On Mon, Sep 18, 2023 at 7:20 AM Han-Wen Nienhuys wrote:
> Hi there,
>
> I'm troubleshooting a performance problem in FUSE filesystems. At
> $DAYJOB, we have a number of FUSE file systems used for development
> (eg. serving source code), and we have an auditd configuration so the
> security team ca
On Fri, Sep 22, 2023 at 9:53 PM Phil Sutter wrote:
>
> When working on locking for reset commands, some audit log calls had to
> be adjusted as well. This series deals with the "fallout" from adding
> tests for the changed log calls, dealing with the uncovered issues and
> adding more tests.
>
> P
On Fri, Sep 22, 2023 at 11:28 AM Chris Riches wrote:
>
> When auditd_set sets the auditd_conn pointer, audit messages can
> immediately be put on the socket by other kernel threads. If the backlog
> is large or the rate is high, this can immediately fill the socket
> buffer. If the audit daemon re
+++---
> .../testing/selftests/netfilter/nft_audit.sh | 20 +
> 2 files changed, 48 insertions(+), 16 deletions(-)
Thanks for working on this Phil, it looks good to me from an audit perspective.
Acked-by: Paul Moore (Audit)
--
paul-moore.com
off-by: Phil Sutter
> ---
> net/netfilter/nf_tables_api.c | 51 ++-
> .../testing/selftests/netfilter/nft_audit.sh | 46 +
> 2 files changed, 74 insertions(+), 23 deletions(-)
Thanks Phil.
Acked-by: Paul Moore (Audit)
--
paul-moore.com
On Sat, Oct 7, 2023 at 9:11 AM Jens Axboe wrote:
> On 10/6/23 8:32 PM, Jens Axboe wrote:
> > On 10/6/23 2:09 PM, Dan Clash wrote:
...
> > I'm not fully aware of what audit is doing with struct filename outside
> > of needing it for the audit log. Rather than impose the atomic
> > references for
On Fri, Sep 22, 2023 at 11:28 AM Chris Riches wrote:
>
> When auditd_set sets the auditd_conn pointer, audit messages can
> immediately be put on the socket by other kernel threads. If the backlog
> is large or the rate is high, this can immediately fill the socket
> buffer. If the audit daemon re
On Fri, Oct 13, 2023 at 10:21 AM Jens Axboe wrote:
> On 10/13/23 2:24 AM, Christian Brauner wrote:
> > On Thu, Oct 12, 2023 at 02:55:18PM -0700, Dan Clash wrote:
> >> An io_uring openat operation can update an audit reference count
> >> from multiple threads resulting in the call trace below.
> >>
nning to do, but you didn't mention it here.
Regardless, as I mentioned in my last email (I think our last emails
raced a bit), I'm okay with this change, please add my ACK.
Acked-by: Paul Moore
> Applied to the vfs.misc branch of the vfs/vfs.git tree.
> Patches in the vfs.misc br
On Fri, Oct 13, 2023 at 12:00 PM Jens Axboe wrote:
> On 10/13/23 9:56 AM, Paul Moore wrote:
> > * You didn't mention if you've marked this for stable or if you're
> > going to send this up to Linus now or wait for the merge window. At a
> > minimum this should
On Fri, Oct 13, 2023 at 12:22 PM Christian Brauner wrote:
>
> On Fri, Oct 13, 2023 at 11:56:08AM -0400, Paul Moore wrote:
> > On Fri, Oct 13, 2023 at 11:44 AM Christian Brauner
> > wrote:
> > >
> > > On Thu, 12 Oct 2023 14:55:18 -0700, Dan Clash wrote:
>
On Mon, Oct 16, 2023 at 1:12 PM Chris Riches wrote:
>
Thanks for trimming the email in your reply, however, it is helpful to
preserve those "On Mon, Oct ..." headers for those emails which you
include in your reply, it helps keep things straight when reading the
email. Not a big deal, just somet
On Tue, Oct 17, 2023 at 9:49 AM Chris Riches wrote:
> On 16/10/2023 21:16, Paul Moore wrote:
> >> While typing it out manually, I noticed that
> >> the condition for sending the ACK isn't correct - if NLM_F_ACK is 0 to
> >> begin with, then ack will be fals
ix exe_file access in audit_exe_compare")
Reported-by: Andreas Steinmetz
Signed-off-by: Paul Moore
---
kernel/audit_watch.c | 14 +-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 65075f1e4ac8..fa3e6ea0e58c 100
Updating Mateusz's email.
