On Sat, Apr 12, 2025 at 9:58 AM Blaise Boscaccy
wrote:
> Alexei Starovoitov writes:
> > On Fri, Apr 4, 2025 at 2:56 PM Blaise Boscaccy
> > wrote:
...
> > Above are serious layering violations.
> > LSMs should not be looking that deep into bpf instructions.
>
> These aren't BPF internals; this
On Apr 4, 2025 Blaise Boscaccy wrote:
>
> This adds the Hornet Linux Security Module which provides signature
> verification of eBPF programs. This allows users to continue to
> maintain an invariant that all code running inside of the kernel has
> been signed.
>
> The primary target for signat
On Fri, Apr 11, 2025 at 5:07 AM Roberto Sassu
wrote:
> On Thu, 2025-04-10 at 17:24 +, ser...@kernel.org wrote:
> > On Thu, Apr 10, 2025 at 01:47:07PM +0200, Roberto Sassu wrote:
> > > Hi everyone
> > >
> > > recently I discovered a problem in the implementation of our IMA
> > > bprm_check hook
On Fri, Apr 11, 2025 at 3:20 PM Micah Morton wrote:
>
> Acked-by: Micah Morton
Thanks Micah!
--
paul-moore.com
On Thu, Apr 10, 2025 at 1:30 PM Casey Schaufler wrote:
> On 4/9/2025 11:50 AM, Paul Moore wrote:
> > As the LSM framework only supports one LSM initcall callback for each
> > initcall type, the init_smk_fs() and smack_nf_ip_init() functions were
> > wrapped with a new fun
On Mar 5, 2025 Richard Guy Briggs wrote:
>
> When no audit rules are in place, AUDIT_ANOM_{LINK,CREAT} events
> reported in audit_log_path_denied() are unconditionally dropped due to
> an explicit check for the existence of any audit rules. Given this is a
> report of a security violation, allo
On Mar 17, 2025 Richard Guy Briggs wrote:
>
> The move of the module sanity check to earlier skipped the audit logging
> call in the case of failure and to a place where the previously used
> context is unavailable.
>
> Add an audit logging call for the module loading failure case and get
> the
On Mar 17, 2025 Richard Guy Briggs wrote:
>
> The move of the module sanity check to earlier skipped the audit logging
> call in the case of failure and to a place where the previously used
> context is unavailable.
>
> Add an audit logging call for the module loading failure case and get
> the
On Mar 5, 2025 Richard Guy Briggs wrote:
>
> When no audit rules are in place, AUDIT_ANOM_{LINK,CREAT} events
> reported in audit_log_path_denied() are unconditionally dropped due to
> an explicit check for the existence of any audit rules. Given this is a
> report of a security violation, allo
On Mar 5, 2025 Richard Guy Briggs wrote:
>
> When no audit rules are in place, fanotify event results are
> unconditionally dropped due to an explicit check for the existence of
> any audit rules. Given this is a report from another security
> sub-system, allow it to be recorded regardless of t
On Mar 5, 2025 Richard Guy Briggs wrote:
>
> When no audit rules are in place, fanotify event results are
> unconditionally dropped due to an explicit check for the existence of
> any audit rules. Given this is a report from another security
> sub-system, allow it to be recorded regardless of t
On Thu, Mar 20, 2025 at 6:02 PM Paul Moore wrote:
> On Mar 13, 2025 Andy Shevchenko wrote:
> >
