Re: [PATCH v3 7/7] Smack: Handle labels consistently in untrusted mounts

-by: Seth Forshee <seth.fors...@canonical.com> Acked-by: Casey Schaufler <ca...@schaufler-ca.com> --- security/smack/smack_lsm.c | 29 +++-- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack

Re: [PATCH v4 09/11] smack: namespace groundwork

paced labels and Smack namespaces but the behaviour of Smack > should not be changed. The APIs are there, but they have no impact yet. > > Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com> > Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com> Acked-by: Casey Schauf

Re: [PATCH v4 07/11] smack: abstraction layer for 2 common Smack operations

Pawelczyk <l.pawelc...@samsung.com> > Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com> Acked-by: Casey Schaufler <ca...@schaufler-ca.com> > --- > security/smack/smack.h| 2 + > security/smack/smack_access.c | 41 > securit

Re: [PATCH v4 11/11] smack: documentation for the Smack namespace

On 10/14/2015 5:42 AM, Lukasz Pawelczyk wrote: > Adds Documentation/smack-namespace.txt. > > Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com> > Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com> Acked-by: Casey Schaufler <ca...@schaufler-ca.com> >

Re: [PATCH v4 10/11] smack: namespace implementation

t; The capabilities (CAP_MAC_ADMIN, CAP_MAC_OVERRIDE) has been allowed in > the namespace for few cases. Check the documentation for the details. > > Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com> > Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com> Acked-by: Casey Schaufler

Re: [PATCH v4 06/11] smack: don't use implicit star to display smackfs/syslog

e an access, even thought reading the smackfs/syslog > returned the same result in both cases. > > Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com> > Acked-by: Serge Hallyn <serge.hal...@canonical.com> Acked-by: Casey Schauf

Re: [PATCH v4 02/11] lsm: /proc/$PID/attr/label_map file and getprocattr_seq hook

by seq operations. > > See the documentation in the patch below for the details about how to > use the hook. > > Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com> > Acked-by: Serge Hallyn <serge.hal...@canonical.com> Acked-by: Casey Schaufler <ca...@

Re: [PATCH v4 03/11] lsm: add file opener's cred to a setprocattr arguments

-by: Lukasz Pawelczyk <l.pawelc...@samsung.com> > Acked-by: Serge Hallyn <serge.hal...@canonical.com> Acked-by: Casey Schaufler <ca...@schaufler-ca.com> > --- > fs/proc/base.c | 2 +- > include/linux/lsm_hooks.h | 18 -- > include/linu

Re: [PATCH v4 04/11] lsm: inode_pre_setxattr hook

ck namespace patches. > > Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com> > Acked-by: Serge Hallyn <serge.hal...@canonical.com> Acked-by: Casey Schaufler <ca...@schaufler-ca.com> > --- > fs/xattr.c| 10 ++ > include/linux/lsm_ho

Re: [PATCH v2 1/2] security: Add hook to invalidate inode security labels

On 10/4/2015 12:19 PM, Andreas Gruenbacher wrote: > Add a hook to invalidate an inode's security label when the cached > information becomes invalid. Where is this used? If I need to do the same for Smack or any other module, how would I know that it works right? > > Implement the new hook in

Re: [PATCH v3 6/7] Smack: Add support for unprivileged mounts from user namespaces

On 9/16/2015 1:02 PM, Seth Forshee wrote: > Security labels from unprivileged mounts cannot be trusted. > Ideally for these mounts we would assign the objects in the > filesystem the same label as the inode for the backing device > passed to mount. Unfortunately it's currently impossible to >

Re: Exposing secid to secctx mapping to user-space

On 12/15/2015 8:55 AM, Stephen Smalley wrote: > On 12/15/2015 11:06 AM, Casey Schaufler wrote: >> On 12/15/2015 7:00 AM, Stephen Smalley wrote: >>> On 12/14/2015 05:57 PM, Roberts, William C wrote: >>>> >>>>>> >>>>>> If I understa

Re: Exposing secid to secctx mapping to user-space

On 12/11/2015 2:14 PM, Stephen Smalley wrote: > On 12/11/2015 02:55 PM, Paul Moore wrote: >> On Fri, Dec 11, 2015 at 1:37 PM, Daniel Cashman wrote: >>> Hello, >>> >>> I would like to write a patch that would expose, via selinuxfs, the >>> mapping between secids in the kernel

Re: Exposing secid to secctx mapping to user-space

ecurity context string for export to userspace that could be embedded >>> in the binder transaction structure? This could avoid both the >>> limitations of the current secid (e.g. limited to 32 bits, no >>> stackability) and the overhead of copying context strings on

