-by: Seth Forshee <seth.fors...@canonical.com>
Acked-by: Casey Schaufler <ca...@schaufler-ca.com>
---
security/smack/smack_lsm.c | 29 +++--
1 file changed, 19 insertions(+), 10 deletions(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack
paced labels and Smack namespaces but the behaviour of Smack
> should not be changed. The APIs are there, but they have no impact yet.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com>
> Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com>
Acked-by: Casey Schauf
Pawelczyk <l.pawelc...@samsung.com>
> Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com>
Acked-by: Casey Schaufler <ca...@schaufler-ca.com>
> ---
> security/smack/smack.h| 2 +
> security/smack/smack_access.c | 41
> securit
On 10/14/2015 5:42 AM, Lukasz Pawelczyk wrote:
> Adds Documentation/smack-namespace.txt.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com>
> Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com>
Acked-by: Casey Schaufler <ca...@schaufler-ca.com>
>
t; The capabilities (CAP_MAC_ADMIN, CAP_MAC_OVERRIDE) has been allowed in
> the namespace for few cases. Check the documentation for the details.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com>
> Reviewed-by: Casey Schaufler <ca...@schaufler-ca.com>
Acked-by: Casey Schaufler
e an access, even thought reading the smackfs/syslog
> returned the same result in both cases.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com>
> Acked-by: Serge Hallyn <serge.hal...@canonical.com>
Acked-by: Casey Schauf
by seq operations.
>
> See the documentation in the patch below for the details about how to
> use the hook.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com>
> Acked-by: Serge Hallyn <serge.hal...@canonical.com>
Acked-by: Casey Schaufler <ca...@
-by: Lukasz Pawelczyk <l.pawelc...@samsung.com>
> Acked-by: Serge Hallyn <serge.hal...@canonical.com>
Acked-by: Casey Schaufler <ca...@schaufler-ca.com>
> ---
> fs/proc/base.c | 2 +-
> include/linux/lsm_hooks.h | 18 --
> include/linu
ck namespace patches.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelc...@samsung.com>
> Acked-by: Serge Hallyn <serge.hal...@canonical.com>
Acked-by: Casey Schaufler <ca...@schaufler-ca.com>
> ---
> fs/xattr.c| 10 ++
> include/linux/lsm_ho
On 10/4/2015 12:19 PM, Andreas Gruenbacher wrote:
> Add a hook to invalidate an inode's security label when the cached
> information becomes invalid.
Where is this used? If I need to do the same for Smack
or any other module, how would I know that it works right?
>
> Implement the new hook in
On 9/16/2015 1:02 PM, Seth Forshee wrote:
> Security labels from unprivileged mounts cannot be trusted.
> Ideally for these mounts we would assign the objects in the
> filesystem the same label as the inode for the backing device
> passed to mount. Unfortunately it's currently impossible to
>
On 12/15/2015 8:55 AM, Stephen Smalley wrote:
> On 12/15/2015 11:06 AM, Casey Schaufler wrote:
>> On 12/15/2015 7:00 AM, Stephen Smalley wrote:
>>> On 12/14/2015 05:57 PM, Roberts, William C wrote:
>>>>
>>>>>>
>>>>>> If I understa
On 12/11/2015 2:14 PM, Stephen Smalley wrote:
> On 12/11/2015 02:55 PM, Paul Moore wrote:
>> On Fri, Dec 11, 2015 at 1:37 PM, Daniel Cashman wrote:
>>> Hello,
>>>
>>> I would like to write a patch that would expose, via selinuxfs, the
>>> mapping between secids in the kernel
ecurity context string for export to userspace that could be embedded
>>> in the binder transaction structure? This could avoid both the
>>> limitations of the current secid (e.g. limited to 32 bits, no
>>> stackability) and the overhead of copying context strings on
transaction structure? This could avoid both the
>> limitations of the current secid (e.g. limited to 32 bits, no
>> stackability) and the overhead of copying context strings on every IPC.