On Wed, Oct 18, 2023 at 6:20 PM Paul Moore wrote:
>
> The get_task_exe_file() function locks the given task with task_lock()
> which when used inside audit_exe_compare() can cause deadlocks on
> systems that generate audit records when the task_lock()
On Wed, Oct 18, 2023 at 8:22 PM Mateusz Guzik wrote:
> On 10/19/23, Paul Moore wrote:
> >> The get_task_exe_file() function locks the given task with task_lock()
> >> which when used inside audit_exe_compare() can cause deadlocks on
> >> systems that generate au
On Wed, Oct 18, 2023 at 10:14 PM Mateusz Guzik wrote:
> On 10/19/23, Paul Moore wrote:
> > On Wed, Oct 18, 2023 at 8:22 PM Mateusz Guzik wrote:
> >> On 10/19/23, Paul Moore wrote:
> >> >> The get_task_exe_file() function locks the given task with task_lock
On Thu, Oct 19, 2023 at 10:52 AM Mateusz Guzik wrote:
> On 10/19/23, Paul Moore wrote:
> > Thinking about it a bit more this morning, I think we can safely
> > ignore the non-@current case in audit_exe_compare() as the whole point
> > of the audit exe filter is to record the
On Thu, Oct 19, 2023 at 12:56 PM Mateusz Guzik wrote:
> On 10/19/23, Paul Moore wrote:
> > On Thu, Oct 19, 2023 at 10:52 AM Mateusz Guzik wrote:
> >> On 10/19/23, Paul Moore wrote:
> >> > Thinking about it a bit more this morning, I think we can safely
> >
On Oct 4, 2023 Fan Wu wrote:
>
> IPE's interpretation of the what the user trusts is accomplished through
> its policy. IPE's design is to not provide support for a single trust
> provider, but to support multiple providers to enable the end-user to
> choose the best one to seek their needs.
>
On Oct 4, 2023 Fan Wu wrote:
>
> IPE must have a centralized function to evaluate incoming callers
> against IPE's policy. This iteration of the policy for against the rules
> for that specific caller is known as the evaluation loop.
>
> Signed-off-by: Deven Bowers
> Signed-off-by: Fan Wu
> -
On Oct 4, 2023 Fan Wu wrote:
>
> IPE is designed to provide system level trust guarantees, this usually
> implies that trust starts from bootup with a hardware root of trust,
> which validates the bootloader. After this, the bootloader verifies the
> kernel and the initramfs.
>
> As there's no
On Oct 4, 2023 Fan Wu wrote:
>
> IPE's initial goal is to control both execution and the loading of
> kernel modules based on the system's definition of trust. It
> accomplishes this by plugging into the security hooks for
> bprm_check_security, file_mprotect, mmap_file, kernel_load_data,
> and
On Oct 4, 2023 Fan Wu wrote:
>
> IPE, like SELinux, supports a permissive mode. This mode allows policy
> authors to test and evaluate IPE policy without it effecting their
> programs. When the mode is changed, a 1404 AUDIT_MAC_STATUS
> be reported.
>
> This patch adds the following audit recor
On Oct 4, 2023 Fan Wu wrote:
>
> The device-mapper has a flag to mark targets as singleton, which is a
> required flag for immutable targets. Without this flag, multiple
> dm-verity targets can be added to a mapped device, which has no
> practical use cases and will let dm_table_get_immutable_ta
On Oct 4, 2023 Fan Wu wrote:
>
> Users of IPE require a way to identify when and why an operation fails,
> allowing them to both respond to violations of policy and be notified
> of potentially malicious actions on their systems with respect to IPE
> itself.
