ted
>
> Can this situation be handled in current Smack subsystem?
> If so, could you give me an idea how to handle it.
This doesn't seem to be a Smack problem. This isn't even a kernel
problem. It's userspace race. You should wait for a proper udev event
that notifies af
Add a new LSM hook called before inode's setxattr. It is required for
LSM to be able to reliably replace the xattr's value to be set to
filesystem in __vfs_setxattr_noperm(). Useful for mapped values, like in
the upcoming Smack namespace patches.
Signed-off-by: Lukasz Pawelczyk
Acked
od
- new patch for setprocattr hook new argument, file's opener creds
- new patch for inode_pre_setxattr LSM hook
- new patch related to handling smackfs/syslog
Changes from v1:
- "kernel/exit.c: make sure current's nsproxy != NULL while checking
caps" patch has been dro
describing smack_syslog_label
variable.
Before that the initial state was to allow (smack_syslog_label was
NULL), but after writing star to it the current had to be labeled star
as well to have an access, even thought reading the smackfs/syslog
returned the same result in both cases.
Signed-off-
lity check when there is
no proper access check that usually checks for that.
All the Smack LSM hooks have been adapted to be namespace aware.
The capabilities (CAP_MAC_ADMIN, CAP_MAC_OVERRIDE) has been allowed in
the namespace for few cases. Check the documentation for the details.
Signed-off-
code reformatting in several places for readability
- unnecessarily increasing string size has been fixed
This patch should not change the behaviour of the Smack in any way.
Signed-off-by: Lukasz Pawelczyk
Reviewed-by: Casey Schaufler
---
security/smack/smack.h| 47
t yet.
Signed-off-by: Lukasz Pawelczyk
Reviewed-by: Casey Schaufler
---
security/smack/Kconfig| 10 ++
security/smack/Makefile | 1 +
security/smack/smack.h| 45 -
security/smack/smack_access.c | 47 -
security/smack/smack_lsm.c| 134 +-
security/
Adds Documentation/smack-namespace.txt.
Signed-off-by: Lukasz Pawelczyk
Reviewed-by: Casey Schaufler
---
Documentation/security/00-INDEX| 2 +
Documentation/security/Smack-namespace.txt | 231 +
MAINTAINERS| 1
patches. Those 2 functions
will serve as entry points for namespace operations.
This patch should not change the Smack behaviour in any way.
Signed-off-by: Lukasz Pawelczyk
Reviewed-by: Casey Schaufler
---
security/smack/smack.h| 2 +
security/smack/smack_access.c | 41
ean breaking the Smack label namespace separation.
Signed-off-by: Lukasz Pawelczyk
Reviewed-by: Casey Schaufler
Acked-by: Serge Hallyn
---
security/smack/smack.h| 5
security/smack/smack_access.c | 64 +++
security/smack/smack_lsm.c| 4
o
use the hook.
Signed-off-by: Lukasz Pawelczyk
Acked-by: Serge Hallyn
---
fs/proc/base.c| 81 +++
include/linux/lsm_hooks.h | 15 +
include/linux/security.h | 9 ++
security/security.c | 8 +
4 files changed
the in the security.h below.
Signed-off-by: Lukasz Pawelczyk
Reviewed-by: Casey Schaufler
Acked-by: Paul Moore
---
include/linux/lsm_hooks.h | 28
include/linux/security.h | 23 +++
include/linux/user_namespace.h | 4
kernel
setprocattr hook for Smack's label_map attribute needs to know the
capabilities of file opener. Add those credentials to the hook's
arguments.
While at it add documentation on get/setprocattr hooks.
Signed-off-by: Lukasz Pawelczyk
Acked-by: Serge Hallyn
---
fs/proc/base.c
_list_ns);
>
> but it is used again! typo?
No, not a typo. A regular bug. Thanks for spotting it. Also sync
mechanism before freeing was missing:
skp = sknp->smk_unmapped;
mutex_lock(&skp->smk_mapped_lock);
list_del_rcu(&sknp->smk_list_known);
On czw, 2015-10-15 at 14:41 +0200, Lukasz Pawelczyk wrote:
> No, not a typo. A regular bug. Thanks for spotting it. Also sync
> mechanism before freeing was missing:
Hitfix, will be integrated with the next respin:
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 3
dd_rcu(&sknp->smk_list_ns, &snsp->smk_mapped);
> + mutex_unlock(&snsp->smk_mapped_lock);
>
> in smk_import_mapped() function(copied below)?