Re: Exposing secid to secctx mapping to user-space

transaction structure? This could avoid both the >> limitations of the current secid (e.g. limited to 32 bits, no >> stackability) and the overhead of copying context strings on every IPC. > On Friday, December 11, 2015 04:24:48 PM Casey Schaufler wrote: >> How about this: Provide

Re: Exposing secid to secctx mapping to user-space

On 12/11/2015 10:37 AM, Daniel Cashman wrote: > Hello, > > I would like to write a patch that would expose, via selinuxfs, the > mapping between secids in the kernel and security contexts to > user-space, but before doing so wanted to get some feedback as to > whether or not such an endeavor could

Re: [PATCH] LSM: Reorder security_capset to do access checks properly

On 6/1/2016 1:06 PM, Stephen Smalley wrote: > On 06/01/2016 03:27 PM, Casey Schaufler wrote: >> Subject: [PATCH] LSM: Reorder security_capset to do access checks properly >> >> The security module hooks that check whether a process should >> be able to set a new capset

[PATCH] LSM: Reorder security_capset to do access checks properly

adds cap_capset to the module list. Instead, it is invoked directly by the LSM infrastructure. This isn't an approach that generalizes well. Signed-off-by: Casey Schaufler <ca...@schaufler-ca.com> --- security/commoncap.c | 2 +- security/security.c | 24 ++-- 2 files c

Re: [PATCH] LSM: Reorder security_capset to do access checks properly

On 6/1/2016 1:38 PM, Stephen Smalley wrote: > On 06/01/2016 04:30 PM, Casey Schaufler wrote: >> On 6/1/2016 1:06 PM, Stephen Smalley wrote: >>> On 06/01/2016 03:27 PM, Casey Schaufler wrote: >>>> Subject: [PATCH] LSM: Reorder security_capset to do access checks p

Re: [RFC PATCH v2 04/13] selinux: Allocate and free infiniband security hooks

On 4/6/2016 4:33 PM, Dan Jurgens wrote: > From: Daniel Jurgens > > Implement and attach hooks to allocate and free Infiniband QP and MAD > agent security structures. > > Signed-off-by: Daniel Jurgens > Reviewed-by: Eli Cohen > --- >

Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed

On 4/13/2016 4:57 AM, Paolo Abeni wrote: > On Tue, 2016-04-12 at 06:57 -0700, Casey Schaufler wrote: >> On 4/12/2016 1:52 AM, Paolo Abeni wrote: >>> On Thu, 2016-04-07 at 14:55 -0400, Paul Moore wrote: >>>> On Thursday, April 07, 2016 01:45:32 AM Florian Westphal wrot

Re: [RFC PATCH 0/2] selinux: avoid nf hooks overhead when not needed

On 4/15/2016 2:38 AM, Paolo Abeni wrote: > On Thu, 2016-04-14 at 18:53 -0400, Paul Moore wrote: >> On Tue, Apr 12, 2016 at 4:52 AM, Paolo Abeni wrote: >>> Will be ok if we post a v2 version of this series, removing the hooks >>> de-registration bits, but preserving the selinux

Re: [PATCH] security: Use IS_ENABLED() instead of checking for built-in or module

On 7/14/2016 9:00 AM, Javier Martinez Canillas wrote: > The IS_ENABLED() macro checks if a Kconfig symbol has been enabled either > built-in or as a module, use that macro instead of open coding the same. Why? > > Signed-off-by: Javier Martinez Canillas > --- > >

Re: [PATCH] security: Use IS_ENABLED() instead of checking for built-in or module

On 7/14/2016 9:20 AM, Javier Martinez Canillas wrote: > Hello Casey, > > On 07/14/2016 12:17 PM, Casey Schaufler wrote: >> On 7/14/2016 9:00 AM, Javier Martinez Canillas wrote: >>> The IS_ENABLED() macro checks if a Kconfig symbol has been enabled either >>> built-

Re: [PATCH] security: Use IS_ENABLED() instead of checking for built-in or module

On 7/14/2016 12:57 PM, Paul Moore wrote: > On Thu, Jul 14, 2016 at 12:30 PM, Casey Schaufler > <ca...@schaufler-ca.com> wrote: >> On 7/14/2016 9:20 AM, Javier Martinez Canillas wrote: >>> Hello Casey, >>> >>> On 07/14/2016 12:17 PM, Casey Schaufler wrot

Re: [RFC][PATCH 1/2 v2] proc: Relax /proc//timerslack_ns capability requirements

On 7/15/2016 11:56 AM, Kees Cook wrote: > On Fri, Jul 15, 2016 at 11:42 AM, John Stultz wrote: >> On Fri, Jul 15, 2016 at 10:51 AM, Nick Kralevich wrote: >>> On Fri, Jul 15, 2016 at 10:24 AM, John Stultz >>> wrote: +