> On Friday, December 11, 2015 04:24:48 PM Casey Schaufler wrote:
>> How about this: Provide
On 12/11/2015 10:37 AM, Daniel Cashman wrote:
> Hello,
>
> I would like to write a patch that would expose, via selinuxfs, the
> mapping between secids in the kernel and security contexts to
> user-space, but before doing so wanted to get some feedback as to
> whether or not such an endeavor could
On 6/1/2016 1:06 PM, Stephen Smalley wrote:
> On 06/01/2016 03:27 PM, Casey Schaufler wrote:
>> Subject: [PATCH] LSM: Reorder security_capset to do access checks properly
>>
>> The security module hooks that check whether a process should
>> be able to set a new capset
adds cap_capset to the module list.
Instead, it is invoked directly by the LSM infrastructure.
This isn't an approach that generalizes well.
Signed-off-by: Casey Schaufler <ca...@schaufler-ca.com>
---
security/commoncap.c | 2 +-
security/security.c | 24 ++--
2 files c
On 6/1/2016 1:38 PM, Stephen Smalley wrote:
> On 06/01/2016 04:30 PM, Casey Schaufler wrote:
>> On 6/1/2016 1:06 PM, Stephen Smalley wrote:
>>> On 06/01/2016 03:27 PM, Casey Schaufler wrote:
>>>> Subject: [PATCH] LSM: Reorder security_capset to do access checks p
On 4/6/2016 4:33 PM, Dan Jurgens wrote:
> From: Daniel Jurgens
>
> Implement and attach hooks to allocate and free Infiniband QP and MAD
> agent security structures.
>
> Signed-off-by: Daniel Jurgens
> Reviewed-by: Eli Cohen
> ---
>
On 4/13/2016 4:57 AM, Paolo Abeni wrote:
> On Tue, 2016-04-12 at 06:57 -0700, Casey Schaufler wrote:
>> On 4/12/2016 1:52 AM, Paolo Abeni wrote:
>>> On Thu, 2016-04-07 at 14:55 -0400, Paul Moore wrote:
>>>> On Thursday, April 07, 2016 01:45:32 AM Florian Westphal wrot
On 4/15/2016 2:38 AM, Paolo Abeni wrote:
> On Thu, 2016-04-14 at 18:53 -0400, Paul Moore wrote:
>> On Tue, Apr 12, 2016 at 4:52 AM, Paolo Abeni wrote:
>>> Will be ok if we post a v2 version of this series, removing the hooks
>>> de-registration bits, but preserving the selinux
On 7/14/2016 9:00 AM, Javier Martinez Canillas wrote:
> The IS_ENABLED() macro checks if a Kconfig symbol has been enabled either
> built-in or as a module, use that macro instead of open coding the same.
Why?
>
> Signed-off-by: Javier Martinez Canillas
> ---
>
>
On 7/14/2016 9:20 AM, Javier Martinez Canillas wrote:
> Hello Casey,
>
> On 07/14/2016 12:17 PM, Casey Schaufler wrote:
>> On 7/14/2016 9:00 AM, Javier Martinez Canillas wrote:
>>> The IS_ENABLED() macro checks if a Kconfig symbol has been enabled either
>>> built-
On 7/14/2016 12:57 PM, Paul Moore wrote:
> On Thu, Jul 14, 2016 at 12:30 PM, Casey Schaufler
> <ca...@schaufler-ca.com> wrote:
>> On 7/14/2016 9:20 AM, Javier Martinez Canillas wrote:
>>> Hello Casey,
>>>
>>> On 07/14/2016 12:17 PM, Casey Schaufler wrot
On 7/15/2016 11:56 AM, Kees Cook wrote:
> On Fri, Jul 15, 2016 at 11:42 AM, John Stultz wrote:
>> On Fri, Jul 15, 2016 at 10:51 AM, Nick Kralevich wrote:
>>> On Fri, Jul 15, 2016 at 10:24 AM, John Stultz
>>> wrote:
+
On 7/1/2016 12:17 PM, Paul Moore wrote:
> On Fri, Jul 1, 2016 at 2:59 PM, Daniel Jurgens <dani...@mellanox.com> wrote:
>> On 7/1/2016 1:54 PM, Paul Moore wrote:
>>> On Thu, Jun 30, 2016 at 5:48 PM, Daniel Jurgens <dani...@mellanox.com>
>>> wrote:
>>&
On 6/30/2016 12:52 PM, Paul Moore wrote:
> On Thu, Jun 30, 2016 at 11:44 AM, Daniel Jurgens wrote:
>> On 6/30/2016 10:10 AM, Yuval Shaia wrote:
>>> On Thu, Jun 23, 2016 at 10:52:49PM +0300, Dan Jurgens wrote:
>>>
+static void (*ib_flush_callback)(void);
>>> Do we really
On 6/30/2016 1:42 PM, Paul Moore wrote:
> On Thu, Jun 23, 2016 at 3:52 PM, Dan Jurgens wrote:
>> From: Daniel Jurgens
>>
>> Implement and attach hooks to allocate and free Infiniband QP and MAD
>> agent security structures.