>
> This patch introduces 3 new audi
On Oct 4, 2023 Fan Wu wrote:
>
> This patch adds a target finalize hook.
>
> The hook is triggered just before activating an inactive table of a
> mapped device. If it returns an error the __bind get cancelled.
>
> The dm-verity target will use this hook to attach the dm-verity's
> roothash me
On Oct 4, 2023 Fan Wu wrote:
>
> Allows author of IPE policy to indicate trust for a singular dm-verity
> volume, identified by roothash, through "dmverity_roothash" and all
> signed dm-verity volumes, through "dmverity_signature".
>
> Signed-off-by: Deven Bowers
> Signed-off-by: Fan Wu
> ---
On Oct 4, 2023 Fan Wu wrote:
>
> fsverity represents a mechanism to support both integrity and
> authenticity protection of a file, supporting both signed and unsigned
> digests.
>
> An LSM which controls access to a resource based on authenticity and
> integrity of said resource, can then use
On Oct 4, 2023 Fan Wu wrote:
>
> dm-verity provides a strong guarantee of a block device's integrity. As
> a generic way to check the integrity of a block device, it provides
> those integrity guarantees to its higher layers, including the filesystem
> level.
>
> An LSM that control access to a
On Oct 4, 2023 Fan Wu wrote:
>
> Enable IPE policy authors to indicate trust for a singular fsverity
> file, identified by the digest information, through "fsverity_digest"
> and all files using fsverity's builtin signatures via
> "fsverity_signature".
>
> This enables file-level integrity clai
On Oct 4, 2023 Fan Wu wrote:
>
> Add various happy/unhappy unit tests for both IPE's parser.
I'm going to suggest: "... for IPE's policy parser."
Also, aside from the policy parser tests, are there any other IPE
functional tests? We do have a testing guideline for new LSM
submissions:
"New
On Oct 4, 2023 Fan Wu wrote:
>
> Enables an IPE policy to be enforced from kernel start, enabling access
> control based on trust from kernel startup. This is accomplished by
> transforming an IPE policy indicated by CONFIG_IPE_BOOT_POLICY into a
> c-string literal that is parsed at kernel start
On Sat, Oct 21, 2023 at 9:51 AM Mateusz Guzik wrote:
> On 10/19/23, Paul Moore wrote:
> > On Thu, Oct 19, 2023 at 12:56 PM Mateusz Guzik wrote:
> >> On 10/19/23, Paul Moore wrote:
> >> > On Thu, Oct 19, 2023 at 10:52 AM Mateusz Guzik
> >> > wro
ve to worry about filtering the currently
executing task in audit_exe_compare() we can do away with the
task_lock() and call get_mm_exe_file() with @current->mm directly.
Cc:
Fixes: 5efc244346f9 ("audit: fix exe_file access in audit_exe_compare")
Reported-by: Andreas Steinmetz
Signed-
On Tue, Oct 24, 2023 at 12:47 PM John Johansen
wrote:
> On 10/24/23 09:14, Paul Moore wrote:
> > The get_task_exe_file() function locks the given task with task_lock()
> > which when used inside audit_exe_compare() can cause deadlocks on
> > systems that generate audit recor
-by: John Johansen
Signed-off-by: Paul Moore
---
- v3
* added a !current->mm check
- v2
* dropped mmget()/mmput()
- v1
* initial revision
---
kernel/audit_watch.c | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 65075
On Tue, Oct 24, 2023 at 2:39 PM Paul Moore wrote:
>
> The get_task_exe_file() function locks the given task with task_lock()
> which when used inside audit_exe_compare() can cause deadlocks on
> systems that generate audit records when the task_lock() is held. We
> resolve this p
ird it took this long for it to surface.
Yeah, I thought the same thing. Regardless, thanks for taking the
time to review the fix.
