Re: [PATCH v2] selftests: lsm: Refactor `flags_overset_lsm_set_self_attr` test

On Nov 16, 2024 Amit Vadhavana wrote: > > Remove the temporary context variable `tctx` to simplify the code. use > the original context `ctx` directly in calls to `lsm_get_self_attr`, > eliminating redundancy without any functional changes. > > Reviewed-by: Casey Schaufler > Reviewed-by: Shuah

Re: [PATCH] selftests: lsm: Refactor `flags_overset_lsm_set_self_attr` test

On Tue, Dec 3, 2024 at 7:00 PM Shuah Khan wrote: > > kselftest patches usually go through subsystem trees because of the > merge problems you mentioned. I take them through kselftest tree > if subsystem maintainers want me to. Some do and I pick them up. > > I pick up patches if I don't see respon

Re: [PATCH v5 4/4] vduse: Add LSM hook to check Virtio device type

On Mon, Dec 18, 2023 at 12:21 PM Stephen Smalley wrote: > On Tue, Dec 12, 2023 at 8:17 AM Maxime Coquelin > wrote: > > This patch introduces a LSM hook for devices creation, > > destruction (ioctl()) and opening (open()) operations, > > checking the application is allowed to perform these > > ope

Re: [PATCH v4 4/4] vduse: Add LSM hooks to check Virtio device type

On Oct 20, 2023 "Michael S. Tsirkin" wrote: > > This patch introduces LSM hooks for devices creation, > destruction and opening operations, checking the > application is allowed to perform these operations for > the Virtio device type. > > Signed-off-by: Maxime Coquelin > --- > drivers/vdpa/vd

Re: [PATCH] selinux: Annotate struct sidtab_str_cache with __counted_by

y indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > functions). > > As found with Coccinelle[1], add __counted_by for struct sidtab_str_cache. > > [1] > https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci > > Cc: Paul Moore > C

Re: [PATCH] audit: Annotate struct audit_chunk with __counted_by

On Aug 17, 2023 Paul Moore wrote: > > Prepare for the coming implementation by GCC and Clang of the __counted_by > attribute. Flexible array members annotated with __counted_by can have > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > (for arra

[GIT PULL] SELinux fixes for v5.12 (#2)

/sidtab.c | 21 + security/selinux/ss/sidtab.h | 4 + 6 files changed, 185 insertions(+), 112 deletions(-) -- paul moore www.paul-moore.com

Re: [BUG] Oops in sidtab_context_to_sid

On Sat, Apr 3, 2021 at 11:21 AM Ondrej Mosnacek wrote: > On Sat, Apr 3, 2021 at 4:33 PM Paul Moore wrote: > > On Fri, Apr 2, 2021 at 6:35 PM Vijay Balakrishna > > wrote: > > > > > > Seeing oops in 5.4.83 sidtab_context_to_sid(). I checked with Tyler >

Re: [BUG] Oops in sidtab_context_to_sid

you have a patched kernel that Vijay could try? -- paul moore www.paul-moore.com

Re: [PATCH] audit: drop /proc/PID/loginuid documentation Format field

command which causes a > warning. Documentation/ABI/README describes the valid fields. > > Reported-by: Mauro Carvalho Chehab > Signed-off-by: Richard Guy Briggs > --- > .../ABI/stable/procfs-audit_loginuid | 22 +-- > 1 file changed, 11 insertions(+), 11 de

Re: [PATCH v3 1/2] audit: document /proc/PID/loginuid

ag 'contact' is invalid. Line > Format: %u > > You should either drop it or add it to the parser and to the README > file, if the ABI maintainers are ok with such new field. Thanks Mauro, I didn't realize there were tools that parsed these files. Richard, please post a patch that drops the 'Format:' line from the newly added audit files as soon as possible so I can merge it into audit/next. -- paul moore www.paul-moore.com

Re: [PATCH v5] audit: log nftables configuration change events once per table

On Tue, Mar 30, 2021 at 6:53 PM Pablo Neira Ayuso wrote: > On Sun, Mar 28, 2021 at 08:50:45PM -0400, Paul Moore wrote: > [...] > > Netfilter folks, were you planning to pull this via your tree/netdev > > or would you like me to merge this via the audit tree? If the latter, >

Re: [PATCH v5] audit: log nftables configuration change events once per table

you planning to pull this via your tree/netdev or would you like me to merge this via the audit tree? If the latter, I would appreciate it if I could get an ACK from one of you; if the former, my ACK is below. Acked-by: Paul Moore -- paul moore www.paul-moore.com

Re: [PATCH v3] audit: log nftables configuration change events once per table

[NFT_MSG_NEWFLOWTABLE] = AUDIT_NFT_OP_FLOWTABLE_REGISTER, > + [NFT_MSG_GETFLOWTABLE] = AUDIT_NFT_OP_INVALID, > + [NFT_MSG_DELFLOWTABLE] = AUDIT_NFT_OP_FLOWTABLE_UNREGISTER, > +}; The previously reported problem with this as a static still exists, correct? It does seem like this should live in nf_tables_api.c doesn't it? -- paul moore www.paul-moore.com