Yes, the namespace is destroyed when all its references are gone. This
also includes processes that were in that namespace.
. Right now it only reacts on EINVAL passing other codes
properly to userspace.
Comments have been updated accordingly.
Signed-off-by: Lukasz Pawelczyk
---
security/smack/smack_access.c | 27 ++
security/smack/smack_lsm.c| 93 +++--
security/smack/smackfs.c
On wto, 2015-05-26 at 18:04 -0700, Casey Schaufler wrote:
> On 5/25/2015 5:32 AM, Lukasz Pawelczyk wrote:
> > Hello,
> >
> > Some time ago I sent a Smack namespace documentation and a preliminary
> > LSM namespace for RFC. I've been suggested that there shouldn&#
On wto, 2015-05-26 at 10:35 -0400, Stephen Smalley wrote:
> On 05/25/2015 08:32 AM, Lukasz Pawelczyk wrote:
> > --- Usage ---
> >
> > Smack namespace is written using LSM hooks inside user namespace. That
> > means it's connected to it.
> >
> > To crea
On wto, 2015-05-26 at 22:13 -0500, Eric W. Biederman wrote:
> Lukasz Pawelczyk writes:
>
> > Hello,
> >
> > Some time ago I sent a Smack namespace documentation and a preliminary
> > LSM namespace for RFC. I've been suggested that there shouldn't be
On śro, 2015-05-27 at 10:12 -0500, Eric W. Biederman wrote:
> Lukasz Pawelczyk writes:
> > On wto, 2015-05-26 at 22:13 -0500, Eric W. Biederman wrote:
> >> In particular there should be
> >> little to no need to keep pestering the system administrator for more
> &g
Problem:
Has anyone thought about a mechanism to limit/remove an access to a
device during an application runtime? Meaning we have an application
that has an open file descriptor to some /dev/node and depending on
*something* it gains or looses the access to it gracefully (with or
without a notific
On 7 Mar 2014, at 20:09, Greg KH wrote:
> On Fri, Mar 07, 2014 at 07:46:44PM +0100, Lukasz Pawelczyk wrote:
>> Problem:
>> Has anyone thought about a mechanism to limit/remove an access to a
>> device during an application runtime? Meaning we have an application
>
On 7 Mar 2014, at 20:24, Lennart Poettering wrote:
> On Fri, 07.03.14 19:45, Lukasz Pawelczyk (hav...@gmail.com) wrote:
>
>> Problem:
>> Has anyone thought about a mechanism to limit/remove an access to a
>> device during an application runtime? Meaning we have an ap
This is a follow up of an e-mail discussion you had with Rafal Krypa on
December. This patch set implements "ptrace" smackfs interface, like
you proposed, for tuning of Smack behavior for ptrace. It also fixes
some issues around ptrace in Smack that were found in the process.
Lukasz Pa
The order of subject/object is currently reversed in
smack_ptrace_traceme(). It is currently checked if the tracee has a
capability to trace tracer and according to this rule a decision is made
whether the tracer will be allowed to trace tracee.
Signed-off-by: Lukasz Pawelczyk
Signed-off-by
This allows to limit ptrace beyond the regular smack access rules.
It adds a smackfs/ptrace interface that allows smack to be configured
to require equal smack labels for PTRACE_MODE_ATTACH access.
See the changes in Documentation/security/Smack.txt below for details.
Signed-off-by: Lukasz
s set.
Signed-off-by: Lukasz Pawelczyk
Signed-off-by: Rafal Krypa
---
security/smack/smack_lsm.c | 84 +++---
1 file changed, 71 insertions(+), 13 deletions(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 48d61f6..3da13fd 1
The 54e70ec5eb090193b03e69d551fa6771a5a217c4 commit introduced a
bidirectional check that should have checked for mutual WRITE access
between two labels. Due to a typo the second check was incorrect.