>>
>> Signed-off-by: Daniel
On 2/17/2017 7:05 AM, Tetsuo Handa wrote:
> Casey Schaufler wrote:
>> On 2/16/2017 3:00 AM, Tetsuo Handa wrote:
>>> Casey Schaufler wrote:
>>>> I can't say that I'm buying the value of the additional
>>>> complexity here. Sure, you're protecting part
On 2/15/2017 6:42 AM, Tetsuo Handa wrote:
> James Morris wrote:
>> On Tue, 14 Feb 2017, Tetsuo Handa wrote:
>>
diff --git a/security/Kconfig b/security/Kconfig
index 118f454..f6f90c4 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -31,6 +31,11 @@ config SECURITY
On 1/15/2017 7:15 AM, SF Markus Elfring wrote:
> From: Markus Elfring
> Date: Sat, 14 Jan 2017 18:29:20 +0100
>
> Adjust a jump target to avoid a check repetition at the end after a memory
> allocation failed for the local variable "newgenfs".
>
> Signed-off-by:
On 1/15/2017 7:04 AM, SF Markus Elfring wrote:
> From: Markus Elfring
> Date: Sat, 14 Jan 2017 13:40:25 +0100
>
> The local variable "rc" was reset with an error code up to five times
> before a memory allocation failure was detected.
>
> Add a jump target so that
On 1/17/2017 8:37 AM, SF Markus Elfring wrote:
>>> @@ -2015,7 +2015,7 @@ static int genfs_read(struct policydb *p, void *fp)
>>> newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
>>> if (!newgenfs) {
>>> rc = -ENOMEM;
>>> - goto out;
On 1/15/2017 7:45 AM, SF Markus Elfring wrote:
> From: Markus Elfring
> Date: Sun, 15 Jan 2017 13:45:45 +0100
>
> Add a jump target so that a bit of exception handling can be better reused
> at the end of this function.
>
> Signed-off-by: Markus Elfring
On 1/15/2017 7:21 AM, SF Markus Elfring wrote:
> From: Markus Elfring
> Date: Sat, 14 Jan 2017 20:20:15 +0100
>
> Adjust a jump target to avoid two calls of the function "kfree" at the end
> after a memory allocation failed for the local variable "rt".
>
>
I am looking for a way to dump the mapping of
a process context to its associated CIPSO representation.
I could hack a kernel to do this, but if there's an
obvious way to do it already I'd rather not.
Thank you.
___
Selinux mailing list
On 11/22/2016 1:42 PM, Paul Moore wrote:
> On Tue, Nov 22, 2016 at 12:32 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>> On 11/22/2016 11:44 AM, Richard Haines wrote:
>>> On Tue, 2016-11-15 at 09:28 -0800, Casey Schaufler wrote:
>>>> I am looking for an S
I am looking for an SELinux configuration that uses CIPSO.
Ideally, it would be based on a readily available distro,
but I'm willing to perform semi-heroic acts if I have too.
