Re: [PATCH] selinux:Delete selinux_xfrm_policy_lookup() useless argument

On 4/8/2021 1:49 AM, Zhongjun Tan wrote: > From: Zhongjun Tan > > Delete selinux selinux_xfrm_policy_lookup() useless argument. > > Signed-off-by: Zhongjun Tan > --- > include/linux/lsm_hook_defs.h | 3 +-- > include/linux/security.h| 4 ++-- > net/xfrm/xfrm_policy.c | 6 ++---

[PATCH v25 22/25] Audit: Add new record for multiple process LSM attributes

en though it may not actually do so. Signed-off-by: Casey Schaufler To: p...@paul-moore.com To: linux-au...@redhat.com To: r...@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c| 2 +- include/linux/audit.h | 24 include/linux/security.h

[PATCH v25 19/25] NET: Store LSM netlabel data in a lsmblob

netlabel use the lsm_id.slot to access the correct secid when using netlabel. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/net/netlabel.h | 8 +-- net/ipv4

[PATCH v25 18/25] LSM: security_secid_to_secctx in netlink netfilter

Change netlink netfilter interfaces to use lsmcontext pointers, and remove scaffolding. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Pablo Neira Ayuso Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-de...@vger.kernel.org

[PATCH v25 16/25] LSM: Use lsmcontext in security_secid_to_secctx

new structure. Reviewed-by: Kees Cook Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-au...@redhat.com Cc: netfilter-de...@vger.kernel.org --- drivers/android/binder.c| 26 +++- include/linux

[PATCH v25 15/25] LSM: Ensure the correct LSM context releaser

allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integr...@vger.kernel.org Cc: netdev@vger.kernel.org Cc

[PATCH v25 10/25] LSM: Use lsmblob in security_task_getsecid

: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integr...@vger.kernel.org Cc: linux-au...@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 12 +- include/linux/security.h | 7 ++-- kernel/audit.c| 16 +++- kernel

[PATCH v25 08/25] LSM: Use lsmblob in security_secid_to_secctx

a secid to a string, as can occur in the audit code. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-au...@redhat.com Cc: netfilter-de...@vger.kernel.org To: Pablo Neira Ayuso To: Paul Moore --- drivers/android/binder.c| 12 +- include/linux

[PATCH v25 07/25] LSM: Use lsmblob in security_secctx_to_secid

lsmblob. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-de...@vger.kernel.org To: Pablo Neira Ayuso --- include/linux/security.h | 26 ++-- kernel/cred.c | 4 +--- net/netfilter/nft_meta.c | 10 net/netfilter

[PATCH v24 07/25] LSM: Use lsmblob in security_secctx_to_secid

lsmblob. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-de...@vger.kernel.org To: Pablo Neira Ayuso --- include/linux/security.h | 26 ++-- kernel/cred.c | 4 +--- net/netfilter/nft_meta.c | 10 net/netfilter

[PATCH v24 08/25] LSM: Use lsmblob in security_secid_to_secctx

a secid to a string, as can occur in the audit code. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-au...@redhat.com Cc: netfilter-de...@vger.kernel.org To: Pablo Neira Ayuso To: Paul Moore --- drivers/android/binder.c| 12 +- include/linux

[PATCH v24 19/25] NET: Store LSM netlabel data in a lsmblob

netlabel use the lsm_id.slot to access the correct secid when using netlabel. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/net/netlabel.h | 8 +-- net/ipv4

[PATCH v24 16/25] LSM: Use lsmcontext in security_secid_to_secctx

new structure. Reviewed-by: Kees Cook Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-au...@redhat.com Cc: netfilter-de...@vger.kernel.org --- drivers/android/binder.c| 26 +++- include/linux

[PATCH v24 22/25] Audit: Add new record for multiple process LSM attributes

en though it may not actually do so. Signed-off-by: Casey Schaufler To: p...@paul-moore.com To: linux-au...@redhat.com To: r...@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c| 2 +- include/linux/audit.h | 24 include/linux/security.h

[PATCH v24 10/25] LSM: Use lsmblob in security_task_getsecid

: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integr...@vger.kernel.org Cc: linux-au...@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 12 +- include/linux/security.h | 7 ++-- kernel/audit.c| 16 +++- kernel

[PATCH v24 18/25] LSM: security_secid_to_secctx in netlink netfilter

Change netlink netfilter interfaces to use lsmcontext pointers, and remove scaffolding. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Pablo Neira Ayuso Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-de...@vger.kernel.org

[PATCH v24 15/25] LSM: Ensure the correct LSM context releaser

allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integr...@vger.kernel.org Cc: netdev@vger.kernel.org Cc

[PATCH v23 20/23] Audit: Add new record for multiple process LSM attributes

en though it may not actually do so. Signed-off-by: Casey Schaufler To: p...@paul-moore.com Cc: linux-au...@redhat.com Cc: r...@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c| 2 +- include/linux/audit.h | 24 + incl