Re: [PATCH] [v2] audit: avoid -Wempty-body warning

use the usual "do { } while (0)" instead, and change a > few more that were (void)0, for consistency. > > Signed-off-by: Arnd Bergmann > --- > v2: convert two more macros > --- > kernel/audit.h | 12 ++-- > 1 file changed, 6 insertions(+), 6 deletions(-) Merged into audit/next, thanks. -- paul moore www.paul-moore.com

[GIT PULL] SELinux fixes for v5.12 (#1)

ux/ss/services.c | 63 + 3 files changed, 59 insertions(+), 41 deletions(-) -- paul moore www.paul-moore.com

Re: [PATCH v3 2/2] audit: document /proc/PID/sessionid

d-off-by: Richard Guy Briggs > --- > Documentation/ABI/stable/procfs-audit_loginuid | 12 > 1 file changed, 12 insertions(+) Merged into audit/next, thanks. -- paul moore www.paul-moore.com

Re: [PATCH v3 1/2] audit: document /proc/PID/loginuid

iggs > --- > Documentation/ABI/stable/procfs-audit_loginuid | 15 +++ > 1 file changed, 15 insertions(+) > create mode 100644 Documentation/ABI/stable/procfs-audit_loginuid Merged into audit/next, thanks. -- paul moore www.paul-moore.com

Re: [PATCH v2 2/2] audit: document /proc/PID/sessionid

u...@redhat.com > +Format:%u (u32) > +Users: auditd, libaudit, audit-testsuite, login > +Description: > + The /proc/$pid/sessionid pseudofile is read to get the > + audit login session ID of process $pid. It is set > + automatically, serially assigned with each new login. > + -- paul moore www.paul-moore.com

Re: [PATCH v2 1/2] audit: document /proc/PID/loginuid

c userspace tools/libraries here. I recognize that you like the specificity, but I do not, and I fear that it will become invalid over time either due to deprecation of old packages or omission of new ones; the fact that we are just now adding an entry from 2005 shows how this area of Documentati

Re: [PATCH v2] MAINTAINERS: update audit files

ns that caused the need for this specificity. > > Signed-off-by: Richard Guy Briggs > --- > MAINTAINERS | 2 ++ > 1 file changed, 2 insertions(+) Merged into audit/next, thanks. -- paul moore www.paul-moore.com

Re: [PATCH] selinux: vsock: Set SID for socket returned by accept()

sksec_new->sid = sksec_sock->sid" ... which gets us back to this function looking like a reimplementation of selinux_sk_clone_security(), minus the peer_sid and sclass initializations (which should be important things to have). I strongly suggest you try making use of the existing security_sk_clone() hook in the vsock code, it seems like a better way to solve this problem. -- paul moore www.paul-moore.com

Re: [PATCH] perf/core: fix unconditional security_locked_down() call

On Tue, Mar 16, 2021 at 10:30 AM Peter Zijlstra wrote: > On Tue, Mar 16, 2021 at 09:53:21AM -0400, Paul Moore wrote: > > On Wed, Feb 24, 2021 at 4:59 PM Ondrej Mosnacek wrote: > > > > > > Currently, the lockdown state is queried unconditionally, even though > >

Re: [PATCH] perf/core: fix unconditional security_locked_down() call

0c8fdc7fdb7 ("lockdown: Lock down perf when in confidentiality mode") > Signed-off-by: Ondrej Mosnacek > --- > kernel/events/core.c | 12 ++-- > 1 file changed, 6 insertions(+), 6 deletions(-) Perf/core folks, do you want to pull this in via your tree? If I don

Re: [PATCH] MAINTAINERS: update audit files

include/asm-generic/audit_*.h > F: include/linux/audit.h > F: include/uapi/linux/audit.h > F: kernel/audit* > +F: lib/*audit.c > > AUXILIARY DISPLAY DRIVERS > M: Miguel Ojeda Sandonis > -- > 2.27.0 -- paul moore www.paul-moore.com

Re: [PATCH] audit: further cleanup of AUDIT_FILTER_ENTRY deprecation

filter") > > Signed-off-by: Richard Guy Briggs > --- > kernel/auditsc.c | 11 --- > 1 file changed, 4 insertions(+), 7 deletions(-) Looks good, merged. Thanks. -- paul moore www.paul-moore.com

Re: [PATCH 2/2] audit: document /proc/PID/sessionid

u32 > +Users: auditd, libaudit, audit-testsuite, login This should be obvious, but just to be safe - my comment from patch 1/2 also applies here. > +Description: > + The /proc/$pid/sessionid pseudofile is read to get the > + audit login session ID

Re: [PATCH 1/2] audit: document /proc/PID/loginuid

cannot be written again if > + AUDIT_FEATURE_LOGINUID_IMMUTABLE is enabled. It cannot be > + unset if AUDIT_FEATURE_ONLY_UNSET_LOGINUID is enabled. -- paul moore www.paul-moore.com