Re: [PATCH 04/12] selinux: Allocate and free infiniband security hooks

On 7/1/2016 12:17 PM, Paul Moore wrote: > On Fri, Jul 1, 2016 at 2:59 PM, Daniel Jurgens <dani...@mellanox.com> wrote: >> On 7/1/2016 1:54 PM, Paul Moore wrote: >>> On Thu, Jun 30, 2016 at 5:48 PM, Daniel Jurgens <dani...@mellanox.com> >>> wrote: >>&

Re: [PATCH 03/12] selinux: Implement Infiniband flush callback

On 6/30/2016 12:52 PM, Paul Moore wrote: > On Thu, Jun 30, 2016 at 11:44 AM, Daniel Jurgens wrote: >> On 6/30/2016 10:10 AM, Yuval Shaia wrote: >>> On Thu, Jun 23, 2016 at 10:52:49PM +0300, Dan Jurgens wrote: >>> +static void (*ib_flush_callback)(void); >>> Do we really

Re: [PATCH 04/12] selinux: Allocate and free infiniband security hooks

On 6/30/2016 1:42 PM, Paul Moore wrote: > On Thu, Jun 23, 2016 at 3:52 PM, Dan Jurgens wrote: >> From: Daniel Jurgens >> >> Implement and attach hooks to allocate and free Infiniband QP and MAD >> agent security structures. >> >> Signed-off-by: Daniel

Re: [kernel-hardening] Re: [RFC v2 PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS

On 2/17/2017 7:05 AM, Tetsuo Handa wrote: > Casey Schaufler wrote: >> On 2/16/2017 3:00 AM, Tetsuo Handa wrote: >>> Casey Schaufler wrote: >>>> I can't say that I'm buying the value of the additional >>>> complexity here. Sure, you're protecting part

Re: [RFC v2 PATCH 1/2] security: introduce CONFIG_SECURITY_WRITABLE_HOOKS

On 2/15/2017 6:42 AM, Tetsuo Handa wrote: > James Morris wrote: >> On Tue, 14 Feb 2017, Tetsuo Handa wrote: >> diff --git a/security/Kconfig b/security/Kconfig index 118f454..f6f90c4 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -31,6 +31,11 @@ config SECURITY

Re: [PATCH 15/46] selinux: One check and function call less in genfs_read() after error detection

On 1/15/2017 7:15 AM, SF Markus Elfring wrote: > From: Markus Elfring > Date: Sat, 14 Jan 2017 18:29:20 +0100 > > Adjust a jump target to avoid a check repetition at the end after a memory > allocation failed for the local variable "newgenfs". > > Signed-off-by:

Re: [PATCH 07/46] selinux: Delete unnecessary variable assignments in policydb_index()

On 1/15/2017 7:04 AM, SF Markus Elfring wrote: > From: Markus Elfring > Date: Sat, 14 Jan 2017 13:40:25 +0100 > > The local variable "rc" was reset with an error code up to five times > before a memory allocation failure was detected. > > Add a jump target so that

Re: [PATCH 15/46] selinux: One check and function call less in genfs_read() after error detection

On 1/17/2017 8:37 AM, SF Markus Elfring wrote: >>> @@ -2015,7 +2015,7 @@ static int genfs_read(struct policydb *p, void *fp) >>> newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL); >>> if (!newgenfs) { >>> rc = -ENOMEM; >>> - goto out;

Re: [PATCH 45/46] selinux: Use common error handling code in sidtab_insert()

On 1/15/2017 7:45 AM, SF Markus Elfring wrote: > From: Markus Elfring > Date: Sun, 15 Jan 2017 13:45:45 +0100 > > Add a jump target so that a bit of exception handling can be better reused > at the end of this function. > > Signed-off-by: Markus Elfring

Re: [PATCH 21/46] selinux: Two function calls less in range_read() after error detection

On 1/15/2017 7:21 AM, SF Markus Elfring wrote: > From: Markus Elfring > Date: Sat, 14 Jan 2017 20:20:15 +0100 > > Adjust a jump target to avoid two calls of the function "kfree" at the end > after a memory allocation failed for the local variable "rt". > >

Mapping of subject context to CIPSO

I am looking for a way to dump the mapping of a process context to its associated CIPSO representation. I could hack a kernel to do this, but if there's an obvious way to do it already I'd rather not. Thank you. ___ Selinux mailing list

Re: SELinux system configuration using CIPSO

On 11/22/2016 1:42 PM, Paul Moore wrote: > On Tue, Nov 22, 2016 at 12:32 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote: >> On 11/22/2016 11:44 AM, Richard Haines wrote: >>> On Tue, 2016-11-15 at 09:28 -0800, Casey Schaufler wrote: >>>> I am looking for an S

SELinux system configuration using CIPSO

I am looking for an SELinux configuration that uses CIPSO. Ideally, it would be based on a readily available distro, but I'm willing to perform semi-heroic acts if I have too. I'm not in a position to develop it myself, nor would that really suit my nefarious purposes. Thank you.