> > audit_log_vformat() is using printf() type of format, and GCC compiler
> > (Debian 14.2.0-17) is not happy about this:
> >
> > kernel/audit.c:1978:9: error: functi
On Thu, Apr 10, 2025 at 12:33 PM Stephen Smalley
wrote:
> On Wed, Apr 9, 2025 at 2:55 PM Paul Moore wrote:
> >
> > SELinux currently has a number of initcalls so we've created a new
> > function, selinux_initcall(), which wraps all of these initcalls so
> >
On Thu, Apr 10, 2025 at 10:15 PM Kees Cook wrote:
> On Thu, Apr 10, 2025 at 06:47:12PM -0400, Paul Moore wrote:
> > On Wed, Apr 9, 2025 at 7:13 PM Kees Cook wrote:
> > > Better yet, do this whole thing in a initcall after LSMs are loaded, and
> > > both can gain _
On Thu, Apr 10, 2025 at 10:16 PM Kees Cook wrote:
>
> On Thu, Apr 10, 2025 at 09:15:47PM -0400, Paul Moore wrote:
> > On Wed, Apr 9, 2025 at 7:39 PM Kees Cook wrote:
> > > On Wed, Apr 09, 2025 at 02:50:03PM -0400, Paul Moore wrote:
> > > > Signed-off-by: Paul Moo
On Wed, Apr 9, 2025 at 7:42 PM Kees Cook wrote:
> On Wed, Apr 09, 2025 at 02:50:05PM -0400, Paul Moore wrote:
> > As the LSM framework only supports one LSM initcall callback for each
> > initcall type, the init_smk_fs() and smack_nf_ip_init() functions were
> > wrappe
On Thu, Apr 10, 2025 at 10:13 AM Casey Schaufler wrote:
> On 4/9/2025 11:49 AM, Paul Moore wrote:
...
> General comments:
>
> Adjacent patches with no more commit message than "cleanup" should
> be combined, as that message is telling me "these aren't the cha
On Thu, Apr 10, 2025 at 9:50 PM Paul Moore wrote:
> On Wed, Apr 9, 2025 at 8:11 PM Kees Cook wrote:
> > On Wed, Apr 09, 2025 at 02:49:54PM -0400, Paul Moore wrote:
...
> > The simple renamings looks fine, but would be nicer if they got split
> > out.
>
> I can look
On Thu, Apr 10, 2025 at 9:50 PM Paul Moore wrote:
> On Wed, Apr 9, 2025 at 8:11 PM Kees Cook wrote:
> > On Wed, Apr 09, 2025 at 02:49:54PM -0400, Paul Moore wrote:
...
> > > -/* Append an LSM to the list of ordered LSMs to initialize. */
> > > -static int last_ls
On Wed, Apr 9, 2025 at 8:11 PM Kees Cook wrote:
> On Wed, Apr 09, 2025 at 02:49:54PM -0400, Paul Moore wrote:
> > One part of a larger effort to cleanup the LSM framework initialization
> > code.
> >
> > Signed-off-by: Paul Moore
> > ---
> > secur
On Wed, Apr 9, 2025 at 7:52 PM Kees Cook wrote:
> On Wed, Apr 09, 2025 at 02:50:12PM -0400, Paul Moore wrote:
> > The LSM framework itself registers a small number of initcalls, this
> > patch converts these initcalls into the new initcall mechanism.
> >
> >
On Wed, Apr 9, 2025 at 7:39 PM Kees Cook wrote:
> On Wed, Apr 09, 2025 at 02:50:03PM -0400, Paul Moore wrote:
> > Signed-off-by: Paul Moore
>
> Reviewed-by: Kees Cook
Do you mind if I convert this into an Acked-by? Generally speaking I
put more weight behind a Reviewed-by tag,
On Wed, Apr 9, 2025 at 7:13 PM Kees Cook wrote:
>
> On Wed, Apr 09, 2025 at 02:49:53PM -0400, Paul Moore wrote:
> > The LSM currently has a lot of code to maintain a list of the
> > currently active LSMs in a human readable string, with the only
> > user being the "/
On Wed, Apr 9, 2025 at 7:06 PM Kees Cook wrote:
> On Wed, Apr 09, 2025 at 02:49:52PM -0400, Paul Moore wrote:
...