Re: [PATCH] security/selinux/include/: fix misspellings using codespell tool

gt; > Signed-off-by: Xiong Zhenwu > --- > security/selinux/include/security.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Merged, thanks. -- paul moore www.paul-moore.com

Re: [PATCH] security/selinux/ss: fix misspellings using codespell tool

-by: Xiong Zhenwu > --- > security/selinux/ss/hashtab.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Merged, thanks. -- paul moore www.paul-moore.com

Re: [PATCH v3] selinux: measure state and policy capabilities

On Fri, Mar 5, 2021 at 2:29 PM Lakshmi Ramasubramanian wrote: > On 3/5/21 11:22 AM, Paul Moore wrote: > > Hi Paul, > > > On Fri, Mar 5, 2021 at 12:57 PM James Bottomley > > wrote: > >> On Fri, 2021-03-05 at 12:52 -0500, Paul Moore wrote: > >> [...] >

Re: [PATCH v3] selinux: measure state and policy capabilities

On Fri, Mar 5, 2021 at 12:57 PM James Bottomley wrote: > On Fri, 2021-03-05 at 12:52 -0500, Paul Moore wrote: > [...] > > This draft seems fine to me, but there is a small logistical blocker > > at the moment which means I can't merge this until -rc2 is released, >

Re: [PATCH v3] selinux: measure state and policy capabilities

cure state and then whatever policy capabilities are actually > set in the expected policy (which can be extracted from the policy > itself via seinfo, for example). > > Signed-off-by: Lakshmi Ramasubramanian > Suggested-by: Stephen Smalley > Suggested-by: Paul Moore > --- > s

Re: [PATCH] RTIC: selinux: ARM64: Move selinux_state to a separate page

f the pointers inside I think we should be okay (the access decision cache pointed to by selinux_state->avc could change frequently). Have you done any performance measurements of this change? Assuming they are not terrible, I have no objections to this patch from a SELinux perspective. -- paul moore www.paul-moore.com

Re: [PATCH v3] selinux: measure state and policy capabilities

t closed earlier this week, and there were a handful of bugs that needed to be addressed before I could look at this patch. If I don't get a chance to review this patch tonight, I will try to get to it this weekend or early next week. -- paul moore www.paul-moore.com

Re: KASAN: use-after-free Write in cipso_v4_doi_putdef

On Wed, Mar 3, 2021 at 11:20 AM Paul Moore wrote: > On Wed, Mar 3, 2021 at 10:53 AM syzbot > wrote: > > > > Hello, > > > > syzbot found the following issue on: > > > > HEAD commit:7a7fd0de Merge branch 'kmap-conversion-for-5.12' of git:

Re: KASAN: use-after-free Write in cipso_v4_doi_putdef

e 4 at addr 8880179ecb18 by task syz-executor.5/20110 Almost surely the same problem as the others, I'm currently chasing down a few remaining spots to make sure the fix I'm working on is correct. -- paul moore www.paul-moore.com

Re: KASAN: use-after-free Read in cipso_v4_genopt

object. > Does it make any sense? Looking at it quickly, the logic above seems sane. I wrote this code a *long* time ago, so let me get my head back into it and make sure that still holds. -- paul moore www.paul-moore.com

Re: KASAN: use-after-free Read in cipso_v4_genopt

ble to find one. It's also worth adding that this code really hasn't changed much in a *long* time, not that this means it isn't broken, just that it might also be worth looking at other odd memory bugs to see if there is chance they are wandering around and stomping on memory ... -- paul moore www.paul-moore.com

Re: [BUG] Race between policy reload sidtab conversion and live conversion

On Mon, Mar 1, 2021 at 5:36 AM Ondrej Mosnacek wrote: > On Sun, Feb 28, 2021 at 8:21 PM Paul Moore wrote: > > On Fri, Feb 26, 2021 at 6:12 AM Ondrej Mosnacek wrote: > > > On Fri, Feb 26, 2021 at 2:07 AM Paul Moore wrote: > > > > On Wed, Feb 24, 2021 at 4:35 AM O

Re: [linux-next:master 5983/6048] h8300-linux-ld: section .data VMA overlaps section __kcrctab VMA

On Mon, Mar 1, 2021 at 1:08 AM Feng Tang wrote: > > Hi Paul, > > On Wed, Feb 10, 2021 at 02:21:41AM +0800, Paul Moore wrote: > > On Tue, Feb 9, 2021 at 1:09 PM kernel test robot wrote: > > > tree: > > > https://git.kernel.org/pub/scm/linux/kernel/git/n

Re: [BUG] Race between policy reload sidtab conversion and live conversion

On Fri, Feb 26, 2021 at 6:12 AM Ondrej Mosnacek wrote: > On Fri, Feb 26, 2021 at 2:07 AM Paul Moore wrote: > > On Wed, Feb 24, 2021 at 4:35 AM Ondrej Mosnacek wrote: > > > After the switch to RCU, we now have: > > > 1. Start live conversion of new entries. > &