Re: SELinux system configuration using CIPSO

On 11/15/2016 10:14 AM, Stephen Smalley wrote: > On 11/15/2016 12:28 PM, Casey Schaufler wrote: >> I am looking for an SELinux configuration that uses CIPSO. >> Ideally, it would be based on a readily available distro, >> but I'm willing to perform semi-heroic acts

Re: SELinux system configuration using CIPSO

On 11/15/2016 10:43 AM, Stephen Smalley wrote: > On 11/15/2016 01:34 PM, Casey Schaufler wrote: >> On 11/15/2016 10:14 AM, Stephen Smalley wrote: >>> On 11/15/2016 12:28 PM, Casey Schaufler wrote: >>>> I am looking for an SELinux configuration that uses CIPSO. &

Re: SELinux system configuration using CIPSO

On 11/15/2016 2:36 PM, Harry Waddell wrote: > On Tue, 15 Nov 2016 13:43:28 -0500 > Stephen Smalley <s...@tycho.nsa.gov> wrote: > >> On 11/15/2016 01:34 PM, Casey Schaufler wrote: >>> On 11/15/2016 10:14 AM, Stephen Smalley wrote: >>>> On 11/15/2016 12:

Re: SELinux system configuration using CIPSO

On 11/15/2016 3:52 PM, Harry Waddell wrote: > On Tue, 15 Nov 2016 15:07:34 -0800 > Casey Schaufler <ca...@schaufler-ca.com> wrote: > >> On 11/15/2016 2:36 PM, Harry Waddell wrote: >>> On Tue, 15 Nov 2016 13:43:28 -0500 >>> Stephen Smalley <s...@tycho.nsa.

Re: [PATCH] mqueue: security xattr setting on inode creation

On 11/3/2016 11:11 AM, David Graziano wrote: > Adds generic xattr support by implementing initxattrs callback. > This enables setting of security attributes from LSM and EVM when > inode is created. Implementation based off tmpfs/shmem. This should go to the LSM

Re: [RFC PATCH 1/1] kernel: Add SELinux SCTP protocol support

On 12/14/2016 5:39 AM, Richard Haines wrote: > Add SELinux support for the SCTP protocol. The SELinux-sctp.txt document > describes how the patch has been implemented with an example policy and > tests using lkstcp-tools. Please separate the LSM support from the SELinux support into patches 1/2

Re: [PATCH] selinux: clean up cred usage and simplify

On 12/9/2016 1:21 PM, Stephen Smalley wrote: > SELinux was sometimes using the task "objective" credentials when > it could/should use the "subjective" credentials. This was sometimes > hidden by the fact that we were unnecessarily passing around pointers > to the current task, making it appear

Re: [PATCH] security,selinux,smack: kill security_task_wait hook

hu...@huawei.com> > Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov> Acked-by: Casey Schaufler <ca...@schaufler-ca.com> > --- > include/linux/lsm_hooks.h | 7 --- > include/linux/security.h | 6 -- > kernel/exit.c | 19 ++- &

Re: SELinux lead to soft lockup when pid 1 proceess reap child

On 1/9/2017 10:43 AM, Stephen Smalley wrote: > On Mon, 2017-01-09 at 19:29 +0100, Oleg Nesterov wrote: >> Seriously, could someone explain why do we need the >> security_task_wait() >> hook at all? > I would be ok with killing it. > IIRC, the original motivation was to block an unauthorized data

Re: [PATCH 2/2] proc,security: move restriction on writing /proc/pid/attr nodes to proc

On 12/20/2016 10:28 AM, Stephen Smalley wrote: > On Tue, 2016-12-20 at 10:17 -0800, Casey Schaufler wrote: >> On 12/20/2016 8:50 AM, Stephen Smalley wrote: >>> On Tue, 2016-12-20 at 17:39 +0100, José Bollo wrote: >>>> Le mardi 20 décembre 2016 à 11:14

Re: [PATCH 2/2] proc,security: move restriction on writing /proc/pid/attr nodes to proc

On 12/20/2016 11:35 AM, Stephen Smalley wrote: > On Tue, 2016-12-20 at 11:07 -0800, Casey Schaufler wrote: >> On 12/20/2016 10:28 AM, Stephen Smalley wrote: >>> On Tue, 2016-12-20 at 10:17 -0800, Casey Schaufler wrote: >>>> On 12/20/2016 8:50 AM, Stephen Smalley w