> > diff --git a/security/lsm_init.c b/security/lsm_init.c
> > index edf2f4140eaa..981ddb20f48e 100644
> > --- a/security/lsm_init.c
> > +++ b/security/ls
On Wed, Apr 9, 2025 at 5:38 PM Casey Schaufler wrote:
> On 4/9/2025 11:49 AM, Paul Moore wrote:
> > Move the LSM count and lsm_id list declarations out of a header that is
> > visible across the kernel and into a header that is limited to the LSM
> > framework. This no
On Wed, Apr 9, 2025 at 5:16 PM Kees Cook wrote:
> On Wed, Apr 09, 2025 at 02:50:02PM -0400, Paul Moore wrote:
> > Currently the individual LSMs register their own initcalls, and while
> > this should be harmless, it can be wasteful in the case where a LSM
> > is disabled at
code which populates
the lsm_idlist[] array and moving it into the normal LSM startup code
where the LSM list is parsed and the individual LSMs are enabled,
making for a cleaner implementation with less overhead at boot.
Signed-off-by: Paul Moore
---
include/linux/lsm_hooks.h | 2 +-
sec
On Wed, Apr 9, 2025 at 5:38 PM Kees Cook wrote:
>
> On Wed, Apr 09, 2025 at 02:49:49PM -0400, Paul Moore wrote:
> > One part of a larger effort to cleanup the LSM framework initialization
> > code.
>
> Again, needs a better commit log.
See my previous comments as well as
On Wed, Apr 9, 2025 at 5:30 PM Kees Cook wrote:
> On Wed, Apr 09, 2025 at 02:49:48PM -0400, Paul Moore wrote:
> > One part of a larger effort to cleanup the LSM framework initialization
> > code.
>
> This commit log needs improvement. i.e. explain what and why:
Yeah, it
On Tue, Apr 8, 2025 at 7:25 AM Shivank Garg wrote:
>
> KVM guest_memfd is implementing its own inodes to store metadata for
> backing memory using a custom filesystem. This requires the ability to
> initialize anonymous inode using security_inode_init_security_anon().
>
> As guest_memfd currently
One part of a larger effort to cleanup the LSM framework initialization
code.
Signed-off-by: Paul Moore
---
security/lsm_init.c | 94 +
1 file changed, 36 insertions(+), 58 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index
SELinux currently has a number of initcalls so we've created a new
function, selinux_initcall(), which wraps all of these initcalls so
that we have a single initcall function that can be registered with the
LSM framework.
Signed-off-by: Paul Moore
---
security/selinux/Makefile
Signed-off-by: Paul Moore
---
security/apparmor/apparmorfs.c | 4 +---
security/apparmor/crypto.c | 4 +---
security/apparmor/include/apparmorfs.h | 2 ++
security/apparmor/include/crypto.h | 1 +
security/apparmor/lsm.c| 9 -
5 files changed, 13
Add two new variables, lsm_count_prop_subj and lsm_count_prop_obj, to
count the number of lsm_prop entries for subjects and objects across all
of the enabled LSMs. Future patches will use this to continue the
conversion towards the lsm_prop struct.
Signed-off-by: Paul Moore
---
include/linux
Add a new LSM notifier event, LSM_STARTED_ALL, which is fired once at
boot when all of the LSMs have been started.
Signed-off-by: Paul Moore
---
include/linux/security.h | 1 +
security/lsm_init.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/include/linux/security.h b/include
The LSM framework itself registers a small number of initcalls, this
patch converts these initcalls into the new initcall mechanism.
Signed-off-by: Paul Moore
---
security/inode.c| 3 +--
security/lsm.h | 4
security/lsm_init.c | 14 --
security/min_addr.c | 5
ns as initcalls for each LSM and including code in each
registered initcall to ensure it only executes once.