Re: [PATCH 09/11] pragma once: convert scripts/selinux/genheaders/genheaders.c

; fprintf(fout, "/* This file is automatically generated. Do not edit. > */\n"); > - fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define > _SELINUX_AV_PERMISSIONS_H_\n\n"); > > for (i = 0; secclass_map[i].name; i++) { > struct security_class_mapping *map = &secclass_map[i]; > @@ -136,7 +135,6 @@ int main(int argc, char *argv[]) > } > } > > - fprintf(fout, "\n#endif\n"); > fclose(fout); > exit(0); > } > -- > 2.29.2 -- paul moore www.paul-moore.com

Re: [BUG] Race between policy reload sidtab conversion and live conversion

abs the new_sidtab->lock when adding entries to the new_sidtab *should* solve the problem. Did I miss something important? ;) -- paul moore www.paul-moore.com

Re: [BUG] Race between policy reload sidtab conversion and live conversion

x27;m not overly excited about switching back to the read-write lock so quickly, I'd rather we spend some additional time looking into resolving issues with the current RCU code. -- paul moore www.paul-moore.com

Re: [BUG] Race between policy reload sidtab conversion and live conversion

ndrej's proposed > change here: > > https://lore.kernel.org/selinux/20210212185930.130477-3-omosn...@redhat.com/ > > I'll put these changes through a validation run (the only place that I > can seem to reproduce this crash) and see how it looks. Thanks, please let us know what you find out. -- paul moore www.paul-moore.com

Re: [GIT PULL] SELinux patches for v5.12

On Sun, Feb 21, 2021 at 8:07 PM Linus Torvalds wrote: > > On Mon, Feb 15, 2021 at 1:57 PM Paul Moore wrote: > > > > - Add support for labeling anonymous inodes, and extend this new > > support to userfaultfd. > > I've pulled this, but I just have to note h

[GIT PULL] Audit patches for v5.12

() return void Zheng Yongjun (1): kernel/audit: convert comma to semicolon kernel/audit.c | 4 ++-- kernel/auditsc.c | 16 2 files changed, 10 insertions(+), 10 deletions(-) -- paul moore www.paul-moore.com

[GIT PULL] SELinux patches for v5.12

urity/selinux/ss/hashtab.c | 2 +- security/selinux/ss/services.c | 10 +-- security/selinux/xfrm.c | 2 +- 23 files changed, 294 insertions(+), 105 deletions(-) -- paul moore www.paul-moore.com

Re: [PATCH ghak124 v3] audit: log nftables configuration change events

If we lose it, people are > better off with ipset IMHO. > > Unlike nft monitor, auditd is not designed to be disabled "at will". So > turning it off for performance-critical workloads is no option. Patches are always welcome, but it might be wise to get to the bottom of the certification requirements first. -- paul moore www.paul-moore.com

Re: [PATCH v2] selinux: measure state and policy capabilities

cure state and then whatever policy capabilities are actually > set in the expected policy (which can be extracted from the policy > itself via seinfo, for example). > > Signed-off-by: Lakshmi Ramasubramanian > Suggested-by: Stephen Smalley > Suggested-by: Paul Moore > --- > s

Re: [PATCH 1/2] audit: show user land backtrace as part of audit context messages

On Tue, Feb 2, 2021 at 4:44 PM Daniel Walker (danielwa) wrote: > On Tue, Feb 02, 2021 at 04:35:42PM -0500, Paul Moore wrote: > > On Tue, Feb 2, 2021 at 4:29 PM Daniel Walker wrote: > > > From: Victor Kamensky > > > > > > To efficiently find out wher

Re: [PATCH 2/2] audit: show (grand)parents information of an audit context

various fork()/exec() syscalls to get an understanding of the various process (sub)trees on the system. It would require a bit of work to sift through the audit log and reconstruct the events that led to a process being started, and generating the AVC you are interested in debugging, but folks who live The Audit Life supposedly do this sort of thing a lot (this sort of thing being tracing a process/session). -- paul moore www.paul-moore.com

Re: [PATCH 1/2] audit: show user land backtrace as part of audit context messages

and other audit > messages ... Have you tried the new perf tracepoint for SELinux AVC decisions that trigger an audit event? It's a new feature for v5.10 and looks to accomplish most of what you are looking for with this patch. * https://www.paul-moore.com/blog/d/2020/12/linux_v510.html -- paul moore www.paul-moore.com

Re: [PATCH] selinux: measure state and policy capabilities

On Sun, Jan 24, 2021 at 12:04 PM Lakshmi Ramasubramanian wrote: > On 1/22/21 1:21 PM, Paul Moore wrote: ... > >> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > >> index 644b17ec9e63..879a0d90615d 100644 > >> --- a/security/selinux/hooks.c >