> On 10/24/23, Paul Moore wrote:
> > On Tue, Oct 24, 2023 at 2:39 PM Paul Moore wrote:
> >>
> >> The get_task_exe_file() function loc
Hello all,
As of today I'm making some changes to the LSM, SELinux, and audit
kernel git repositories to make it easier to get changes into
linux-next and to provide a more formal approach to dealing with
significant changes that may need some time in a "staging" branch
before inclusion into a mai
On Wed, Oct 25, 2023 at 9:25 PM Bagas Sanjaya wrote:
> On Wed, Oct 25, 2023 at 05:11:51PM -0400, Paul Moore wrote:
> > stable-X.Y branch
> >
> > The stable-X.Y branch is intended for stable kernel patches and is based on
> > Linus' X.Y-rc1 tag, or a later X.
On Tue, Oct 24, 2023 at 2:39 PM Paul Moore wrote:
>
> The get_task_exe_file() function locks the given task with task_lock()
> which when used inside audit_exe_compare() can cause deadlocks on
> systems that generate audit records when the task_lock() is held. We
> resolve this p
On Wed, Oct 25, 2023 at 6:46 PM Fan Wu wrote:
> On 10/23/2023 8:52 PM, Paul Moore wrote:
> > On Oct 4, 2023 Fan Wu wrote:
> >>
> >> IPE's interpretation of the what the user trusts is accomplished through
> >> its policy. IPE's design is to not pr
On Thu, Oct 26, 2023 at 5:33 PM Fan Wu wrote:
> On 10/23/2023 8:52 PM, Paul Moore wrote:
> > On Oct 4, 2023 Fan Wu wrote:
> >>
> >> IPE is designed to provide system level trust guarantees, this usually
> >> implies that trust starts from bootup with
-0400)
audit/stable-6.7 PR 20231030
Kees Cook (1):
audit: Annotate struct audit_chunk with __counted_by
Paul Moore (1):
audit: don't take task_lock() in audit_exe_compare() code path
kernel/audit_tree.c | 2
On Wed, Nov 1, 2023 at 5:59 AM Chris Riches wrote:
>
> Hi Paul,
>
> Is there any update on the review of the v2 patch?
Hi Chris,
I apologize for the delay, this is in my review queue, there is simply
a lot going on at the moment and I haven't been able to make as much
progress as I would like.
On Mon, Oct 23, 2023 at 11:52 PM Paul Moore wrote:
> On Oct 4, 2023 Fan Wu wrote:
> >
> > fsverity represents a mechanism to support both integrity and
> > authenticity protection of a file, supporting both signed and unsigned
> > digests.
> >
> > An
On Mon, Oct 23, 2023 at 11:52 PM Paul Moore wrote:
> On Oct 4, 2023 Fan Wu wrote:
> >
> > The device-mapper has a flag to mark targets as singleton, which is a
> > required flag for immutable targets. Without this flag, multiple
> > dm-verity targets can be added to
On Mon, Oct 23, 2023 at 11:52 PM Paul Moore wrote:
> On Oct 4, 2023 Fan Wu wrote:
> >
> > This patch adds a target finalize hook.