I'm not in a position to develop it myself, nor would that
really suit my nefarious purposes. Thank you.
On 11/15/2016 10:14 AM, Stephen Smalley wrote:
> On 11/15/2016 12:28 PM, Casey Schaufler wrote:
>> I am looking for an SELinux configuration that uses CIPSO.
>> Ideally, it would be based on a readily available distro,
>> but I'm willing to perform semi-heroic acts
On 11/15/2016 10:43 AM, Stephen Smalley wrote:
> On 11/15/2016 01:34 PM, Casey Schaufler wrote:
>> On 11/15/2016 10:14 AM, Stephen Smalley wrote:
>>> On 11/15/2016 12:28 PM, Casey Schaufler wrote:
>>>> I am looking for an SELinux configuration that uses CIPSO.
&
On 11/15/2016 2:36 PM, Harry Waddell wrote:
> On Tue, 15 Nov 2016 13:43:28 -0500
> Stephen Smalley <s...@tycho.nsa.gov> wrote:
>
>> On 11/15/2016 01:34 PM, Casey Schaufler wrote:
>>> On 11/15/2016 10:14 AM, Stephen Smalley wrote:
>>>> On 11/15/2016 12:
On 11/15/2016 3:52 PM, Harry Waddell wrote:
> On Tue, 15 Nov 2016 15:07:34 -0800
> Casey Schaufler <ca...@schaufler-ca.com> wrote:
>
>> On 11/15/2016 2:36 PM, Harry Waddell wrote:
>>> On Tue, 15 Nov 2016 13:43:28 -0500
>>> Stephen Smalley <s...@tycho.nsa.
On 11/3/2016 11:11 AM, David Graziano wrote:
> Adds generic xattr support by implementing initxattrs callback.
> This enables setting of security attributes from LSM and EVM when
> inode is created. Implementation based off tmpfs/shmem.
This should go to the LSM
On 12/14/2016 5:39 AM, Richard Haines wrote:
> Add SELinux support for the SCTP protocol. The SELinux-sctp.txt document
> describes how the patch has been implemented with an example policy and
> tests using lkstcp-tools.
Please separate the LSM support from the SELinux support
into patches 1/2
On 12/9/2016 1:21 PM, Stephen Smalley wrote:
> SELinux was sometimes using the task "objective" credentials when
> it could/should use the "subjective" credentials. This was sometimes
> hidden by the fact that we were unnecessarily passing around pointers
> to the current task, making it appear
hu...@huawei.com>
> Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov>
Acked-by: Casey Schaufler <ca...@schaufler-ca.com>
> ---
> include/linux/lsm_hooks.h | 7 ---
> include/linux/security.h | 6 --
> kernel/exit.c | 19 ++-
&
On 1/9/2017 10:43 AM, Stephen Smalley wrote:
> On Mon, 2017-01-09 at 19:29 +0100, Oleg Nesterov wrote:
>> Seriously, could someone explain why do we need the
>> security_task_wait()
>> hook at all?
> I would be ok with killing it.
> IIRC, the original motivation was to block an unauthorized data
On 12/20/2016 10:28 AM, Stephen Smalley wrote:
> On Tue, 2016-12-20 at 10:17 -0800, Casey Schaufler wrote:
>> On 12/20/2016 8:50 AM, Stephen Smalley wrote:
>>> On Tue, 2016-12-20 at 17:39 +0100, José Bollo wrote:
>>>> Le mardi 20 décembre 2016 à 11:14
On 12/20/2016 11:35 AM, Stephen Smalley wrote:
> On Tue, 2016-12-20 at 11:07 -0800, Casey Schaufler wrote:
>> On 12/20/2016 10:28 AM, Stephen Smalley wrote:
>>> On Tue, 2016-12-20 at 10:17 -0800, Casey Schaufler wrote:
>>>> On 12/20/2016 8:50 AM, Stephen Smalley w
On 12/20/2016 6:40 AM, José Bollo wrote:
> Le lundi 19 décembre 2016 à 13:25 -0800, Casey Schaufler a écrit :
>
> snip
>> A brief look at the existing modules leads me to believe that
>> everyone ought to be happier if we moved the LSM task blob out
>> of the cred struc
gle module case will work in the multiple module
case.