Signed-off-by: Lukasz Pawelczyk
---
security/smack/smack_lsm.c | 4 ++--
1 file changed, 2
Signed-off-by: Lukasz Pawelczyk
---
security/smack/smack_lsm.c | 18 +-
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 154548e..478d99e 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack
Smack used to use a mix of smack_known struct and char* throughout its
APIs and implementation. This patch unifies the behaviour and makes it
store and operate exclusively on smack_known struct pointers when managing
labels.
Signed-off-by: Lukasz Pawelczyk
Conflicts:
security/smack
the in the security.h below.
Signed-off-by: Lukasz Pawelczyk
Reviewed-by: Casey Schaufler
---
include/linux/lsm_hooks.h | 28
include/linux/security.h | 23 +++
include/linux/user_namespace.h | 4
kernel/user.c
describing smack_syslog_label
variable.
Before that the initial state was to allow (smack_syslog_label was
NULL), but after writing star to it the current had to be labeled star
as well to have an access, even thought reading the smackfs/syslog
returned the same result in both cases.
Signed-off-
Adds Documentation/smack-namespace.txt.
Signed-off-by: Lukasz Pawelczyk
Reviewed-by: Casey Schaufler
---
Documentation/security/00-INDEX| 2 +
Documentation/security/Smack-namespace.txt | 231 +
MAINTAINERS| 1
code reformatting in several places for readability
- unnecessarily increasing string size has been fixed
This patch should not change the behaviour of the Smack in any way.
Signed-off-by: Lukasz Pawelczyk
Reviewed-by: Casey Schaufler
---
security/smack/smack.h| 48
lity check when there is
no proper access check that usually checks for that.
All the Smack LSM hooks have been adapted to be namespace aware.
The capabilities (CAP_MAC_ADMIN, CAP_MAC_OVERRIDE) has been allowed in
the namespace for few cases. Check the documentation for the details.
Signed-off-
t yet.
Signed-off-by: Lukasz Pawelczyk
Reviewed-by: Casey Schaufler
---
security/smack/Kconfig| 10 ++
security/smack/Makefile | 1 +
security/smack/smack.h| 45 -
security/smack/smack_access.c | 47 -
security/smack/smack_lsm.c| 134 +-
security/
Add a new LSM hook called before inode's setxattr. It is required for
LSM to be able to reliably replace the xattr's value to be set to
filesystem in __vfs_setxattr_noperm(). Useful for mapped values, like in
the upcoming Smack namespace patches.
Signed-off-by: Lukasz Pawelczyk
---
ean breaking the Smack label namespace separation.
Signed-off-by: Lukasz Pawelczyk
Reviewed-by: Casey Schaufler
---
security/smack/smack.h| 5
security/smack/smack_access.c | 64 +++
security/smack/smack_lsm.c| 4 +--
3 files changed, 6
atches for handling smack_map has been moved to this new method
- new patch for setprocattr hook new argument, file's opener creds
- new patch for inode_pre_setxattr LSM hook
- new patch related to handling smackfs/syslog
Changes from v1:
- "kernel/exit.c: make sure current's nsproxy !
patches. Those 2 functions
will serve as entry points for namespace operations.
This patch should not change the Smack behaviour in any way.
Signed-off-by: Lukasz Pawelczyk
Reviewed-by: Casey Schaufler
---
security/smack/smack.h| 2 +
security/smack/smack_access.c | 41
o
use the hook.
Signed-off-by: Lukasz Pawelczyk
---
fs/proc/base.c| 81 +++
include/linux/lsm_hooks.h | 15 +
include/linux/security.h | 9 ++
security/security.c | 8 +
4 files changed, 107 insertions(+), 6 dele
setprocattr hook for Smack's label_map attribute needs to know the
capabilities of file opener. Add those credentials to the hook's
arguments.
While at it add documentation on get/setprocattr hooks.