Re: [PATCH v2] audit: Make audit_filter_syscall() return void

(). > > Signed-off-by: Yang Yang > Reviewed-by: Richard Guy Briggs > --- > kernel/auditsc.c | 16 > 1 file changed, 8 insertions(+), 8 deletions(-) This is a simple enough patch so I think merging it during -rc5 should be okay; merged into audit/next - thanks! -- paul moore www.paul-moore.com

Re: [RFC,v3,1/1] audit: speed up syscall rule filtering

ilter_inodes() to eliminate some redundancy, e.g. reduce the number of audit_in_mask() calls. Actually looking a bit closer there are a number of improvements that could likely be made, some might have some performance impacts. Let me know if you are going to pursue the suggestion above about reordering the audit_filter_*() functions as I'll hold off on the other changes. -- paul moore www.paul-moore.com

Re: [PATCH v24 21/25] audit: add support for non-syscall auxiliary records

e with me. I'm not sure if there is one perfect way. I typically see either a "From: " line if the author is different from the submitter, or in more complex cases such as this it seems like a simple note giving credit in the description might be the best option. -- paul moore www.paul-moore.com

Re: [PATCH] selinux: measure state and policy capabilities

, > @@ -182,6 +183,10 @@ static ssize_t sel_write_enforce(struct file *file, > const char __user *buf, > selinux_status_update_setenforce(state, new_value); > if (!new_value) > call_blocking_lsm_notifier(LSM_POLICY_CHANGE, NULL); > + > + mutex_lock(&state->policy_mutex); > + selinux_ima_measure_state(state); > + mutex_unlock(&state->policy_mutex); > } > length = count; > out: > @@ -762,6 +767,11 @@ static ssize_t sel_write_checkreqprot(struct file *file, > const char __user *buf, > > checkreqprot_set(fsi->state, (new_value ? 1 : 0)); > length = count; > + > + mutex_lock(&fsi->state->policy_mutex); > + selinux_ima_measure_state(fsi->state); > + mutex_unlock(&fsi->state->policy_mutex); > + The lock-measure-unlock pattern appears enough that I wonder if we should move the lock/unlock into selinux_ima_measure_state() and create a new function, selinux_ima_measure_state_unlocked(), to cover the existing case in selinux_notify_policy_change(). It would have the advantage of not requiring a pointless lock/unlock in the case where CONFIG_IMA=n. -- paul moore www.paul-moore.com

Re: [PATCH] selinux: include a consumer of the new IMA critical data hook

tem and run the sha256sum /sys/kernel/selinux/policy there to get > the expected hash. > > Signed-off-by: Lakshmi Ramasubramanian > Suggested-by: Stephen Smalley > Acked-by: Paul Moore > Reviewed-by: Tyler Hicks > --- > Documentation/ABI/testing/ima_policy | 3 +- &g

Re: Fw:Re:Fw:Re:[RFC,v1,1/1] audit: speed up syscall rule match while exiting syscall

rules in audit_filter_syscall(AUDIT_FILTER_EXIT), so why not first execute audit_filter_inodes() and only execute audit_filter_syscall(AUDIT_FILTER_EXIT) if necessary? It may be that I'm missing something on this quick look at the code, but I think it is worth investigating. It's also possible there are other similar improvements to made. There is similar code in __audit_free() but that should be less performance critical. -- paul moore www.paul-moore.com

Re: [RFC,v2,1/1] audit: speed up syscall rule match while exiting syscall

int arg) { /* important stuff */ } #else int func(int arg) { return 0; /* appropriate return value */ } #endif There are probably a few other comments on this patch, but I want us to discuss the performance impacts of this first as I'm not convinced this is a solution we want upstream. -- paul moore www.paul-moore.com

Re: [PATCH] fs: anon_inodes: rephrase to appropriate kernel-doc

se to appropriate kernel-doc for anon_inode_getfd_secure(). > > Signed-off-by: Lukas Bulwahn > --- > fs/anon_inodes.c | 21 ++--- > 1 file changed, 14 insertions(+), 7 deletions(-) Merged into selinux/next with the other related LSM/SELinux anon-inode patches, thank you! -- paul moore www.paul-moore.com

Re: [PATCH] audit: Remove leftover reference to the audit_tasklet

emove them from the queue outside the > + * queue and a kthread is scheduled to remove them from the queue outside the > * irq context. May be called in any context. > */ > void audit_log_end(struct audit_buffer *ab) > -- > 2.26.2 -- paul moore www.paul-moore.com

Re: [PATCH v15 0/4] SELinux support for anonymous inodes and UFFD

On Tue, Jan 12, 2021 at 12:15 PM Paul Moore wrote: > > On Fri, Jan 8, 2021 at 5:22 PM Lokesh Gidra wrote: > > > > Userfaultfd in unprivileged contexts could be potentially very > > useful. We'd like to harden userfaultfd to make such unprivileged use > > l

Re: [PATCH] selinux: include a consumer of the new IMA critical data hook

tem and run the sha256sum /sys/kernel/selinux/policy there to get > the expected hash. > > Signed-off-by: Lakshmi Ramasubramanian > Suggested-by: Stephen Smalley > Acked-by: Paul Moore > Reviewed-by: Tyler Hicks > --- > Documentation/ABI/testing/ima_policy | 3 +- &g