I have also considered having each module register the
options it supports with the system and having the basic
mount code process all of the registered options. That
would clean things up a bit, and make setup/teardown
less prone to this
On 4/12/2017 9:33 AM, Stephen Smalley wrote:
> On Wed, 2017-04-12 at 17:19 +0200, Sebastien Buisson wrote:
>> 2017-04-12 15:58 GMT+02:00 Stephen Smalley :
>>> Even your usage of selinux_is_enabled() looks suspect; that should
>>> probably go away. Only other user of it seems
On 3/9/2017 1:03 AM, yangshukui wrote:
> I want to use SELinux in system container and only concern the function in
> the container.
> this system container run in vm and every vm has only one system container.
>
> How do I use now?
> docker run ... system-contaier /sbin/init
> after init is
On 3/13/2017 12:06 AM, James Morris wrote:
> On Thu, 9 Mar 2017, Eric W. Biederman wrote:
>
>> My expectation is that a container would run as essentially all one
>> label from a global perspective.
>>
> Keep in mind that a different classes of objects may have distinct
> labeling in SELinux.
On 4/7/2017 1:15 PM, Dennis Sherrell wrote:
>
> In a thread ending with Nick Kravelich's contact infirmation, it was written:
>
> "
> If you write top secret data it should stay top secret even if you're writing
> to a folder that is normally reserved for secret data, or perhaps mixed data.
>
I don't expect anyone else to have run into this
as I am working with SELinux and Smack on the same
machine at the same time. While there are a number
of interactions that I can explain, I have one that
is perplexing me. I assume something rational is
going on, but I am having trouble tracking it
On 4/26/2017 8:48 AM, Daniel Jurgens wrote:
> On 4/26/2017 10:38 AM, Casey Schaufler wrote:
>> On 4/26/2017 8:02 AM, Sebastien Buisson wrote:
>>> From: Daniel Jurgens <dani...@mellanox.com>
>>>
>>> Add a generic notification mechanism in the LSM. Intere
On 4/26/2017 8:02 AM, Sebastien Buisson wrote:
> From: Daniel Jurgens
>
> Add a generic notification mechanism in the LSM. Interested consumers
> can register a callback with the LSM and security modules can produce
> events.
Why is this a generic mechanism? Do you ever see
On 4/26/2017 10:36 AM, Stephen Smalley wrote:
> On Wed, 2017-04-26 at 08:38 -0700, Casey Schaufler wrote:
>> On 4/26/2017 8:02 AM, Sebastien Buisson wrote:
>>> From: Daniel Jurgens <dani...@mellanox.com>
>>>
>>> Add a generic notification mechanism in
On 5/11/2017 5:59 AM, Sebastien Buisson wrote:
> Add policybrief field to struct policydb. It holds a brief info
> of the policydb, in the following form:
> <0 or 1 for enforce>:<0 or 1 for checkreqprot>:=
> Policy brief is computed every time the policy is loaded, and when
> enforce or
On 5/11/2017 1:22 PM, Stephen Smalley wrote:
> On Thu, 2017-05-11 at 08:56 -0700, Casey Schaufler wrote:
>> On 5/11/2017 5:59 AM, Sebastien Buisson wrote:
>>> Add policybrief field to struct policydb. It holds a brief info
>>> of the policydb, in the following form:
On 5/5/2017 3:10 AM, Sebastien Buisson wrote:
> Add policybrief field to struct policydb. It holds a brief info
> of the policydb, in the following form:
> <0 or 1 for enforce>:<0 or 1 for checkreqprot>:=
> Policy brief is computed every time the policy is loaded, and when
> enforce or
On 10/2/2017 8:58 AM, Stephen Smalley wrote:
> Provide a userspace API to unshare the selinux namespace.