Signed-off-by: Lukasz Pawelczyk
---
fs/proc/base.c | 2 +-
inc
else if (capable(CAP_SYS_PTRACE))
> + else if (ns_capable(__task_cred(tracer)->user_ns,
> + CAP_SYS_PTRACE))
> rc = 0;
> else
> rc = -EACCES;
--
Lukasz Pawelczyk
Samsung R&D Institute Poland
Samsu
),
> + .kdbus_domain_free =
> + LIST_HEAD_INIT(security_hook_heads.kdbus_domain_free
> ),
> + .kdbus_bus_alloc =
> + LIST_HEAD_INIT(security_hook_heads.kdbus_bus_alloc),
> + .kdbus_bus_free =
> + LIST_HEAD_INIT(security_hook_heads.kdbus_bus_free)
fd_install(fds[i],
> -get_file(res
> ->fds[i]));
> - else
> + if (security_file_receive(res
> ->fds[i])) {
> + fds[i] = -1;
>
if (fds[i] >= 0)
> - fd_install(fds[i],
> -get_file(res
> ->fds[i]));
> - else
> + if (security_file_receive(res
> ->fds[i])) {
> +
this should return EINVAL, it doesn't)
cat /smack/ipv6host
(derefences 0x000a)
Signed-off-by: Lukasz Pawelczyk
---
security/smack/smackfs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index c20b154..103a619 1006
Appologise for sending my previous email in HTML, this email address
was never meant to be used with lists. I resend in plain text.
On Wed, Jul 29, 2015 at 5:25 PM, Serge E. Hallyn wrote:
>> +Enabling Smack related capabilities (CAP_MAC_ADMIN and
>> +CAP_MAC_OVERRIDE) is main goal of Smack names
On Wed, Jul 29, 2015 at 6:13 PM, Lukasz Pawelczyk wrote:
> With this namespace you delegate part of CAP_MAC_ADMIN privilege to an
> unprivileged user (as with any other namespace).
Ok, maybe the part in the brackets is an overstatement. Mostly with
namespaces you create a full abstract
Just a clarification, from my previous email:
> 3. (expcetion #2) About the: "Without the host admin doing anything.".
> With this namespace you delegate part of CAP_MAC_ADMIN privilege to an
> unprivileged user (as with any other namespace). There is now way that
> this will not involve host admi
On czw, 2015-07-30 at 16:30 -0500, Serge E. Hallyn wrote:
> On Fri, Jul 24, 2015 at 12:04:35PM +0200, Lukasz Pawelczyk wrote:
> > @@ -969,6 +982,7 @@ static int userns_install(struct nsproxy
> > *nsproxy, struct ns_common *ns)
> > {
> > struct user_namespa
On czw, 2015-07-30 at 16:56 -0500, Serge E. Hallyn wrote:
> On Fri, Jul 24, 2015 at 12:04:38PM +0200, Lukasz Pawelczyk wrote:
> > Add a new LSM hook called before inode's setxattr. It is required
> > for
> > LSM to be able to reliably replace the xattr's value
> -Original Message-
> From: Lukasz Pawelczyk [mailto:l.pawelc...@samsung.com]
> Sent: Friday, July 24, 2015 8:41 PM
> To: Sungbae Yoo; Casey Schaufler
> Cc: James Morris; Serge E. Hallyn;
> linux-security-mod...@vger.kernel.org; linux-kernel@vger.kernel.org
> Su
label then this label will co-work with Smack namespaces.
--
Lukasz Pawelczyk
Samsung R&D Institute Poland
Samsung Electronics
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at h
On czw, 2015-07-16 at 19:10 -0500, Eric W. Biederman wrote:
> Lukasz Pawelczyk writes:
> >
> > I fail to see how those 2 are in any conflict.
>
> Like I said. They don't really conflict, and actually to really
> support
> things well for smack we probably
On czw, 2014-11-27 at 10:44 -0600, Eric W. Biederman wrote:
> Lukasz Pawelczyk writes:
>
> > On czw, 2014-11-27 at 09:42 -0600, Eric W. Biederman wrote:
> >> We are probably going to need to go a couple rounds with this but at
> >> first approximation I think this
L.
This happens during an exit() syscall because exit_task_namespaces() is
called before the exit_notify(). This patch changes their order.