Re: [PATCH v10 8/8] selinux: include a consumer of the new IMA critical data hook

cially if different userspace applications are dependent > on it. Unless everyone is on board that removing the timestamp > wouldn't be considered a regression, it cannot be upstreamed. I'm not a fan of merging things which are known to be broken only with the promise of fixing it later. That goes double when the proper fix will result in a user visible breaking change. -- paul moore www.paul-moore.com

Re: Fw:Re:[RFC,v1,1/1] audit: speed up syscall rule match while exiting syscall

it_del_rule() time: > before this patch: 3510ns. > after this patch: 8519ns, increase 143%. > > Analyse: > After this patch, rule change time obviously increase. But rule change > may not happen very often. > > [1] CIS is a Linux Benchmarks for security purpose. > https://www.cisecurity.org/benchmark/distribution_independent_linux/ -- paul moore www.paul-moore.com

Re: [PATCH v10 8/8] selinux: include a consumer of the new IMA critical data hook

On Wed, Jan 13, 2021 at 6:11 PM Mimi Zohar wrote: > On Wed, 2021-01-13 at 17:10 -0500, Paul Moore wrote: > > On Wed, Jan 13, 2021 at 4:11 PM Mimi Zohar wrote: > > > On Wed, 2021-01-13 at 14:19 -0500, Paul Moore wrote: > > > > On Wed, Jan 13, 2021 at 2:13 PM Mimi

Re: [PATCH v10 8/8] selinux: include a consumer of the new IMA critical data hook

On Wed, Jan 13, 2021 at 4:11 PM Mimi Zohar wrote: > On Wed, 2021-01-13 at 14:19 -0500, Paul Moore wrote: > > On Wed, Jan 13, 2021 at 2:13 PM Mimi Zohar wrote: > > > On Tue, 2021-01-12 at 11:27 -0500, Paul Moore wrote: > > > > On Thu, Jan 7, 2021 at 11:07 PM

Re: [PATCH v10 8/8] selinux: include a consumer of the new IMA critical data hook

On Wed, Jan 13, 2021 at 2:13 PM Mimi Zohar wrote: > On Tue, 2021-01-12 at 11:27 -0500, Paul Moore wrote: > > On Thu, Jan 7, 2021 at 11:07 PM Tushar Sugandhi > > wrote: > > > From: Lakshmi Ramasubramanian > > > > > > SELinux stores the active pol

Re: [RFC,v1,1/1] audit: speed up syscall rule match while exiting syscall

things to include in the commit description when submitting patches focused on improving performance. -- paul moore www.paul-moore.com

Re: [PATCH v15 0/4] SELinux support for anonymous inodes and UFFD

now soon. If I don't hear anything within the next day or two I'll go ahead and merge this for linux-next. Thanks. -- paul moore www.paul-moore.com

Re: [PATCH v10 8/8] selinux: include a consumer of the new IMA critical data hook

++ > 6 files changed, 149 insertions(+), 11 deletions(-) > create mode 100644 security/selinux/ima.c > create mode 100644 security/selinux/include/ima.h I remain concerned about the possibility of bypassing a measurement by tampering with the time, but I appear to be the only

Re: [PATCH v13 3/4] selinux: teach SELinux about anonymous inodes

On Fri, Jan 8, 2021 at 2:35 PM Stephen Smalley wrote: > On Wed, Jan 6, 2021 at 10:03 PM Paul Moore wrote: > > On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra wrote: > > > From: Daniel Colascione > > > > > > This change uses the anon_inodes and LSM infrastruct

Re: [PATCH v13 3/4] selinux: teach SELinux about anonymous inodes

On Wed, Jan 6, 2021 at 10:55 PM Lokesh Gidra wrote: > On Wed, Jan 6, 2021 at 7:03 PM Paul Moore wrote: > > On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra wrote: > > > From: Daniel Colascione > > > > > > This change uses the anon_inodes and LSM infrastruct

Re: [PATCH v13 2/4] fs: add LSM-supporting anon-inode interface

On Wed, Jan 6, 2021 at 9:44 PM Lokesh Gidra wrote: > On Wed, Jan 6, 2021 at 6:10 PM Paul Moore wrote: > > > > On Wed, Nov 11, 2020 at 8:54 PM Lokesh Gidra wrote: > > > From: Daniel Colascione > > > > > > This change adds a new function, anon_inode_

Re: [PATCH v13 2/4] fs: add LSM-supporting anon-inode interface

On Wed, Jan 6, 2021 at 9:42 PM dancol wrote: > > On 2021-01-06 21:09, Paul Moore wrote: > > Is it necessary to pass both the context_inode pointer and the secure > > boolean? It seems like if context_inode is non-NULL then one could > > assume that a secure anonymous