Signed-off-by: Paul Moore
---
security/integrity/Makefile | 2 +-
security/integrity/evm/evm_main.c | 7 +-
security/integrity/iint.c
Signed-off-by: Paul Moore
---
security/ipe/fs.c | 4 +---
security/ipe/ipe.c | 1 +
security/ipe/ipe.h | 2 ++
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/security/ipe/fs.c b/security/ipe/fs.c
index 5b6d19fb844a..e4437c70ed3d 100644
--- a/security/ipe/fs.c
+++ b/security/ipe
Signed-off-by: Paul Moore
---
security/loadpin/loadpin.c | 15 ---
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c
index b9ddf05c5c16..273ffbd6defe 100644
--- a/security/loadpin/loadpin.c
+++ b/security/loadpin
As the LSM framework only supports one LSM initcall callback for each
initcall type, the init_smk_fs() and smack_nf_ip_init() functions were
wrapped with a new function, smack_initcall() that is registered with
the LSM framework.
Signed-off-by: Paul Moore
---
security/smack/smack.h
One part of a larger effort to cleanup the LSM framework initialization
code.
Signed-off-by: Paul Moore
---
security/lsm.h | 11
security/lsm_init.c | 121 +++-
security/security.c | 2 +
3 files changed, 66 insertions(+), 68 deletions
One part of a larger effort to cleanup the LSM framework initialization
code.
Signed-off-by: Paul Moore
---
security/lsm_init.c | 211 ++--
1 file changed, 106 insertions(+), 105 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index
One part of a larger effort to cleanup the LSM framework initialization
code.
Signed-off-by: Paul Moore
---
security/lsm_init.c | 24 ++--
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 9bb4b4fc9888
One part of a larger effort to cleanup the LSM framework initialization
code.
Signed-off-by: Paul Moore
---
security/inode.c| 9 ++--
security/lsm_init.c | 110
2 files changed, 63 insertions(+), 56 deletions(-)
diff --git a/security/inode.c b
/kernel/security/lsm".
Signed-off-by: Paul Moore
---
include/linux/lsm_hooks.h | 1 -
security/inode.c | 27 +++--
security/lsm_init.c | 49 ---
3 files changed, 25 insertions(+), 52 deletions(-)
diff --git a/include/linux/ls
This will display all of the LSMs built into the kernel, regardless
of if they are enabled or not.
Signed-off-by: Paul Moore
---
security/lsm_init.c | 19 ++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index
M framework, so please suggest some code that
would allow us to do that for IMA/EVM.
--
Paul Moore (29):
lsm: split the notifier code out into lsm_notifier.c
lsm: split the init code out into lsm_init.c
lsm: simplify prepare_lsm() and rename to lsm_prep_single()
l
, lsm_active_cnt was renamed to lsm_count for the sake
of brevity.
Signed-off-by: Paul Moore
---
include/linux/security.h | 2 --
security/lsm.h | 5 +
security/lsm_init.c | 8 +---
security/lsm_syscalls.c | 8 +---
security/security.c | 3 +++
5 files changed, 14 insertions
Continue to pull code out of security/security.c to help improve
readability by pulling all of the LSM framework initialization
code out into a new file.
No code changes.
Signed-off-by: Paul Moore
---
include/linux/lsm_hooks.h | 3 +-
security/Makefile | 2 +-
security/lsm.h
In an effort to decompose security/security.c somewhat to make it less
twisted and unwieldy, pull out the LSM notifier code into a new file
as it is fairly well self-contained.
No code changes.
Signed-off-by: Paul Moore
---
security/Makefile | 2 +-
security/lsm_notifier.c | 31
Signed-off-by: Paul Moore
---
security/lockdown/lockdown.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 4813f168ff93..8d46886d2cca 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown
will convert the existing LSMs over to
this new mechanism.
Only initcall types which are used by the current in-tree LSMs are
supported, additional initcall types can easily be added in the future
if needed.
Signed-off-by: Paul Moore
---
include/linux/lsm_hooks.h | 33 ---
security
Signed-off-by: Paul Moore
---
security/safesetid/lsm.c| 1 +
security/safesetid/lsm.h| 2 ++
security/safesetid/securityfs.c | 3 +--
3 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c
index 9a7c68d4e642
One part of a larger effort to cleanup the LSM framework initialization
code.