> >
> > The hook is triggered just before activating an inactive table of a
> > mapped device. If it returns an error the __bind get
On Mon, Oct 23, 2023 at 11:52 PM Paul Moore wrote:
>
> On Oct 4, 2023 Fan Wu wrote:
> >
> > dm-verity provides a strong guarantee of a block device's integrity. As
> > a generic way to check the integrity of a block device, it provides
> > those integr
On Wed, Nov 1, 2023 at 10:54 PM Eric Biggers wrote:
> On Wed, Nov 01, 2023 at 08:40:06PM -0400, Paul Moore wrote:
> > On Mon, Oct 23, 2023 at 11:52 PM Paul Moore wrote:
> > > On Oct 4, 2023 Fan Wu wrote:
> > > >
> > > > fsverity represents
On Thu, Nov 2, 2023 at 6:46 PM Fan Wu wrote:
> On 10/26/2023 3:12 PM, Paul Moore wrote:
> > On Thu, Oct 26, 2023 at 5:33 PM Fan Wu wrote:
> >> On 10/23/2023 8:52 PM, Paul Moore wrote:
> >>> On Oct 4, 2023 Fan Wu wrote:
> >>>>
> >>>&
On Fri, Nov 3, 2023 at 6:15 PM Paul Moore wrote:
> On Thu, Nov 2, 2023 at 6:46 PM Fan Wu wrote:
> > On 10/26/2023 3:12 PM, Paul Moore wrote:
> > > On Thu, Oct 26, 2023 at 5:33 PM Fan Wu wrote:
> > >> On 10/23/2023 8:52 PM, Paul Moore wrote:
> &g
On Oct 18, 2023 Paul Moore wrote:
>
> When auditd_set sets the auditd_conn pointer, audit messages can
> immediately be put on the socket by other kernel threads. If the backlog
> is large or the rate is high, this can immediately fill the socket
> buffer. If the audit daemon r
On Tue, Nov 7, 2023 at 6:31 PM Paul Moore wrote:
> On Oct 18, 2023 Paul Moore wrote:
> >
> > When auditd_set sets the auditd_conn pointer, audit messages can
> > immediately be put on the socket by other kernel threads. If the backlog
> > is large or the rate is high
On Tue, Nov 14, 2023 at 5:33 AM Mateusz Guzik wrote:
> On 11/14/23, Artem Savkov wrote:
> > On Tue, Oct 24, 2023 at 07:59:18PM +0200, Mateusz Guzik wrote:
> >> For the thread to start executing ->mm has to be set.
> >>
> >> Although I do find it plausible there maybe a corner case during
> >> ker
results in some scary console messages so let's
drop that and just do the regular `!current->mm` check to avoid
problems.
Cc:
Fixes: 47846d51348d ("audit: don't take task_lock() in audit_exe_compare() code
path")
Reported-by: Artem Savkov
Signed-off-by: Paul Moore
---
k
On Tue, Nov 14, 2023 at 5:32 PM Mateusz Guzik wrote:
> On 11/14/23, Paul Moore wrote:
> > On Tue, Nov 14, 2023 at 5:33 AM Mateusz Guzik wrote:
> >> On 11/14/23, Artem Savkov wrote:
> >> > On Tue, Oct 24, 2023 at 07:59:18PM +0200, Mateusz Guzik wrote:
rendering the Markdown.
* Update the source tree's git URI to use https.
* Aside from changes to the audit code itself, we also would like to
be notified when the audit call sites are changed so we are adding an
audit_XXX(...) regex to try and catch all of the callers.
Signed-off
On Wed, Nov 15, 2023 at 12:25 PM Paul Moore wrote:
>
> Bring the audit subsystem entry up to date with the following changes:
>
> * Add our patchwork link. I'm not sure this is of much use for
> anyone but the maintainer, but there is a provision for including it
> h
t->mm) in audit_exe_compare()
(2023-11-14 17:34:27 -0500)
audit/stable-6.7 PR 20231116
----
Paul Moore (1):
audit: don't WARN_ON_ONCE(!current->mm) in a
as he's the capabilities
maintainer, but with my LSM hat on this looks okay, and is pretty
trivial anyway.
Acked-by: Paul Moore (Audit,LSM)
--
paul-moore.com
> 2 files changed, 1 insertion(+), 136 deletions(-)
Once again, you should get Serge's ACK on the commoncap.c stuff, but
no objections from a LSM perspective.
Acked-by: Paul Moore (LSM)
--
paul-moore.com
as to indicate that they require a vfsuid_t parameter. At least the
call to __vfsuid_val() should flag a type mismatch if some other type
is used. Regardless, that is more of a general VFS issue and not a
problem specific to this patchset.
With the same understanding about the capabilities code
On Tue, Dec 12, 2023 at 5:29 AM Håkon Bugge wrote:
>
> For the most time-consuming function, when running a syscall benchmark
> with STIG compliant audit rules:
>
> Overhead Command Shared Object Symbol
> . .