> Currently implemented via a selinuxfs node. This could be
> coupled with unsharing of other namespaces (e.g. mount namespace,
> network namespace) that will always be needed or left
ing to do with it?
>
> Signed-off-by: Matthew Garrett <mj...@google.com>
> Cc: Paul Moore <p...@paul-moore.com>
> Cc: Stephen Smalley <s...@tycho.nsa.gov>
> Cc: Eric Paris <epa...@parisplace.org>
> Cc: selinux@tycho.nsa.gov
> Cc: Casey Schaufler <ca...@schaufler
On 9/8/2017 9:40 AM, Stephen Smalley wrote:
> commit d178bc3a708f39cbfefc3fab37032d3f2511b4ec ("user namespace: usb:
> make usb urbs user namespace aware (v2)") changed kill_pid_info_as_uid
> to kill_pid_info_as_cred, saving and passing a cred structure instead of
> uids.
That's a change I've
Smack and AppArmor
> have only been compile-tested.
>
> Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov>
Smack tests seem ok with this.
Acked-by: Casey Schaufler <ca...@schaufler-ca.com>
> ---
> drivers/usb/core/devio.c | 10 ++
> include/linux/lsm_hooks
On 10/3/2017 5:29 AM, Stephen Smalley wrote:
> On Mon, 2017-10-02 at 16:56 -0700, Casey Schaufler wrote:
>> On 10/2/2017 8:58 AM, Stephen Smalley wrote:
>>> Provide a userspace API to unshare the selinux namespace.
>>> Currently implemented via a selinuxfs node
Adding the LSM list to the thread.
On 8/25/2017 11:01 AM, Jeffrey Vander Stoep via Selinux wrote:
> I’d like to get your thoughts on adding LSM permission checks on BPF objects.
Aside from the use of these objects requiring privilege,
what sort of controls do you think might be reasonable?
Who
On 10/7/2017 7:02 AM, Thomas Meyer wrote:
> Bool initializations should use true and false. Bool tests don't need
> comparisons.
>
> Signed-off-by: Thomas Meyer
> ---
>
> diff -u -p a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
> --- a/security/selinux/ss/mls.c
> +++
On 10/7/2017 7:02 AM, Thomas Meyer wrote:
> Bool initializations should use true and false. Bool tests don't need
> comparisons.
>
> Signed-off-by: Thomas Meyer
> ---
>
> diff -u -p a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
> --- a/security/selinux/ss/mls.c
> +++
le.com>
> Cc: Paul Moore <p...@paul-moore.com>
> Cc: Stephen Smalley <s...@tycho.nsa.gov>
> Cc: Eric Paris <epa...@parisplace.org>
> Cc: selinux@tycho.nsa.gov
> Cc: Casey Schaufler <ca...@schaufler-ca.com>
> Cc: linux-security-mod...@vger.kernel.org
&g
On 10/21/2017 6:45 AM, Nicolas Belouin wrote:
> with CAP_SYS_ADMIN being bloated, the usefulness of using it to
> flag a process to be entrusted for e.g reading and writing trusted
> xattr is near zero.
> CAP_TRUSTED aims to provide userland with a way to mark a process as
> entrusted to do
On 10/21/2017 11:41 AM, Nicolas Belouin wrote:
>
> On October 21, 2017 7:31:24 PM GMT+02:00, Casey Schaufler
> <ca...@schaufler-ca.com> wrote:
>> On 10/21/2017 6:43 AM, Nicolas Belouin wrote:
>>> With CAP_SYS_ADMIN being bloated and inapropriate for actions s
On 10/21/2017 6:43 AM, Nicolas Belouin wrote:
> With CAP_SYS_ADMIN being bloated and inapropriate for actions such
> as mounting/unmounting filesystems, the creation of a new capability
> is needed.