Re: [PATCH 2/2] proc,security: move restriction on writing /proc/pid/attr nodes to proc

On 12/20/2016 6:40 AM, José Bollo wrote: > Le lundi 19 décembre 2016 à 13:25 -0800, Casey Schaufler a écrit : > > snip >> A brief look at the existing modules leads me to believe that >> everyone ought to be happier if we moved the LSM task blob out >> of the cred struc

Re: [PATCH] selinux: fix double free in selinux_parse_opts_str()

gle module case will work in the multiple module case. I have also considered having each module register the options it supports with the system and having the basic mount code process all of the registered options. That would clean things up a bit, and make setup/teardown less prone to this

Re: [PATCH] selinux: add selinux_is_enforced() function

On 4/12/2017 9:33 AM, Stephen Smalley wrote: > On Wed, 2017-04-12 at 17:19 +0200, Sebastien Buisson wrote: >> 2017-04-12 15:58 GMT+02:00 Stephen Smalley : >>> Even your usage of selinux_is_enabled() looks suspect; that should >>> probably go away. Only other user of it seems

Re: isolate selinux_enforcing

On 3/9/2017 1:03 AM, yangshukui wrote: > I want to use SELinux in system container and only concern the function in > the container. > this system container run in vm and every vm has only one system container. > > How do I use now? > docker run ... system-contaier /sbin/init > after init is

Re: isolate selinux_enforcing

On 3/13/2017 12:06 AM, James Morris wrote: > On Thu, 9 Mar 2017, Eric W. Biederman wrote: > >> My expectation is that a container would run as essentially all one >> label from a global perspective. >> > Keep in mind that a different classes of objects may have distinct > labeling in SELinux.

Re: MLS directory label inheritance rules

On 4/7/2017 1:15 PM, Dennis Sherrell wrote: > > In a thread ending with Nick Kravelich's contact infirmation, it was written: > > " > If you write top secret data it should stay top secret even if you're writing > to a folder that is normally reserved for secret data, or perhaps mixed data. >

SELinux "filtering" capabilities?

I don't expect anyone else to have run into this as I am working with SELinux and Smack on the same machine at the same time. While there are a number of interactions that I can explain, I have one that is perplexing me. I assume something rational is going on, but I am having trouble tracking it

Re: [PATCH 1/3] selinux: Implement LSM notification system

On 4/26/2017 8:48 AM, Daniel Jurgens wrote: > On 4/26/2017 10:38 AM, Casey Schaufler wrote: >> On 4/26/2017 8:02 AM, Sebastien Buisson wrote: >>> From: Daniel Jurgens <dani...@mellanox.com> >>> >>> Add a generic notification mechanism in the LSM. Intere

Re: [PATCH 1/3] selinux: Implement LSM notification system

On 4/26/2017 8:02 AM, Sebastien Buisson wrote: > From: Daniel Jurgens > > Add a generic notification mechanism in the LSM. Interested consumers > can register a callback with the LSM and security modules can produce > events. Why is this a generic mechanism? Do you ever see

Re: [PATCH 1/3] selinux: Implement LSM notification system

On 4/26/2017 10:36 AM, Stephen Smalley wrote: > On Wed, 2017-04-26 at 08:38 -0700, Casey Schaufler wrote: >> On 4/26/2017 8:02 AM, Sebastien Buisson wrote: >>> From: Daniel Jurgens <dani...@mellanox.com> >>> >>> Add a generic notification mechanism in

Re: [PATCH v3 1/2] selinux: add brief info to policydb

On 5/11/2017 5:59 AM, Sebastien Buisson wrote: > Add policybrief field to struct policydb. It holds a brief info > of the policydb, in the following form: > <0 or 1 for enforce>:<0 or 1 for checkreqprot>:= > Policy brief is computed every time the policy is loaded, and when > enforce or

Re: [PATCH v3 1/2] selinux: add brief info to policydb

On 5/11/2017 1:22 PM, Stephen Smalley wrote: > On Thu, 2017-05-11 at 08:56 -0700, Casey Schaufler wrote: >> On 5/11/2017 5:59 AM, Sebastien Buisson wrote: >>> Add policybrief field to struct policydb. It holds a brief info >>> of the policydb, in the following form:

Re: [PATCH v2 1/2] selinux: add brief info to policydb

On 5/5/2017 3:10 AM, Sebastien Buisson wrote: > Add policybrief field to struct policydb. It holds a brief info > of the policydb, in the following form: > <0 or 1 for enforce>:<0 or 1 for checkreqprot>:= > Policy brief is computed every time the policy is loaded, and when > enforce or