Signed-off-by: Paul Moore
---
security/lsm_init.c | 156
1 file changed, 72 insertions(+), 84 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index
Signed-off-by: Paul Moore
---
security/lsm_init.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 55b3fa82db76..04b1f5e760b1 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -313,6 +313,10 @@ static void __init
Convert the lsm_blob_size fields to unsigned integers as there is no
current need for them to be negative, change "lsm_set_blob_size()" to
"lsm_blob_size_update()" to better reflect reality, and perform some
other minor cleanups to the associated code.
Signed-off-by: Paul
Signed-off-by: Paul Moore
---
security/tomoyo/common.h| 2 ++
security/tomoyo/securityfs_if.c | 4 +---
security/tomoyo/tomoyo.c| 1 +
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 0e8e2e959aef
One part of a larger effort to cleanup the LSM framework initialization
code.
Signed-off-by: Paul Moore
---
security/lsm_init.c | 88 +
1 file changed, 49 insertions(+), 39 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index
One part of a larger effort to cleanup the LSM framework initialization
code.
Signed-off-by: Paul Moore
---
security/lsm_init.c | 103 ++--
1 file changed, 43 insertions(+), 60 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index
On Fri, Mar 21, 2025 at 5:21 PM Eric Snowberg wrote:
> > On Mar 21, 2025, at 12:57 PM, Paul Moore wrote:
> ...
> > , but I will note that I don't recall you offering to step
> > up and maintain Lockdown anywhere in this thread.
>
> I didn't realize that try
On Fri, Mar 21, 2025 at 12:37 PM Eric Snowberg wrote:
> > On Mar 20, 2025, at 3:36 PM, Paul Moore wrote:
> > On Thu, Mar 20, 2025 at 12:29 PM Eric Snowberg
> > wrote:
> >>> On Mar 6, 2025, at 7:46 PM, Paul Moore wrote:
> >>> On March 6, 2
On Mar 21, 2025 Andrey Albershteyn wrote:
>
> Introduce new hooks for setting and getting filesystem extended
> attributes on inode (FS_IOC_FSGETXATTR).
>
> Cc: seli...@vger.kernel.org
> Cc: Paul Moore
>
> Signed-off-by: Andrey Albershteyn
> ---
> fs/i
On Fri, Mar 21, 2025 at 1:22 PM Jarkko Sakkinen wrote:
> On Thu, Mar 20, 2025 at 05:36:41PM -0400, Paul Moore wrote:
...
> > I want to address two things, the first, and most important, is that
> > while I am currently employed by Microsoft, I do not speak for
> > Micros
On Fri, Mar 21, 2025 at 12:46 PM Blaise Boscaccy
wrote:
>
> This adds the Hornet Linux Security Module which provides signature
> verification of eBPF programs.
>
> Hornet uses a similar signature verification scheme similar to that of
> kernel modules. A pkcs#7 signature is appended to the end of
On Mar 13, 2025 Andy Shevchenko wrote:
>
> audit_log_vformat() is using printf() type of format, and GCC compiler
> (Debian 14.2.0-17) is not happy about this:
>
> kernel/audit.c:1978:9: error: function ‘audit_log_vformat’ might be a
> candidate for ‘gnu_printf’ format attribute [-Werror=sugges
Just a quick FYI that there are no plans to send an audit pull request
to Linus for the Linux v6.15 merge window as there are no patches
currently in the audit/dev queue.
However, there are a few patches currently on the list which should be
candidates for v6.16 merge window assuming they pass rev
On Sat, Mar 22, 2025 at 1:22 PM Jarkko Sakkinen wrote:
> On Fri, Mar 21, 2025 at 09:45:02AM -0700, Blaise Boscaccy wrote:
> > This patch series introduces the Hornet LSM.