> CAP_SYS_MOUNT is meant to give a process the ability to call for mount,
> umount and umount2
On 11/30/2017 9:57 AM, Eric Dumazet wrote:
> On Thu, 2017-11-30 at 10:30 -0700, David Ahern wrote:
>> On 11/30/17 8:44 AM, David Ahern wrote:
>>> On 11/30/17 3:50 AM, Eric Dumazet wrote:
@@ -1631,24 +1659,6 @@ int tcp_v4_rcv(struct sk_buff *skb)
th = (const struct tcphdr
On 11/29/2017 2:26 AM, James Morris wrote:
> I'm seeing a kernel stack corruption bug (detected via gcc) when running
> the SELinux testsuite on a 4.15-rc1 kernel, in the 2nd inet_socket test:
>
> https://github.com/SELinuxProject/selinux-testsuite/blob/master/tests/inet_socket/test
>
> #
On 11/29/2017 4:31 PM, James Morris wrote:
> On Wed, 29 Nov 2017, Casey Schaufler wrote:
>
>> I see that there is a proposed fix later in the thread, but I don't see
>> the patch. Could you send it to me, so I can try it on my problem?
> Forwarded off-list.
The patch d
On 11/30/2017 2:50 AM, Eric Dumazet wrote:
> On Wed, 2017-11-29 at 19:16 -0800, Casey Schaufler wrote:
>> On 11/29/2017 4:31 PM, James Morris wrote:
>>> On Wed, 29 Nov 2017, Casey Schaufler wrote:
>>>
>>>> I see that there is a proposed fix later in the thre
On 12/14/2017 8:42 AM, Stephen Smalley wrote:
> On Thu, 2017-12-14 at 08:18 -0800, Casey Schaufler wrote:
>> On 12/13/2017 7:18 AM, Stephen Smalley wrote:
>>> On Wed, 2017-12-13 at 09:25 +, yangjihong wrote:
>>>> Hello,
>>>>
>>>>
On 12/13/2017 7:18 AM, Stephen Smalley wrote:
> On Wed, 2017-12-13 at 09:25 +, yangjihong wrote:
>> Hello,
>>
>> I am doing stressing testing on 3.10 kernel(centos 7.4), to
>> constantly starting numbers of docker ontainers with selinux enabled,
>> and after about 2 days, the kernel
On 12/14/2017 9:15 AM, Stephen Smalley wrote:
> On Thu, 2017-12-14 at 09:00 -0800, Casey Schaufler wrote:
>> On 12/14/2017 8:42 AM, Stephen Smalley wrote:
>>> On Thu, 2017-12-14 at 08:18 -0800, Casey Schaufler wrote:
>>>> On 12/13/2017 7:18 AM, Stephen Smalley wrote:
On 10/30/2017 3:04 AM, James Morris wrote:
> This is a proof-of-concept patch to demonstrate an approach to supporting
> SELinux namespaces for security.selinux xattr labels.
>
> This follows on from the experimental SELinux namespace code posted by
> Stephen:
gt; Signed-off-by: David Herrmann <dh.herrm...@gmail.com>
This doesn't look like it will cause any problems.
I've only been able to test it in a general way. I
haven't created specific tests, but it passes the
usual Smack use cases.
Acked-by: Casey Schaufler <ca...@schaufler-ca.com&
On 5/14/2018 8:04 AM, Stephen Smalley wrote:
> On 05/10/2018 08:53 PM, Casey Schaufler wrote:
>> From: Casey Schaufler <ca...@schaufler-ca.com>
>> Date: Thu, 10 May 2018 14:23:27 -0700
>> Subject: [PATCH 10/23] LSM: Infrastructure management of the inode security
>
On 5/14/2018 9:53 AM, Stephen Smalley wrote:
> On 05/14/2018 11:12 AM, Stephen Smalley wrote:
>> On 05/10/2018 08:55 PM, Casey Schaufler wrote:
>>> From: Casey Schaufler <ca...@schaufler-ca.com>
>>> Date: Thu, 10 May 2018 15:54:25 -0700
>>> Subjec
create_no_t self (process (setexec)))
allow at /var/lib/selinux/targeted/tmp/modules/400/test_policy/cil:2634
(allow test_create_d sysadm_t (process (sigchld)))
I bet the reason it's doing this is obvious. Just not to me.