Re: [RFC 09/10] selinux: add a selinuxfs interface to unshare selinux namespace

On 10/2/2017 8:58 AM, Stephen Smalley wrote: > Provide a userspace API to unshare the selinux namespace. > Currently implemented via a selinuxfs node. This could be > coupled with unsharing of other namespaces (e.g. mount namespace, > network namespace) that will always be needed or left

Re: [PATCH 1/2] security: Add a cred_getsecid hook

ing to do with it? > > Signed-off-by: Matthew Garrett <mj...@google.com> > Cc: Paul Moore <p...@paul-moore.com> > Cc: Stephen Smalley <s...@tycho.nsa.gov> > Cc: Eric Paris <epa...@parisplace.org> > Cc: selinux@tycho.nsa.gov > Cc: Casey Schaufler <ca...@schaufler

Re: [PATCH] usb, signal, security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill

On 9/8/2017 9:40 AM, Stephen Smalley wrote: > commit d178bc3a708f39cbfefc3fab37032d3f2511b4ec ("user namespace: usb: > make usb urbs user namespace aware (v2)") changed kill_pid_info_as_uid > to kill_pid_info_as_cred, saving and passing a cred structure instead of > uids. That's a change I've

Re: [PATCH] usb, signal, security: only pass the cred, not the secid, to kill_pid_info_as_cred and security_task_kill

Smack and AppArmor > have only been compile-tested. > > Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov> Smack tests seem ok with this. Acked-by: Casey Schaufler <ca...@schaufler-ca.com> > --- > drivers/usb/core/devio.c | 10 ++ > include/linux/lsm_hooks

Re: [RFC 09/10] selinux: add a selinuxfs interface to unshare selinux namespace

On 10/3/2017 5:29 AM, Stephen Smalley wrote: > On Mon, 2017-10-02 at 16:56 -0700, Casey Schaufler wrote: >> On 10/2/2017 8:58 AM, Stephen Smalley wrote: >>> Provide a userspace API to unshare the selinux namespace. >>> Currently implemented via a selinuxfs node

Re: Permissions for eBPF objects

Adding the LSM list to the thread. On 8/25/2017 11:01 AM, Jeffrey Vander Stoep via Selinux wrote: > I’d like to get your thoughts on adding LSM permission checks on BPF objects. Aside from the use of these objects requiring privilege, what sort of controls do you think might be reasonable? Who

Re: [PATCH] selinux: Fix bool initialization/comparison

On 10/7/2017 7:02 AM, Thomas Meyer wrote: > Bool initializations should use true and false. Bool tests don't need > comparisons. > > Signed-off-by: Thomas Meyer > --- > > diff -u -p a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c > --- a/security/selinux/ss/mls.c > +++

Re: [PATCH] selinux: Fix bool initialization/comparison

On 10/7/2017 7:02 AM, Thomas Meyer wrote: > Bool initializations should use true and false. Bool tests don't need > comparisons. > > Signed-off-by: Thomas Meyer > --- > > diff -u -p a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c > --- a/security/selinux/ss/mls.c > +++

Re: [PATCH 1/2] security: Add a cred_getsecid hook

le.com> > Cc: Paul Moore <p...@paul-moore.com> > Cc: Stephen Smalley <s...@tycho.nsa.gov> > Cc: Eric Paris <epa...@parisplace.org> > Cc: selinux@tycho.nsa.gov > Cc: Casey Schaufler <ca...@schaufler-ca.com> > Cc: linux-security-mod...@vger.kernel.org &g

Re: [kernel-hardening] [RFC PATCH 1/2] security, capabilities: create CAP_TRUSTED

On 10/21/2017 6:45 AM, Nicolas Belouin wrote: > with CAP_SYS_ADMIN being bloated, the usefulness of using it to > flag a process to be entrusted for e.g reading and writing trusted > xattr is near zero. > CAP_TRUSTED aims to provide userland with a way to mark a process as > entrusted to do

Re: [kernel-hardening] [RFC PATCH 1/2] security, capabilities: Add CAP_SYS_MOUNT

On 10/21/2017 11:41 AM, Nicolas Belouin wrote: > > On October 21, 2017 7:31:24 PM GMT+02:00, Casey Schaufler > <ca...@schaufler-ca.com> wrote: >> On 10/21/2017 6:43 AM, Nicolas Belouin wrote: >>> With CAP_SYS_ADMIN being bloated and inapropriate for actions s

Re: [kernel-hardening] [RFC PATCH 1/2] security, capabilities: Add CAP_SYS_MOUNT

On 10/21/2017 6:43 AM, Nicolas Belouin wrote: > With CAP_SYS_ADMIN being bloated and inapropriate for actions such > as mounting/unmounting filesystems, the creation of a new capability > is needed. > CAP_SYS_MOUNT is meant to give a process the ability to call for mount, > umount and umount2