>
> 2
On Tue, Dec 12, 2023 at 5:29 AM Håkon Bugge wrote:
>
> We allocate struct audit_entry using kzalloc() which aligns the
> structure at its natural boundary and so uses the kmalloc-512
> SLAB.
>
> That means that the lower order 9 bits are equal for these allocations.
> Which on architectures with l
On Sat, Dec 16, 2023 at 11:25 AM Haakon Bugge wrote:
> > On 14 Dec 2023, at 00:54, Paul Moore wrote:
> >
> > Two things:
> >
> > 1. If we are going to create a kmem_cache pool we shouldn't create it
> > here, it should be in its own audit_filter
On Sat, Dec 16, 2023 at 11:28 AM Haakon Bugge wrote:
> > On 14 Dec 2023, at 00:45, Paul Moore wrote:
> > On Tue, Dec 12, 2023 at 5:29 AM Håkon Bugge wrote:
> >>
> >> For the most time-consuming function, when running a syscall benchmark
> >> with STIG com
On Fri, Dec 15, 2023 at 1:00 PM Alexei Starovoitov
wrote:
> On Fri, Dec 15, 2023 at 9:47 AM Dave Tucker wrote:
> >
> > Current output from auditd is as follows:
> >
> > time->Wed Dec 13 21:39:24 2023
> > type=BPF msg=audit(1702503564.519:11241): prog-id=439 op=LOAD
> >
> > This only tells you tha
On Tue, Dec 19, 2023 at 4:07 PM Ankur Arora wrote:
> Paul Moore writes:
> > On Sat, Dec 16, 2023 at 11:25 AM Haakon Bugge
> > wrote:
> >> > On 14 Dec 2023, at 00:54, Paul Moore wrote:
> >> >
> >> > Two things:
> >> >
> >>
On Thu, Sep 21, 2023 at 2:16 AM Mickaël Salaün wrote:
>
> Extract code from common_dump_audit_data() into the audit_log_lsm_data()
Did you mean dump_common_audit_data()? Assuming you correct the
function name above this looks fine to me.
Acked-by: Paul Moore
> helper. This helps reu
On Thu, Sep 21, 2023 at 2:17 AM Mickaël Salaün wrote:
>
> Add audit support for ruleset/domain creation and release. Ruleset and
> domain IDs are generated from the same 64-bit counter to avoid confusing
> them. There is no need to hide the sequentiality to users that are
> already allowed to read
On Thu, Sep 21, 2023 at 2:17 AM Mickaël Salaün wrote:
>
> Add audit support for domain creation, i.e. task self-restriction.
>
> Signed-off-by: Mickaël Salaün
> ---
> security/landlock/audit.c| 24
> security/landlock/audit.h| 8
> security/landlock/sys
On Thu, Sep 21, 2023 at 2:17 AM Mickaël Salaün wrote:
>
> Add audit support for mkdir, mknod, symlink, unlink, rmdir, truncate,
> and open requests.
>
> Signed-off-by: Mickaël Salaün
> ---
> security/landlock/audit.c | 114 ++
> security/landlock/audit.h | 32
On Thu, Dec 21, 2023 at 2:05 PM Haakon Bugge wrote:
> > On 18 Dec 2023, at 23:09, Paul Moore wrote:
> > On Sat, Dec 16, 2023 at 11:28 AM Haakon Bugge
> > wrote:
> >>> On 14 Dec 2023, at 00:45, Paul Moore wrote:
> >>> On Tue, Dec 12, 2023 at 5:29 AM Hå
On Thu, Dec 21, 2023 at 1:45 PM Mickaël Salaün wrote:
> On Wed, Dec 20, 2023 at 04:22:15PM -0500, Paul Moore wrote:
> > On Thu, Sep 21, 2023 at 2:17 AM Mickaël Salaün wrote:
> > >
> > > Add audit support for ruleset/domain creation and release ...