> On Mon, May 14, 2018, 7:37 PM Casey Schaufler <
Has anyone had success with the SELinux test suite on Fedora 28?
I find the chcon and newrole are unhappy with the contexts used
in the suite.
From: Casey Schaufler <ca...@schaufler-ca.com>
Date: Thu, 10 May 2018 13:47:57 -0700
Subject: [PATCH 03/23] SELinux: Abstract use of cred security blob
Don't use the cred->security pointer directly.
Provide a helper function that provides the security blob pointer.
Signed-off-by: Casey
From: Casey Schaufler <ca...@schaufler-ca.com>
Date: Thu, 10 May 2018 13:44:35 -0700
Subject: [PATCH 02/23] Smack: Abstract use of cred security blob
Don't use the cred->security poiter directly.
Provide a helper function that provides the security blob pointer.
Signed-off-by: Casey
From: Casey Schaufler <ca...@schaufler-ca.com>
Date: Thu, 10 May 2018 13:26:52 -0700
Subject: [PATCH 01/23] procfs: add smack subdir to attrs
Back in 2007 I made what turned out to be a rather serious
mistake in the implementation of the Smack security module.
The SELinux module used an int
From: Casey Schaufler <ca...@schaufler-ca.com>
Date: Thu, 10 May 2018 14:04:35 -0700
Subject: [PATCH 06/23] LSM: Infrastructure management of the file security
blob
Move management of the file->f_security blob out of the
individual security modules and into the infrastructure.
Th
From: Casey Schaufler <ca...@schaufler-ca.com>
Date: Thu, 10 May 2018 14:01:52 -0700
Subject: [PATCH 05/23] SELinux: Abstract use of file security blob
Don't use the file->f_security pointer directly.
Provide a helper function that provides the security blob pointer.
Signed-off-
From: Casey Schaufler <ca...@schaufler-ca.com>
Date: Thu, 10 May 2018 14:19:09 -0700
Subject: [PATCH 09/23] Smack: Abstract use of inode security blob
Don't use the inode->i_security pointer directly.
Provide a helper function that provides the security blob pointer.
Signed-off-
From: Casey Schaufler <ca...@schaufler-ca.com>
Date: Thu, 10 May 2018 14:16:55 -0700
Subject: [PATCH 08/23] SELinux: Abstract use of inode security blob
Don't use the inode->i_security pointer directly.
Provide a helper function that provides the security blob pointer.
Signed-off-
lly unless
you add in Smack, in which case it fails where you would
expect it to due to the different use models for netlabel.
Smack tests work as well. AppArmor was tested by booting
Ubuntu, but not beyond.
Signed-off-by: Casey Schaufler <ca...@schaufler-ca.com>
---
Documentation/admin-gui
From: Casey Schaufler <ca...@schaufler-ca.com>
Date: Thu, 10 May 2018 14:08:37 -0700
Subject: [PATCH 07/23] LSM: Infrastructure management of the task security
blob
Move management of the task_struct->security blob out
of the individual security modules and into the security
infra
From: Casey Schaufler <ca...@schaufler-ca.com>
Date: Thu, 10 May 2018 13:53:07 -0700
Subject: [PATCH 04/23] LSM: Infrastructure management of the cred security
blob
Move management of the cred security blob out of the
security modules and into the security infrastructre.
Instead of allo
From: Casey Schaufler <ca...@schaufler-ca.com>
Date: Thu, 10 May 2018 14:33:57 -0700
Subject: [PATCH 15/23] LSM: Mark security blob allocation failures as unlikely
The allocation of security blobs is unlikely to fail.
Mark the checks thus for performance reasons.
Signed-off-by: Casey Sch
From: Casey Schaufler <ca...@schaufler-ca.com>
Date: Thu, 10 May 2018 14:30:15 -0700
Subject: [PATCH 13/23] LSM: Infrastructure management of the ipc security blob
Move management of the kern_ipc_perm->security and
msg_msg->security blobs out of the individual secu
1 - 100 of 321 matches
Mail list logo