Re: [BUG] kernel stack corruption during/after Netlabel error

On 11/30/2017 9:57 AM, Eric Dumazet wrote: > On Thu, 2017-11-30 at 10:30 -0700, David Ahern wrote: >> On 11/30/17 8:44 AM, David Ahern wrote: >>> On 11/30/17 3:50 AM, Eric Dumazet wrote: @@ -1631,24 +1659,6 @@ int tcp_v4_rcv(struct sk_buff *skb)     th = (const struct tcphdr

Re: [BUG] kernel stack corruption during/after Netlabel error

On 11/29/2017 2:26 AM, James Morris wrote: > I'm seeing a kernel stack corruption bug (detected via gcc) when running > the SELinux testsuite on a 4.15-rc1 kernel, in the 2nd inet_socket test: > > https://github.com/SELinuxProject/selinux-testsuite/blob/master/tests/inet_socket/test > > #

Re: [BUG] kernel stack corruption during/after Netlabel error

On 11/29/2017 4:31 PM, James Morris wrote: > On Wed, 29 Nov 2017, Casey Schaufler wrote: > >> I see that there is a proposed fix later in the thread, but I don't see >> the patch. Could you send it to me, so I can try it on my problem? > Forwarded off-list. The patch d

Re: [BUG] kernel stack corruption during/after Netlabel error

On 11/30/2017 2:50 AM, Eric Dumazet wrote: > On Wed, 2017-11-29 at 19:16 -0800, Casey Schaufler wrote: >> On 11/29/2017 4:31 PM, James Morris wrote: >>> On Wed, 29 Nov 2017, Casey Schaufler wrote: >>> >>>> I see that there is a proposed fix later in the thre

Re: [BUG]kernel softlockup due to sidtab_search_context run for long time because of too many sidtab context node

On 12/14/2017 8:42 AM, Stephen Smalley wrote: > On Thu, 2017-12-14 at 08:18 -0800, Casey Schaufler wrote: >> On 12/13/2017 7:18 AM, Stephen Smalley wrote: >>> On Wed, 2017-12-13 at 09:25 +, yangjihong wrote: >>>> Hello,  >>>> >>>>

Re: [BUG]kernel softlockup due to sidtab_search_context run for long time because of too many sidtab context node

On 12/13/2017 7:18 AM, Stephen Smalley wrote: > On Wed, 2017-12-13 at 09:25 +, yangjihong wrote: >> Hello,  >> >> I am doing stressing testing on 3.10 kernel(centos 7.4), to >> constantly starting numbers of docker ontainers with selinux enabled, >> and after about 2 days, the kernel

Re: [BUG]kernel softlockup due to sidtab_search_context run for long time because of too many sidtab context node

On 12/14/2017 9:15 AM, Stephen Smalley wrote: > On Thu, 2017-12-14 at 09:00 -0800, Casey Schaufler wrote: >> On 12/14/2017 8:42 AM, Stephen Smalley wrote: >>> On Thu, 2017-12-14 at 08:18 -0800, Casey Schaufler wrote: >>>> On 12/13/2017 7:18 AM, Stephen Smalley wrote:

Re: [RFC v0.1][PATCH] selinuxns: extend namespace support to security.selinux xattrs

On 10/30/2017 3:04 AM, James Morris wrote: > This is a proof-of-concept patch to demonstrate an approach to supporting > SELinux namespaces for security.selinux xattr labels. > > This follows on from the experimental SELinux namespace code posted by > Stephen:

Re: [PATCH v2 4/4] smack: provide socketpair callback

gt; Signed-off-by: David Herrmann <dh.herrm...@gmail.com> This doesn't look like it will cause any problems. I've only been able to test it in a general way. I haven't created specific tests, but it passes the usual Smack use cases. Acked-by: Casey Schaufler <ca...@schaufler-ca.com&

Re: [PATCH 10/23] LSM: Infrastructure management of the inode security

On 5/14/2018 8:04 AM, Stephen Smalley wrote: > On 05/10/2018 08:53 PM, Casey Schaufler wrote: >> From: Casey Schaufler <ca...@schaufler-ca.com> >> Date: Thu, 10 May 2018 14:23:27 -0700 >> Subject: [PATCH 10/23] LSM: Infrastructure management of the inode security >

Re: [PATCH 20/23] LSM: Move common usercopy into

On 5/14/2018 9:53 AM, Stephen Smalley wrote: > On 05/14/2018 11:12 AM, Stephen Smalley wrote: >> On 05/10/2018 08:55 PM, Casey Schaufler wrote: >>> From: Casey Schaufler <ca...@schaufler-ca.com> >>> Date: Thu, 10 May 2018 15:54:25 -0700 >>> Subjec

Re: Anyone using the SELinux test suite on Fedora 28?

create_no_t self (process (setexec))) allow at /var/lib/selinux/targeted/tmp/modules/400/test_policy/cil:2634 (allow test_create_d sysadm_t (process (sigchld))) I bet the reason it's doing this is obvious. Just not to me. > On Mon, May 14, 2018, 7:37 PM Casey Schaufler <

Anyone using the SELinux test suite on Fedora 28?

