confirm this code works as expected, but it will
> demonstrate what the new policy would look like and help establish a
> regression test for future use.
> 
>  * https://github.com/SELinuxProject/selinux-testsuite

I also think that if we are going to go to the trouble of adding a new
policy capability for this (versus just relying on
handle_unknown=allow), then we ought to identify and define all socket
classes that we think we might want.  Otherwise we'll end up with 50
different policy capabilities, one for each new socket class.  This is
already on the kernel todo list,
https://github.com/SELinuxProject/selinux/wiki/Kernel-Todo

* Improve support for the different network address families with more
socket classes

Extend SELinux to support distinctions among more (all?) address
families by defining new socket security classes in policy and updating
the kernel logic to map them correctly. In the kernel, add the classes
to security/selinux/include/classmap.h and update
security/selinux/hooks.c:socket_type_to_security_class() to map the
socket domain to its class. In the policy, add the classes to
security_classes and access_vectors and add allow rules as appropriate.
Otherwise, many sockets get mapped to the generic socket class and are
indistinguishable in policy. Example: bluetooth sockets.

> 
>> diff -pru linux-4.7.2-orig/security/selinux/hooks.c 
>> linux-4.7.2/security/selinux/hooks.c
>> --- linux-4.7.2-orig/security/selinux/hooks.c   2016-08-22 
>> 22:31:27.737767819 +0200
>> +++ linux-4.7.2/security/selinux/hooks.c2016-08-22 
>> 22:40:29.102526024 +0200
>> @@ -1315,6 +1315,11 @@ static inline u16 socket_type_to_securit
>> return SECCLASS_KEY_SOCKET;
>> case PF_APPLETALK:
>> return SECCLASS_APPLETALK_SOCKET;
>> +   case PF_ALG:
>> +   if (selinux_policycap_algsocket)
>> +   return SECCLASS_ALG_SOCKET;
>> +   else
>> +   return SECCLASS_SOCKET;
>> }
>>
>> return SECCLASS_SOCKET;
>> diff -pru linux-4.7.2-orig/security/selinux/include/classmap.h 
>> linux-4.7.2/security/selinux/include/classmap.h
>> --- linux-4.7.2-orig/security/selinux/include/classmap.h2016-08-22 
>> 22:31:27.754768030 +0200
>> +++ linux-4.7.2/security/selinux/include/classmap.h 2016-08-22 
>> 22:32:14.795355585 +0200
>> @@ -144,6 +144,8 @@ struct security_class_mapping secclass_m
>>   { COMMON_SOCK_PERMS, NULL } },
>> { "appletalk_socket",
>>   { COMMON_SOCK_PERMS, NULL } },
>> +   { "alg_socket",
>> + { COMMON_SOCK_PERMS, NULL } },
>> { "packet",
>>   { "send", "recv", "relabelto", "forward_in", "forward_out", NULL } 
>> },
>> { "key",
>> diff -pru linux-4.7.2-orig/security/selinux/include/security.h 
>> linux-4.7.2/security/selinux/include/security.h
>> --- linux-4.7.2-orig/security/selinux/include/security.h2016-03-14 
>> 05:28:54.0 +0100
>> +++ linux-4.7.2/security/selinux/include/security.h 2016-08-22 
>> 22:53:57.911660238 +0200
>> @@ -75,6 +75,7 @@ enum {
>> POLICYDB_CAPABILITY_OPENPERM,
>> POLICYDB_CAPABILITY_REDHAT1,
>> POLICYDB_CAPABILITY_ALWAYSNETWORK,
>> +   POLICYDB_CAPABILITY_ALGSOCKET,
>> __POLICYDB_CAPABILITY_MAX
>>  };
>>  #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
>> @@ -82,6 +83,7 @@ enum {
>>  extern int selinux_policycap_netpeer;
>>  extern int selinux_policycap_openperm;
>>  extern int selinux_policycap_alwaysnetwork;
>> +extern int selinux_policycap_algsocket;
>>
>>  /*
>>   * type_datum properties
>> diff -pru linux-4.7.2-orig/security/selinux/ss/services.c 
>> linux-4.7.2/security/selinux/ss/services.c
>> --- linux-4.7.2-orig/security/selinux/ss/services.c 2016-08-05 
>> 21:27:22.275588616 +0200
>> +++ linux-4.7.2/security/selinux/ss/services.c  2016-08-22 
>> 22:56:58.616187510 +0200
>> @@ -73,6 +73,7 @@
>>  int selinux_policycap_netpeer;
>>  int

Re: docker daemon type label issue

2016-08-23 Thread Kashif ali

thanks jason it was very helpful

On Sun, Aug 21, 2016 at 8:49 AM, Jason Zaman  wrote:

> On Sun, Aug 21, 2016 at 07:20:57AM +0500, Kashif ali wrote:
> > Hi
> > * When i run my docker daemon with on port for communication with client
> > with the help of this command
> > => "docker daemon -H localhost:2376 --selinux-enabled &"
> >then the docker daemon have following label
> >"root:unconfined_r:unconfined_t:s0-s0:c0.c1023 2535 pts/0 00:00:00
> > dockerd"
> >
> > *  Root user is running in the following context
> > "root:unconfined_r:unconfined_t:"
> >
> > * is there anything i am missing why docker daemon don't have docker_t
> > label on it,
> >   i know as docker daemon is started by unconfined_t domain and
> > unconfined_t domain   have no domain transition then in which context the
> > docker daemon should start and as i read if init_t start the process
> > then docker daemon will have docker_t label on it so   how can i run
> docker
> > daemon with init_t context
>
> You want to run docker in the docker_t domain? then just set a domtrans
> so it will transition to docker. you do not have to go via system_u or
> init_t for that. you can also use "runcon -t docker_t docker daemon..."
> if there is no transition.
> Are you on redhat? you might want to ask on their mailing list, they'd
> be a better help probably.
>
> -- Jason
>
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH v5] Classify AF_ALG sockets

Re: [PATCH v5] Classify AF_ALG sockets

Re: [PATCH 3/3] selinux: fix overflow and 0 length allocations

[PATCH 3/3] selinux: fix overflow and 0 length allocations

[PATCH 2/3] selinux: initialize structures

[PATCH 1/3] selinux: detect invalid ebitmap

Re: [PATCH v3 2/2] genhomedircon: add support for %group syntax

Re: [PATCH 0/2] genhomedircon: add support for %group syntax

[PATCH] Update libsepol to support the policy capability for AF_ALG sockets

[PATCH v5] Classify AF_ALG sockets

Re: [PATCH 0/2] genhomedircon: add support for %group syntax

Re: [PATCH 0/2] genhomedircon: add support for %group syntax

Re: [PATCH v4] Classify AF_ALG sockets

Re: [PATCH 0/2] genhomedircon: add support for %group syntax

Re: [PATCH v4] Classify AF_ALG sockets

Re: docker daemon type label issue

16 matches

Site Navigation

Mail list logo

Footer information