> >
> > Hornet takes a simple approach to light-skeleton-based eBPF signature
>
> Can you define "light-skeleton-based" before
On Sat, Mar 22, 2025 at 4:44 PM Paul Moore wrote:
>
> On Sat, Mar 22, 2025 at 1:22 PM Jarkko Sakkinen wrote:
> > On Fri, Mar 21, 2025 at 09:45:02AM -0700, Blaise Boscaccy wrote:
> > > This patch series introduces the Hornet LSM.
> > >
> > > Hornet takes a
On March 21, 2025 6:56:53 PM Eric Snowberg wrote:
On Mar 21, 2025, at 4:13 PM, Paul Moore wrote:
On Fri, Mar 21, 2025 at 5:21 PM Eric Snowberg wrote:
On Mar 21, 2025, at 12:57 PM, Paul Moore wrote:
...
, but I will note that I don't recall you offering to step
up and maintain Loc
On Fri, Mar 21, 2025 at 12:45 PM Blaise Boscaccy
wrote:
>
> This patch series introduces the Hornet LSM.
>
> Hornet takes a simple approach to light-skeleton-based eBPF signature
> verification. Signature data can be easily generated for the binary
> data that is generated via bpftool gen -L. This
On Thu, Mar 20, 2025 at 12:29 PM Eric Snowberg wrote:
> > On Mar 6, 2025, at 7:46 PM, Paul Moore wrote:
> > On March 6, 2025 5:29:36 PM Eric Snowberg wrote:
...
> >> Does this mean Microsoft will begin signing shims in the future without
> >> the lockdown req
On Mon, Mar 17, 2025 at 4:59 PM Fan Wu wrote:
> On Thu, Mar 13, 2025 at 2:51 PM Jasjiv Singh
> wrote:
> >
> > Users of IPE require a way to identify when and why an operation fails,
> > allowing them to both respond to violations of policy and be notified
> > of potentially malicious actions on t
On Thu, Mar 13, 2025 at 4:50 AM Christian Brauner wrote:
> On Wed, Mar 12, 2025 at 09:37:14PM +, Al Viro wrote:
> > On Wed, Mar 12, 2025 at 02:21:41PM -0700, Ryan Lee wrote:
> > > Currently, opening O_PATH file descriptors completely bypasses the LSM
> > > infrastructure. Invoking the LSM file
On March 12, 2025 7:51:36 PM Paul Moore wrote:
On Mar 7, 2025 Casey Schaufler wrote:
...
diff --git a/include/linux/security.h b/include/linux/security.h
index 540894695c4b..79a9bf4a7cdd 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -168,6 +168,7 @@ struct
On Mar 7, 2025 Casey Schaufler wrote:
>
> Add a parameter lsmid to security_lsmblob_to_secctx() to identify which
> of the security modules that may be active should provide the security
> context. If the value of lsmid is LSM_ID_UNDEF the first LSM providing
> a hook is used. security_secid_to_
On Mar 7, 2025 Casey Schaufler wrote:
>
> Replace the timestamp and serial number pair used in audit records
> with a structure containing the two elements.
>
> Signed-off-by: Casey Schaufler
> ---
> kernel/audit.c | 17 +
> kernel/audit.h | 13 +
> kernel/audi
On Mar 7, 2025 Casey Schaufler wrote:
>
> Create a new audit record AUDIT_MAC_OBJ_CONTEXTS.
> An example of the MAC_OBJ_CONTEXTS (1424) record is:
>
> type=MAC_OBJ_CONTEXTS[1424]
> msg=audit(1601152467.009:1050):
> obj_selinux=unconfined_u:object_r:user_home_t:s0
>
> When an audit
On Mar 7, 2025 Casey Schaufler wrote:
>
> Refactor audit_log_task_context(), creating a new
> audit_log_subject_context(). This is used in netlabel auditing
> to provide multiple subject security contexts as necessary.
>
> Signed-off-by: Casey Schaufler
> ---
> include/linux/audit.h|
On Mar 7, 2025 Casey Schaufler wrote:
>
> Create a new audit record AUDIT_MAC_TASK_CONTEXTS.