Signed-off-by: Lukasz Pawelczyk
---
kernel/exit.c | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/kernel/exit.c b/kernel/exit.c
index
Signed-off-by: Lukasz Pawelczyk
---
security/smack/smack_lsm.c | 14 +-
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 2717cdd..d1b14d5 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack
In principle if this function was called with "value" == NULL and "len"
not NULL it could return different results for the "len" compared to a
case where "name" was not NULL. This is a hypothetical case that does
not exist in the kernel, but it's a
On śro, 2014-11-26 at 21:52 +0100, Oleg Nesterov wrote:
> On 11/26, Lukasz Pawelczyk wrote:
> >
> > My understanding is that while we have to use task_nsproxy()
>
> task_nsproxy() has already gone... probably this doesn't matter but which
&
On śro, 2014-11-26 at 13:32 -0800, David Rientjes wrote:
> On Wed, 26 Nov 2014, Lukasz Pawelczyk wrote:
> >
> > LSM task_kill() hook is triggered and current->nsproxy within is NULL.
> >
> > This happens during an exit() syscall because exit_task_namespaces() is
>
wn map).
Special files inside the virtual smackfs needs to be reviewed whether
it's beneficial to have some of their functionality namespaced as well
(e.g. onlycap, syslog. ambient, etc). This would increase
CAP_MAC_ADMIN privileges inside the namespace.
Lukasz Pawelczyk (1):
lsm: namespa
.
Signed-off-by: Lukasz Pawelczyk
---
fs/proc/namespaces.c | 4 ++
include/linux/lsm_namespace.h | 68 +++
include/linux/nsproxy.h | 2 +
include/linux/proc_ns.h | 2 +
include/linux/security.h | 80 +++
include/uapi/linux/sched.h
On czw, 2014-11-27 at 15:18 +0100, Richard Weinberger wrote:
> On Thu, Nov 27, 2014 at 3:01 PM, Lukasz Pawelczyk
> wrote:
> > -/* 0x0200 was previously the unused CLONE_STOPPED (Start in stopped
> > state)
> > - and is now available for re-use. */
&
On czw, 2014-11-27 at 15:38 +0100, Richard Weinberger wrote:
> Am 27.11.2014 um 15:35 schrieb Lukasz Pawelczyk:
> > On czw, 2014-11-27 at 15:18 +0100, Richard Weinberger wrote:
> >> On Thu, Nov 27, 2014 at 3:01 PM, Lukasz Pawelczyk
> >> wrote:
> >>> -
On czw, 2014-11-27 at 16:01 +0100, Richard Weinberger wrote:
> Am 27.11.2014 um 15:44 schrieb Lukasz Pawelczyk:
> > True, the last one is 0x8000. I did not notice that. Thanks for
> > pointing out.
>
> Isn't this CLONE_IO?
Yes, I was merely noticing out loud that
On czw, 2014-11-27 at 16:17 +0100, Richard Weinberger wrote:
> Am 27.11.2014 um 16:11 schrieb Lukasz Pawelczyk:
> > On czw, 2014-11-27 at 16:01 +0100, Richard Weinberger wrote:
> >> Am 27.11.2014 um 15:44 schrieb Lukasz Pawelczyk:
> >>> True, the last one is 0x8
On czw, 2014-11-27 at 09:42 -0600, Eric W. Biederman wrote:
> Lukasz Pawelczyk writes:
>
> > On czw, 2014-11-27 at 16:01 +0100, Richard Weinberger wrote:
> >> Am 27.11.2014 um 15:44 schrieb Lukasz Pawelczyk:
> >> > True, the last one is 0x8000.
On czw, 2014-11-27 at 18:38 +0100, Lukasz Pawelczyk wrote:
> Right now the major issue I see is that LSM by itself is not defined how
> it's going to behave. It's up to a specific LSM module.
>
> E.g. within the Smack namespace filling the map is a privileged
> operation
been moved to a header
- minor code reformatting in several places for readability
- unnecessarily increasing string size has been fixed
This patch should not change the behaviour of the Smack in any way.