Re: [PATCH v13 3/4] selinux: teach SELinux about anonymous inodes

} > + > + isec->initialized = LABEL_INITIALIZED; > + > + /* > +* Now that we've initialized security, check whether we're > +* allowed to actually create this type of anonymous inode. > +*/ > + > + ad.type = LSM_AUDIT_DATA_INODE; > + ad.u.inode = inode; > + > + return avc_has_perm(&selinux_state, > + tsec->sid, > + isec->sid, > + isec->sclass, > + ANON_INODE__CREATE, > + &ad); > +} -- paul moore www.paul-moore.com

Re: [PATCH v13 2/4] fs: add LSM-supporting anon-inode interface

= alloc_file_pseudo(inode, anon_inode_mnt, name, > flags & (O_ACCMODE | O_NONBLOCK), fops); > if (IS_ERR(file)) > - goto err; > + goto err_iput; > > - file->f_mapping = anon_inode_inode->i_mapping; > + file->f_mapping = inode->i_mapping; > > file->private_data = priv; > > return file; > > +err_iput: > + iput(inode); > err: > - iput(anon_inode_inode); > module_put(fops->owner); > return file; > } > -EXPORT_SYMBOL_GPL(anon_inode_getfile); -- paul moore www.paul-moore.com

Re: [PATCH v4] proc: Allow pid_revalidate() during LOOKUP_RCU

On Tue, Jan 5, 2021 at 7:38 PM Al Viro wrote: > On Tue, Jan 05, 2021 at 07:00:59PM -0500, Paul Moore wrote: ... > > I would expect the problem here to be the currently allocated audit > > buffer isn't large enough to hold the full audit record, in which case > > it

Re: [PATCH v4] proc: Allow pid_revalidate() during LOOKUP_RCU

- using a gfp flag that was established when the buffer was first created. In this particular case it is GFP_ATOMIC|__GFP_NOWARN, which I believe should be safe in that it will not sleep on an allocation miss. I need to go deal with dinner, so I can't trace the entire path at the moment, but I believe the potential audit buffer allocation is the main issue. -- paul moore www.paul-moore.com

Re: [PATCH v9 8/8] selinux: include a consumer of the new IMA critical data hook

On Mon, Jan 4, 2021 at 6:30 PM Lakshmi Ramasubramanian wrote: > On 12/23/20 1:10 PM, Paul Moore wrote: > Hi Paul, Hello. > >> diff --git a/security/selinux/measure.c b/security/selinux/measure.c > >> new file mode 100644 > >> index ..b7e24358e

Re: [PATCH -next] kernel/audit: convert comma to semicolon

On Mon, Dec 14, 2020 at 9:34 PM Paul Moore wrote: > On Fri, Dec 11, 2020 at 10:33 AM Richard Guy Briggs wrote: > > On 2020-12-11 16:42, Zheng Yongjun wrote: > > > Replace a comma between expression statements by a semicolon. > > > > > > Signed-off-by: Zh

Re: [PATCH v9 8/8] selinux: include a consumer of the new IMA critical data hook

only and should not > + * be used for returning data to user space. > + * > + * This function must be called with policy_mutex held. > + */ > +int security_read_policy_kernel(struct selinux_state *state, > + void **data, size_t *len) Let's call this "security_read_state_kernel()". > +{ > + struct selinux_policy *policy; > + int rc = 0; See below, the rc variable is not needed. > - *len = (unsigned long)fp.data - (unsigned long)*data; > - return 0; > + policy = rcu_dereference_protected( > + state->policy, lockdep_is_held(&state->policy_mutex)); > + if (!policy) { > + rc = -EINVAL; > + goto out; Jumping to the out label is a little silly since it is just a return; do a "return -EINVAL;" here instead. > + } > + > + *len = policy->policydb.len; > + *data = vmalloc(*len); > + if (!*data) { > + rc = -ENOMEM; > + goto out; Same as above, "return -ENOMEM;" please. > + } > > + rc = security_read_selinux_policy(policy, *data, len); You should be able to do "return security_read_selinux_policy(...);" here. > + > +out: > + return rc; > } -- paul moore www.paul-moore.com

Re: [PATCH ghak90 v10 01/11] audit: collect audit task parameters

+- > include/linux/sched.h | 7 +- > init/init_task.c | 3 +- > init/main.c | 2 + > kernel/audit.c| 154 +- > kernel/audit.h| 7 ++ > kernel/auditsc.c | 24 ++++--- > kernel/fork.c | 1 - > 10 files changed, 205 insertions(+), 66 deletions(-) -- paul moore www.paul-moore.com

Re: [PATCH -next] kernel/audit: convert comma to semicolon

of expressions is used as the right-hand value in the "a" assignment. In the case of this patch, the existing code is actually okay: both expressions are executed and we don't assign either expression's value to a variable so it doesn't matter. However, it definitely looks odd and is something we should fix. -- paul moore www.paul-moore.com

[GIT PULL] SELinux patches for v5.11

/stable-5.11 PR 20201214 Gustavo A. R. Silva (1): selinux: Fix fall-through warnings for Clang Ondrej Mosnacek (1): selinux: drop super_block backpointer from superblock_security_struct Paul Moore (2): selinux: fix

