Re: [PATCH bpf] security: Fix hook iteration for secid_to_secctx

2020-06-21 Thread KP Singh
On Fri, Jun 19, 2020 at 4:17 PM Ondrej Mosnacek wrote: > > On Fri, Jun 19, 2020 at 3:13 PM KP Singh wrote: > > Hi, > > > > On Fri, Jun 19, 2020 at 2:49 PM Ondrej Mosnacek wrote: > > > > > > On Wed, May 20, 2020 at 2:56 PM KP Singh wrote: > > > > From: KP Singh > > > > > > > > secid_to_secctx i

Re: [PATCH bpf] security: Fix hook iteration for secid_to_secctx

2020-06-19 Thread Ondrej Mosnacek
On Fri, Jun 19, 2020 at 3:13 PM KP Singh wrote: > Hi, > > On Fri, Jun 19, 2020 at 2:49 PM Ondrej Mosnacek wrote: > > > > On Wed, May 20, 2020 at 2:56 PM KP Singh wrote: > > > From: KP Singh > > > > > > secid_to_secctx is not stackable, and since the BPF LSM registers this > > > hook by default,

Re: [PATCH bpf] security: Fix hook iteration for secid_to_secctx

2020-06-19 Thread KP Singh
Hi, On Fri, Jun 19, 2020 at 2:49 PM Ondrej Mosnacek wrote: > > On Wed, May 20, 2020 at 2:56 PM KP Singh wrote: > > From: KP Singh > > > > secid_to_secctx is not stackable, and since the BPF LSM registers this > > hook by default, the call_int_hook logic is not suitable which > > "bails-on-fail"

Re: [PATCH bpf] security: Fix hook iteration for secid_to_secctx

2020-06-19 Thread Ondrej Mosnacek
On Wed, May 20, 2020 at 2:56 PM KP Singh wrote: > From: KP Singh > > secid_to_secctx is not stackable, and since the BPF LSM registers this > hook by default, the call_int_hook logic is not suitable which > "bails-on-fail" and casues issues when other LSMs register this hook and > eventually brea

Re: [PATCH bpf] security: Fix hook iteration for secid_to_secctx

2020-05-20 Thread Alexei Starovoitov
On Wed, May 20, 2020 at 7:02 PM James Morris wrote: > > On Wed, 20 May 2020, Alexei Starovoitov wrote: > > > On Wed, May 20, 2020 at 8:15 AM Casey Schaufler > > wrote: > > > > > > > > > On 5/20/2020 5:56 AM, KP Singh wrote: > > > > From: KP Singh > > > > > > > > secid_to_secctx is not stackable

Re: [PATCH bpf] security: Fix hook iteration for secid_to_secctx

2020-05-20 Thread James Morris
On Wed, 20 May 2020, Alexei Starovoitov wrote: > On Wed, May 20, 2020 at 8:15 AM Casey Schaufler > wrote: > > > > > > On 5/20/2020 5:56 AM, KP Singh wrote: > > > From: KP Singh > > > > > > secid_to_secctx is not stackable, and since the BPF LSM registers this > > > hook by default, the call_int

Re: [PATCH bpf] security: Fix hook iteration for secid_to_secctx

2020-05-20 Thread Alexei Starovoitov
On Wed, May 20, 2020 at 8:15 AM Casey Schaufler wrote: > > > On 5/20/2020 5:56 AM, KP Singh wrote: > > From: KP Singh > > > > secid_to_secctx is not stackable, and since the BPF LSM registers this > > hook by default, the call_int_hook logic is not suitable which > > "bails-on-fail" and casues is

Re: [PATCH bpf] security: Fix hook iteration for secid_to_secctx

2020-05-20 Thread Casey Schaufler
On 5/20/2020 5:56 AM, KP Singh wrote: > From: KP Singh > > secid_to_secctx is not stackable, and since the BPF LSM registers this > hook by default, the call_int_hook logic is not suitable which > "bails-on-fail" and casues issues when other LSMs register this hook and > eventually breaks Audit.

[PATCH bpf] security: Fix hook iteration for secid_to_secctx

2020-05-20 Thread KP Singh
From: KP Singh secid_to_secctx is not stackable, and since the BPF LSM registers this hook by default, the call_int_hook logic is not suitable which "bails-on-fail" and casues issues when other LSMs register this hook and eventually breaks Audit. In order to fix this, directly iterate over the s