Signed-off-by: Lukasz Pawelczyk
---
security/smack/smack.h| 25
d-off-by: Lukasz Pawelczyk
---
fs/proc/base.c | 57 ++
include/linux/user_namespace.h | 5 +
security/smack/Kconfig | 10 +
security/smack/Makefile| 1 +
security/smack/smack.h | 42 +++-
security/smack/smack_access.c | 46 -
security/
proxy to
be able to check for capabilities. At this point this is impossible. The
current's nsproxy is already NULL/destroyed.
This is the case because exit_task_namespaces() is called before the
exit_notify() where all of the above happens. This patch changes their
order.
Signed-off-by: L
Adds Documentation/smack-namespace.txt.
Signed-off-by: Lukasz Pawelczyk
---
Documentation/security/00-INDEX| 2 +
Documentation/security/Smack-namespace.txt | 231 +
MAINTAINERS| 1 +
security/smack/Kconfig
lity check when there is
no proper access check that usually checks for that.
All the Smack LSM hooks have been adapted to be namespace aware.
The capabilities (CAP_MAC_ADMIN, CAP_MAC_OVERRIDE) has been allowed in
the namespace for few cases. Check the documentation for the details.
Signed-off-
d to
map only labels that it has permission to itself (those that it has in
its own map).
Special files inside the virtual smackfs needs to be reviewed whether
it's beneficial to have some of their functionality namespaced as well
(e.g. onlycap, syslog. ambient, etc). This would increase
CAP_MAC_ADMI
ean breaking the Smack label namespace separation.
Signed-off-by: Lukasz Pawelczyk
---
security/smack/smack.h | 63 +++---
security/smack/smack_lsm.c | 4 +--
2 files changed, 61 insertions(+), 6 deletions(-)
diff --git a/security/smack/smack.h b/se
will serve as entry points for namespace operations.
This patch should not change the Smack behaviour in any way.
Signed-off-by: Lukasz Pawelczyk
---
security/smack/smack.h| 2 +
security/smack/smack_access.c | 40
security/smack/smack_lsm.c| 76
the in the security.h below.
Signed-off-by: Lukasz Pawelczyk
---
include/linux/lsm_hooks.h | 28
include/linux/security.h | 23 +++
include/linux/user_namespace.h | 4
kernel/user.c | 3 +++
kernel/user_namespace.c
On sob, 2015-05-23 at 12:49 -0500, Eric W. Biederman wrote:
> Lukasz Pawelczyk writes:
>
> > There is a rare case where current's nsproxy might be NULL but we are
> > required to check for credentials and capabilities. It sometimes happens
> > during an exit_gro
ed to
map only labels that it has permission to itself (those that it has in
its own map).
Special files inside the virtual smackfs needs to be reviewed whether
it's beneficial to have some of their functionality namespaced as well
(e.g. onlycap, syslog. ambient, etc). This would increase
CAP_
been moved to a header
- minor code reformatting in several places for readability
- unnecessarily increasing string size has been fixed
This patch should not change the behaviour of the Smack in any way.
Signed-off-by: Lukasz Pawelczyk
---
security/smack/smack.h| 25
the in the security.h below.
Signed-off-by: Lukasz Pawelczyk
---
include/linux/lsm_hooks.h | 28
include/linux/security.h | 23 +++
include/linux/user_namespace.h | 4
kernel/user.c | 3 +++
kernel/user_namespace.c
ean breaking the Smack label namespace separation.
Signed-off-by: Lukasz Pawelczyk
---
security/smack/smack.h | 63 +++---
security/smack/smack_lsm.c | 4 +--
2 files changed, 61 insertions(+), 6 deletions(-)
diff --git a/security/smack/smack.h b/se
d-off-by: Lukasz Pawelczyk
---
fs/proc/base.c | 57 ++
include/linux/user_namespace.h | 5 +
security/smack/Kconfig | 10 +
security/smack/Makefile| 1 +
security/smack/smack.h | 42 +++-
security/smack/smack_access.c | 46 -
security/
Adds Documentation/smack-namespace.txt.
Signed-off-by: Lukasz Pawelczyk
---
Documentation/security/00-INDEX| 2 +
Documentation/security/Smack-namespace.txt | 231 +
MAINTAINERS| 1 +
security/smack/Kconfig
will serve as entry points for namespace operations.