On Wed, Dec 27, 2023 at 9:56 PM Li zeming wrote:
>
> The ret variable is assigned when it does not need to be defined, as it
> has already been assigned before use.
>
> Signed-off-by: Li zeming
> ---
> kernel/auditfilter.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Thanks for the p
On Fri, Dec 29, 2023 at 12:42 PM Mickaël Salaün wrote:
> On Fri, Dec 22, 2023 at 05:42:35PM -0500, Paul Moore wrote:
> > On Thu, Dec 21, 2023 at 1:45 PM Mickaël Salaün wrote:
> > > On Wed, Dec 20, 2023 at 04:22:15PM -0500, Paul Moore wrote:
> > > > On Thu, Sep 21,
R 20240105
Chris Riches (1):
audit: Send netlink ACK before setting connection in auditd_set
Paul Moore (1):
MAINTAINERS: update the audit entry
MAINTAINERS| 6 +-
kernel/audit.c | 31 ---
2 files changed, 29 insert
Hello all,
I just noticed the recent addition of IORING_OP_FIXED_FD_INSTALL and I
see that it is currently written to skip the io_uring auditing.
Assuming I'm understanding the patch correctly, and I'll admit that
I've only looked at it for a short time today, my gut feeling is that
we want to aud
On Fri, Jan 19, 2024 at 12:02 PM Jens Axboe wrote:
>
> On 1/19/24 9:33 AM, Paul Moore wrote:
> > Hello all,
> >
> > I just noticed the recent addition of IORING_OP_FIXED_FD_INSTALL and I
> > see that it is currently written to skip the io_uring auditing.
> >
On Fri, Jan 19, 2024 at 12:41 PM Jens Axboe wrote:
> On 1/19/24 10:20 AM, Paul Moore wrote:
> > On Fri, Jan 19, 2024 at 12:02?PM Jens Axboe wrote:
> >> On 1/19/24 9:33 AM, Paul Moore wrote:
> >>> Hello all,
> >>>
> >>> I just noticed t
CREDS on
IORING_OP_FIXED_FD_INSTALL operations.
Fixes: dc18b89ab113 ("io_uring/openclose: add support for
IORING_OP_FIXED_FD_INSTALL")
Signed-off-by: Paul Moore
---
io_uring/opdef.c | 1 -
io_uring/openclose.c | 4
2 files changed, 4 insertions(+), 1 deletion(-)
diff --gi
On Tue, Jan 23, 2024 at 4:55 PM Paul Moore wrote:
>
> We need to correct some aspects of the IORING_OP_FIXED_FD_INSTALL
> command to take into account the security implications of making an
> io_uring-private file descriptor generally accessible to a userspace
> task.
>
> The
On Tue, Jan 23, 2024 at 5:43 PM Jens Axboe wrote:
> On 1/23/24 3:40 PM, Jens Axboe wrote:
> > On 1/23/24 3:35 PM, Jens Axboe wrote:
> >>
> >> On Tue, 23 Jan 2024 16:55:02 -0500, Paul Moore wrote:
> >>> We need to correct some aspects of the IORING_OP_FIXE
On Dec 27, 2023 Li zeming wrote:
>
> The ret variable is assigned when it does not need to be defined, as it
> has already been assigned before use.
>
> Signed-off-by: Li zeming
> ---
> kernel/auditfilter.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Merged into audit/dev, thanks.
On Jan 24, 2024 Kunwu Chan wrote:
>
> Use the new KMEM_CACHE() macro instead of direct kmem_cache_create
> to simplify the creation of SLAB caches.
>
> Signed-off-by: Kunwu Chan
> ---
> kernel/audit.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
Merged into audit/dev, thanks.
-
On Jan 30, 2024 Fan Wu wrote:
>
> This patch introduces a new hook to notify security system that the
> content of initramfs has been unpacked into the rootfs.