> An example of the MAC_TASK_CONTEXTS (1423) record is:
>
> type=MAC_TASK_CONTEXTS[1423]
> msg=audit(1600880931.832:113)
> subj_apparmor=unconfined
> subj_smack=_
>
> When an audit even
> with the event. At audit_log_end() time create auxiliary
> records (none are currently defined) as have been added
> to the list. Functions are created to manage the skb list
> in the audit_buffer.
>
> Suggested-by: Paul Moore
> Signed-off-by: Casey
On Wed, Mar 12, 2025 at 4:02 PM Andy Shevchenko
wrote:
>
> audit_log_vformat() is using printf() type of format, and compiler
> is not happy about this:
>
> kernel/audit.c:1978:9: error: function ‘audit_log_vformat’ might be a
> candidate for ‘gnu_printf’ format attribute [-Werror=suggest-attribu
ay be called from the kernel.
>
> Signed-off-by: Blaise Boscaccy
> Acked-by: Song Liu
> Acked-by: Paul Moore
> ---
> include/linux/lsm_hook_defs.h | 6 +++---
> include/linux/security.h | 12 ++--
> kernel/bpf/sysca
On Mar 7, 2025 Jasjiv Singh wrote:
>
> Users of IPE require a way to identify when and why an operation fails,
> allowing them to both respond to violations of policy and be notified
> of potentially malicious actions on their systems with respect to IPE.
>
> This patch introduces a new error f
On March 6, 2025 5:29:36 PM Eric Snowberg wrote:
On Mar 5, 2025, at 6:12 PM, Paul Moore wrote:
On Wed, Mar 5, 2025 at 4:30 PM Eric Snowberg wrote:
On Mar 4, 2025, at 5:23 PM, Paul Moore wrote:
On Tue, Mar 4, 2025 at 9:47 AM Eric Snowberg wrote:
On Mar 3, 2025, at 3:40 PM, Paul Moore
On Wed, Mar 5, 2025 at 4:30 PM Eric Snowberg wrote:
> > On Mar 4, 2025, at 5:23 PM, Paul Moore wrote:
> > On Tue, Mar 4, 2025 at 9:47 AM Eric Snowberg
> > wrote:
> >>> On Mar 3, 2025, at 3:40 PM, Paul Moore wrote:
> >>> On Fri, Feb 28, 2025 at 12:52
On Tue, Mar 4, 2025 at 5:25 PM Jarkko Sakkinen wrote:
> On Mon, Mar 03, 2025 at 05:40:54PM -0500, Paul Moore wrote:
> > On Fri, Feb 28, 2025 at 12:52 PM Eric Snowberg
> > wrote:
> > > > On Feb 28, 2025, at 9:14 AM, Paul Moore wrote:
> > > > On Fri, Fe
On Tue, Mar 4, 2025 at 9:20 PM Mimi Zohar wrote:
> On Tue, 2025-03-04 at 21:09 -0500, Paul Moore wrote:
> > On Tue, Mar 4, 2025 at 8:50 PM Mimi Zohar wrote:
> > > On Tue, 2025-03-04 at 19:19 -0500, Paul Moore wrote:
> > > > On Tue, Mar 4, 2025 at 7:54 AM Mimi Zohar
On Tue, Mar 4, 2025 at 8:50 PM Mimi Zohar wrote:
> On Tue, 2025-03-04 at 19:19 -0500, Paul Moore wrote:
> > On Tue, Mar 4, 2025 at 7:54 AM Mimi Zohar wrote:
> > > On Mon, 2025-03-03 at 17:38 -0500, Paul Moore wrote:
> > > > On Fri, Feb 28, 2025 at 12:19 PM Mimi
On Tue, Mar 4, 2025 at 9:47 AM Eric Snowberg wrote:
> > On Mar 3, 2025, at 3:40 PM, Paul Moore wrote:
> > On Fri, Feb 28, 2025 at 12:52 PM Eric Snowberg
> > wrote:
> >>> On Feb 28, 2025, at 9:14 AM, Paul Moore wrote:
> >>> On Fri, Feb 28, 2025 at 9:09
On Tue, Mar 4, 2025 at 7:54 AM Mimi Zohar wrote:
> On Mon, 2025-03-03 at 17:38 -0500, Paul Moore wrote:
> > On Fri, Feb 28, 2025 at 12:19 PM Mimi Zohar wrote:
> > > On Fri, 2025-02-28 at 11:14 -0500, Paul Moore wrote:
> > > > On Fri, Feb 28, 2025 at 9:09 AM Mimi
On Fri, Feb 28, 2025 at 12:52 PM Eric Snowberg wrote:
> > On Feb 28, 2025, at 9:14 AM, Paul Moore wrote:
> > On Fri, Feb 28, 2025 at 9:09 AM Mimi Zohar wrote:
> >> On Thu, 2025-02-27 at 17:22 -0500, Paul Moore wrote:
> >>>
> >>> I'd still als
On Fri, Feb 28, 2025 at 12:19 PM Mimi Zohar wrote:
> On Fri, 2025-02-28 at 11:14 -0500, Paul Moore wrote:
> > On Fri, Feb 28, 2025 at 9:09 AM Mimi Zohar wrote:
> > > On Thu, 2025-02-27 at 17:22 -0500, Paul Moore wrote:
...
> Ok, let's go through different scenario
On Fri, Feb 28, 2025 at 9:09 AM Mimi Zohar wrote:
> On Thu, 2025-02-27 at 17:22 -0500, Paul Moore wrote:
> >
> > I'd still also like to see some discussion about moving towards the
> > addition of keyrings oriented towards usage instead of limiting
> > ourselves
On Thu, Feb 27, 2025 at 3:41 PM Mimi Zohar wrote:
> On Mon, 2025-01-06 at 17:15 +, Eric Snowberg wrote:
> > > On Jan 5, 2025, at 8:40 PM, Paul Moore wrote:
> > > On Fri, Jan 3, 2025 at 11:48 PM Paul Moore wrote:
> > > >
> > > > Regardless, b
On Tue, Jan 14, 2025 at 10:20 PM Paul Moore wrote:
> On Tue, Jan 14, 2025 at 11:16 AM Arulpandiyan Vadivel
> wrote:
> >
> > Updated the MODULE_COMPRESS_NONE with MODULE_COMPRESS as it was no longer
> > available from kernel modules.
> >
> > Fixes: c7ff693f
On Tue, Feb 18, 2025 at 2:21 PM Mickaël Salaün wrote:
>
> Are there guidance about __GFP_NOWARN for audit or other subsystems?
Unfortunately I'm not aware of anything, and I too would be very
interested in learning if there was some solid guidance around the GFP
flags as the comment block in gfp_
On Dec 23, 2024 Luo Gengkun wrote:
>
> It seems that the attr parameter was never been used in security
> checks since it was first introduced by:
>
> commit da97e18458fb ("perf_event: Add support for LSM and SELinux checks")
>
> so remove it.
>
> Signed-off-by: Luo Gengkun
> Reviewed-by: Ing
On Mon, Feb 24, 2025 at 11:00 AM Andrey Albershteyn wrote:
> On 2025-02-21 16:08:33, Mickaël Salaün wrote:
> > It looks security checks are missing. With IOCTL commands, file
> > permissions are checked at open time, but with these syscalls the path
> > is only resolved but no specific access see
On Fri, Feb 21, 2025 at 10:08 AM Mickaël Salaün wrote:
>
> It looks security checks are missing. With IOCTL commands, file
> permissions are checked at open time, but with these syscalls the path
> is only resolved but no specific access seems to be checked (except
> inode_owner_or_capable via vf
ged. This makes it possible for log parsers to free
> potential resources when a domain ID will never show again.
>
> The number of denied access requests is useful to easily check how many
> access requests a domain blocked and potentially if some of them are
> missing in logs bec
1 - 100 of 1293 matches
Mail list logo