This patch should not change the Smack behaviour in any way.
Signed-off-by: Lukasz Pawelczyk
---
security/smack/smack.h| 2 +
security/smack/smack_access.c | 40
security/smack/smack_lsm.c| 76
lity check when there is
no proper access check that usually checks for that.
All the Smack LSM hooks have been adapted to be namespace aware.
The capabilities (CAP_MAC_ADMIN, CAP_MAC_OVERRIDE) has been allowed in
the namespace for few cases. Check the documentation for the details.
Signed-off-
Hi,
Thanks for taking the interest and commenting on this.
Replies below.
On wto, 2015-05-26 at 10:35 -0400, Stephen Smalley wrote:
> On 05/25/2015 08:32 AM, Lukasz Pawelczyk wrote:
> > --- Design ideas ---
> >
> > "Smack namespace" is rather "Smack labels
On wto, 2015-05-26 at 12:34 -0400, Stephen Smalley wrote:
> > On wto, 2015-05-26 at 10:35 -0400, Stephen Smalley wrote:
> >> On 05/25/2015 08:32 AM, Lukasz Pawelczyk wrote:
> >
> > I call the inode operation by hand in the post_setxattr.
> >
> > The label
xcept setresuid to nonroot followed
I think you meant "expect". This typo changes the meaning of the
sentence.
> + * by exec to drop capabilities. We should make sure that
> + * this remains the case.
> + */
> + cap_clear(new->cap_a
un.sh
smackfs has to be mounted in /smack (following the regular tests).
mount -o bind /sys/fs/smackfs /smack
is enough.
--
Lukasz Pawelczyk
Samsung R&D Institute Poland
Samsung Electronics
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of
On wto, 2015-11-10 at 04:16 +, Al Viro wrote:
> On Wed, Oct 14, 2015 at 02:41:57PM +0200, Lukasz Pawelczyk wrote:
> > int (*getprocattr)(struct task_struct *p, char *name, char
> > **value);
> > - int (*setprocattr)(struct task_struct *p, char *
On Wed, 2019-05-08 at 07:58 -0700, Eric Dumazet wrote:
>
> On 5/8/19 10:12 AM, Lukasz Pawelczyk wrote:
> > The XT_SUPPL_GROUPS flag causes GIDs specified with XT_OWNER_GID to
> > be also checked in the supplementary groups of a process.
> >
> > S
The --suppl-groups option causes GIDs specified with --gid-owner to be
also checked in the supplementary groups of a process.
Signed-off-by: Lukasz Pawelczyk
---
Changes from v3:
- removed XTOPT_INVERT from O_SUPPL_GROUPS,
it wasn't meant to be invertable
Changes fr
The --suppl-groups option causes GIDs specified with --gid-owner to be
also checked in the supplementary groups of a process.
Signed-off-by: Lukasz Pawelczyk
---
Changes from v4:
- unit tests added
Changes from v3:
- removed XTOPT_INVERT from O_SUPPL_GROUPS,
it wasn't meant
n
> whether _the debugged task_ has CAP_SYS_PTRACE (and not on whether
> the
> debugger has that capability).
> This seems like it's probably unintentional?
>
>
--
Lukasz Pawelczyk
Samsung R&D Institute Poland
Samsung Electronics
On pią, 2015-07-31 at 22:48 -0500, Serge E. Hallyn wrote:
> On Fri, Jul 31, 2015 at 11:28:56AM +0200, Lukasz Pawelczyk wrote:
> > On czw, 2015-07-30 at 16:30 -0500, Serge E. Hallyn wrote:
> > > On Fri, Jul 24, 2015 at 12:04:35PM +0200, Lukasz Pawelczyk wrote:
> > > >
On pią, 2015-08-21 at 01:14 -0400, Paul Moore wrote:
> On Fri, Jul 24, 2015 at 6:04 AM, Lukasz Pawelczyk
> wrote:
> > This commit adds a new proc attribute, label_map that is required
> > by an
> > upcoming Smack namespace. In general it can be used to hold a map
>
99 matches
Mail list logo