>
> Upon receiving this notification, the security system can activate
> a policy to allow only files that originated from the initramfs
On Jan 30, 2024 Fan Wu wrote:
>
> IPE is designed to provide system level trust guarantees, this usually
> implies that trust starts from bootup with a hardware root of trust,
> which validates the bootloader. After this, the bootloader verifies
> the kernel and the initramfs.
>
> As there's no
On Jan 30, 2024 Fan Wu wrote:
>
> As is typical with LSMs, IPE uses securityfs as its interface with
> userspace. for a complete list of the interfaces and the respective
> inputs/outputs, please see the documentation under
> admin-guide/LSM/ipe.rst
>
> Signed-off-by: Deven Bowers
> Signed-off-
On Jan 30, 2024 Fan Wu wrote:
>
> Users of IPE require a way to identify when and why an operation fails,
> allowing them to both respond to violations of policy and be notified
> of potentially malicious actions on their systems with respect to IPE
> itself.
>
> This patch introduces 3 new audi
On Jan 30, 2024 Fan Wu wrote:
>
> IPE, like SELinux, supports a permissive mode. This mode allows policy
> authors to test and evaluate IPE policy without it effecting their
> programs. When the mode is changed, a 1404 AUDIT_MAC_STATUS
> be reported.
>
> This patch adds the following audit recor
On Jan 30, 2024 Fan Wu wrote:
>
> Allows author of IPE policy to indicate trust for a singular dm-verity
> volume, identified by roothash, through "dmverity_roothash" and all
> signed dm-verity volumes, through "dmverity_signature".
>
> Signed-off-by: Deven Bowers
> Signed-off-by: Fan Wu
> ---
On Jan 30, 2024 Fan Wu wrote:
>
> Enable IPE policy authors to indicate trust for a singular fsverity
> file, identified by the digest information, through "fsverity_digest"
> and all files using fsverity's builtin signatures via
> "fsverity_signature".
>
> This enables file-level integrity clai
On Mon, Feb 5, 2024 at 6:01 PM Fan Wu wrote:
> On 2/3/2024 2:25 PM, Paul Moore wrote:
> > On Jan 30, 2024 Fan Wu wrote:
> >>
> >> As is typical with LSMs, IPE uses securityfs as its interface with
> >> userspace. for a complete list of the interfaces an
On Mon, Feb 5, 2024 at 6:11 PM Fan Wu wrote:
> On 2/3/2024 2:25 PM, Paul Moore wrote:
> > On Jan 30, 2024 Fan Wu wrote:
> >>
> >> Allows author of IPE policy to indicate trust for a singular dm-verity
> >> volume, identified by roothash, through "dmverit
ecurity/security.c | 69
> +++
> 3 files changed, 109 insertions(+)
One minor problem below, but assuming you fix that, this looks okay to me.
Acked-by: Paul Moore
> diff --git a/security/security.c b/security/security.c
> index 3aaad75c9ce8..0d210da9862c 100644
> --- a
On Wed, Feb 21, 2024 at 4:25 PM Seth Forshee (DigitalOcean)
wrote:
>
> Add hooks for set/get/remove fscaps operations which perform the same
> checks as the xattr hooks would have done for XATTR_NAME_CAPS.
>
> Signed-off-by: Seth Forshee (DigitalOcean)
> ---
> security/selinux/hooks.c | 26 +
On Wed, Feb 21, 2024 at 4:25 PM Seth Forshee (DigitalOcean)
wrote:
>
> Signed-off-by: Seth Forshee (DigitalOcean)
> ---
> security/security.c | 15 +--
> 1 file changed, 13 insertions(+), 2 deletions(-)
First off, you've got to write *something* for the commit description,
even if i
On Wed, Feb 21, 2024 at 7:10 PM Seth Forshee (DigitalOcean)
wrote:
> On Wed, Feb 21, 2024 at 06:38:33PM -0500, Paul Moore wrote:
> > On Wed, Feb 21, 2024 at 4:25 PM Seth Forshee (DigitalOcean)
> > wrote:
> > >
> > > Add hooks for set/get/remove fscaps
1 - 100 of 254 matches
Mail list logo