[GIT PULL] Audit patches for v5.11

| 38 -- security/lsm_audit.c | 5 - 4 files changed, 18 insertions(+), 42 deletions(-) -- paul moore www.paul-moore.com

Re: [PATCH v2] proc: Allow pid_revalidate() during LOOKUP_RCU

mment on Smack's needs. > For example, > > * Sets the smack pointer in the inode security blob > */ > static void smack_task_to_inode(struct task_struct *p, struct inode *inode) > { > struct inode_smack *isp = smack_inode(inode); > struct smack_known *skp = smk_of_task_struct(p); > > isp->smk_inode = skp; > isp->smk_flags |= SMK_INODE_INSTANT; > } > > That seems to do rather more than checking the file type bits. -- paul moore www.paul-moore.com

Re: [PATCH] audit: remove unused macros

[-Wunused-macros] > > AUDIT_UNINITIALIZED and AUDITSC_INVALID are still meaningful and should > be in incorporated. > > Just remove AUDIT_AUX_IPCPERM. > > Thanks comments from Richard Guy Briggs and Paul Moore. > > Signed-off-by: Alex Shi > Cc: Paul Moore > Cc: Ri

Re: [PATCH v12 3/4] selinux: teach SELinux about anonymous inodes

On Tue, Nov 24, 2020 at 3:44 PM Lokesh Gidra wrote: > On Mon, Nov 23, 2020 at 2:43 PM Paul Moore wrote: > > On Mon, Nov 23, 2020 at 2:21 PM Lokesh Gidra wrote: > > > On Sun, Nov 22, 2020 at 3:14 PM Paul Moore wrote: > > > > On Wed, Nov 18, 2020 at 5:39 P

Re: [PATCH 053/141] selinux: Fix fall-through warnings for Clang

om_file(NULL); > + break; > default: > break; > } > -- > 2.27.0 -- paul moore www.paul-moore.com

Re: [PATCH v12 3/4] selinux: teach SELinux about anonymous inodes

On Mon, Nov 23, 2020 at 2:21 PM Lokesh Gidra wrote: > On Sun, Nov 22, 2020 at 3:14 PM Paul Moore wrote: > > On Wed, Nov 18, 2020 at 5:39 PM Lokesh Gidra wrote: > > > I have created a cuttlefish build and have tested with the attached > > > userfaultfd program: &g

Re: [PATCH v12 3/4] selinux: teach SELinux about anonymous inodes

t; UFFDIO_API: Permission denied > > with the following logcat message: > 11-18 14:33:29.142 2028 2028 W userfaultfdSimp: type=1400 > audit(0.0:104): avc: denied { ioctl } for > path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=41169 > ioctlcmd=0xaa3f scontext=u:r:userfaultfdSimple:s0 > tcontext=u:object_r:uffd_t:s0 tclass=anon_inode permissive=0 -- paul moore www.paul-moore.com

[GIT PULL] SELinux fixes for v5.10 (#1)

.10 PR 20201113 Chen Zhou (1): selinux: Fix error return code in sel_ib_pkey_sid_slow() security/selinux/ibpkey.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- paul moore www.paul-moore.com

Re: [PATCH v2] selinux: Fix error return code in sel_ib_pkey_sid_slow()

treival of PKey > SIDs") > Reported-by: Hulk Robot > Signed-off-by: Chen Zhou > --- > security/selinux/ibpkey.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) Thanks for the fix! I've merged this into the selinux/stable-5.10 branch and I'll send this

Re: [PATCH v12 3/4] selinux: teach SELinux about anonymous inodes

On Tue, Nov 10, 2020 at 10:30 PM Lokesh Gidra wrote: > On Tue, Nov 10, 2020 at 6:13 PM Paul Moore wrote: > > On Tue, Nov 10, 2020 at 1:24 PM Lokesh Gidra wrote: > > > On Mon, Nov 9, 2020 at 7:12 PM Paul Moore wrote: > > > > On Fri, Nov 6, 2020 at 10:56 A

Re: [PATCH] audit: remove unused macros

ernel/auditsc.c:104:0: warning: macro "AUDIT_AUX_IPCPERM" is not used > > [-Wunused-macros] > > kernel/auditsc.c:82:0: warning: macro "AUDITSC_INVALID" is not used > > [-Wunused-macros] > > > > remove them to tame gcc. > > > > Signed-off-by: Al

Re: [PATCH v12 3/4] selinux: teach SELinux about anonymous inodes

On Tue, Nov 10, 2020 at 1:24 PM Lokesh Gidra wrote: > On Mon, Nov 9, 2020 at 7:12 PM Paul Moore wrote: > > On Fri, Nov 6, 2020 at 10:56 AM Lokesh Gidra wrote: > > > > > > From: Daniel Colascione > > > > > > This change uses the anon_inodes a

  1   2   3   4   5   6   7   8   9   10   >