Has anyone had success with the SELinux test suite on Fedora 28? I find the chcon and newrole are unhappy with the contexts used in the suite.

[PATCH 03/23] SELinux: Abstract use of cred security blob

From: Casey Schaufler <ca...@schaufler-ca.com> Date: Thu, 10 May 2018 13:47:57 -0700 Subject: [PATCH 03/23] SELinux: Abstract use of cred security blob Don't use the cred->security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey

[PATCH 02/23] Smack: Abstract use of cred security blob

From: Casey Schaufler <ca...@schaufler-ca.com> Date: Thu, 10 May 2018 13:44:35 -0700 Subject: [PATCH 02/23] Smack: Abstract use of cred security blob Don't use the cred->security poiter directly. Provide a helper function that provides the security blob pointer. Signed-off-by: Casey

[PATCH 01/23] procfs: add smack subdir to attrs

From: Casey Schaufler <ca...@schaufler-ca.com> Date: Thu, 10 May 2018 13:26:52 -0700 Subject: [PATCH 01/23] procfs: add smack subdir to attrs Back in 2007 I made what turned out to be a rather serious mistake in the implementation of the Smack security module. The SELinux module used an int

[PATCH 06/23] LSM: Infrastructure management of the file security

From: Casey Schaufler <ca...@schaufler-ca.com> Date: Thu, 10 May 2018 14:04:35 -0700 Subject: [PATCH 06/23] LSM: Infrastructure management of the file security blob Move management of the file->f_security blob out of the individual security modules and into the infrastructure. Th

[PATCH 05/23] SELinux: Abstract use of file security blob

From: Casey Schaufler <ca...@schaufler-ca.com> Date: Thu, 10 May 2018 14:01:52 -0700 Subject: [PATCH 05/23] SELinux: Abstract use of file security blob Don't use the file->f_security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-

[PATCH 09/23] Smack: Abstract use of inode security blob

From: Casey Schaufler <ca...@schaufler-ca.com> Date: Thu, 10 May 2018 14:19:09 -0700 Subject: [PATCH 09/23] Smack: Abstract use of inode security blob Don't use the inode->i_security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-

[PATCH 08/23] SELinux: Abstract use of inode security blob

From: Casey Schaufler <ca...@schaufler-ca.com> Date: Thu, 10 May 2018 14:16:55 -0700 Subject: [PATCH 08/23] SELinux: Abstract use of inode security blob Don't use the inode->i_security pointer directly. Provide a helper function that provides the security blob pointer. Signed-off-

[PATCH 00/23] LSM: Full security module stacking

lly unless you add in Smack, in which case it fails where you would expect it to due to the different use models for netlabel. Smack tests work as well. AppArmor was tested by booting Ubuntu, but not beyond. Signed-off-by: Casey Schaufler <ca...@schaufler-ca.com> --- Documentation/admin-gui

[PATCH 07/23] LSM: Infrastructure management of the task security

From: Casey Schaufler <ca...@schaufler-ca.com> Date: Thu, 10 May 2018 14:08:37 -0700 Subject: [PATCH 07/23] LSM: Infrastructure management of the task security blob Move management of the task_struct->security blob out of the individual security modules and into the security infra

[PATCH 04/23] LSM: Infrastructure management of the cred security

From: Casey Schaufler <ca...@schaufler-ca.com> Date: Thu, 10 May 2018 13:53:07 -0700 Subject: [PATCH 04/23] LSM: Infrastructure management of the cred security blob Move management of the cred security blob out of the security modules and into the security infrastructre. Instead of allo

[PATCH 15/23] LSM: Mark security blob allocation failures as unlikely

From: Casey Schaufler <ca...@schaufler-ca.com> Date: Thu, 10 May 2018 14:33:57 -0700 Subject: [PATCH 15/23] LSM: Mark security blob allocation failures as unlikely The allocation of security blobs is unlikely to fail. Mark the checks thus for performance reasons. Signed-off-by: Casey Sch

[PATCH 13/23] LSM: Infrastructure management of the ipc security blob

From: Casey Schaufler <ca...@schaufler-ca.com> Date: Thu, 10 May 2018 14:30:15 -0700 Subject: [PATCH 13/23] LSM: Infrastructure management of the ipc security blob Move management of the kern_ipc_perm->security and msg_msg->security blobs out of the individual secu

  1   2   3   4   >