[PATCH v23 17/23] NET: Store LSM netlabel data in a lsmblob

netlabel use the lsm_id.slot to access the correct secid when using netlabel. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/net/netlabel.h | 8 +-- net/ipv4

[PATCH v23 16/23] LSM: security_secid_to_secctx in netlink netfilter

Change netlink netfilter interfaces to use lsmcontext pointers, and remove scaffolding. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Pablo Neira Ayuso Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-de...@vger.kernel.org

[PATCH v23 14/23] LSM: Use lsmcontext in security_secid_to_secctx

new structure. Reviewed-by: Kees Cook Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-au...@redhat.com Cc: netfilter-de...@vger.kernel.org --- drivers/android/binder.c| 26 +++- include/linux

[PATCH v23 13/23] LSM: Ensure the correct LSM context releaser

allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integr...@vger.kernel.org Cc: netdev@vger.kernel.org Cc

[PATCH v23 08/23] LSM: Use lsmblob in security_task_getsecid

: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integr...@vger.kernel.org Cc: linux-au...@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 12 +- include/linux/security.h | 7 ++-- kernel/audit.c| 16 +++- kernel

[PATCH v23 06/23] LSM: Use lsmblob in security_secid_to_secctx

a secid to a string, as can occur in the audit code. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-au...@redhat.com Cc: netfilter-de...@vger.kernel.org To: Pablo Neira Ayuso To: Paul Moore --- drivers/android/binder.c| 12 +- include/linux

[PATCH v23 05/23] LSM: Use lsmblob in security_secctx_to_secid

lsmblob. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-de...@vger.kernel.org To: Pablo Neira Ayuso --- include/linux/security.h | 26 ++-- kernel/cred.c | 4 +--- net/netfilter/nft_meta.c | 10 net/netfilter

[PATCH v22 20/23] Audit: Add new record for multiple process LSM attributes

en though it may not actually do so. Signed-off-by: Casey Schaufler Cc: linux-au...@redhat.com Cc: p...@paul-moore.com Cc: r...@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c| 2 +- include/linux/audit.h | 24 include/linux/security.h

[PATCH v22 17/23] NET: Store LSM netlabel data in a lsmblob

netlabel use the lsm_id.slot to access the correct secid when using netlabel. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/net/netlabel.h | 8 +-- net/ipv4

[PATCH v22 16/23] LSM: security_secid_to_secctx in netlink netfilter

Change netlink netfilter interfaces to use lsmcontext pointers, and remove scaffolding. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-de...@vger.kernel.org --- net/netfilter

[PATCH v22 14/23] LSM: Use lsmcontext in security_secid_to_secctx

new structure. Reviewed-by: Kees Cook Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-au...@redhat.com --- drivers/android/binder.c| 26 +++- include/linux/security.h| 4 +-- include

[PATCH v22 13/23] LSM: Ensure the correct LSM context releaser

allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integr...@vger.kernel.org Cc: netdev@vger.kernel.org Cc

[PATCH v22 08/23] LSM: Use lsmblob in security_task_getsecid

: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integr...@vger.kernel.org Cc: linux-au...@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 12 +- include/linux/security.h | 7 ++-- kernel/audit.c| 16 +++- kernel

[PATCH v22 06/23] LSM: Use lsmblob in security_secid_to_secctx

a secid to a string, as can occur in the audit code. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-au...@redhat.com --- drivers/android/binder.c| 12 +- include/linux/security.h| 5 +++-- include/net/scm.h | 7

[PATCH v22 05/23] LSM: Use lsmblob in security_secctx_to_secid

lsmblob. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/linux/security.h | 26 ++-- kernel/cred.c | 4 +--- net/netfilter/nft_meta.c | 10 net/netfilter/xt_SECMARK.c| 7 +- net/netlabel

[PATCH v22 14/23] LSM: Use lsmcontext in security_secid_to_secctx

new structure. Reviewed-by: Kees Cook Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-au...@redhat.com --- drivers/android/binder.c| 26 +++- include/linux/security.h| 4 +-- include

[PATCH v22 13/23] LSM: Ensure the correct LSM context releaser

allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integr...@vger.kernel.org Cc: netdev@vger.kernel.org Cc

[PATCH v22 08/23] LSM: Use lsmblob in security_task_getsecid

: Paul Moore Signed-off-by: Casey Schaufler Cc: linux-integr...@vger.kernel.org Cc: linux-au...@redhat.com Cc: netdev@vger.kernel.org --- drivers/android/binder.c | 12 +- include/linux/security.h | 7 ++-- kernel/audit.c| 16 +++- kernel

[PATCH v22 06/23] LSM: Use lsmblob in security_secid_to_secctx

a secid to a string, as can occur in the audit code. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: linux-au...@redhat.com --- drivers/android/binder.c| 12 +- include/linux/security.h| 5 +++-- include/net/scm.h | 7

[PATCH v22 05/23] LSM: Use lsmblob in security_secctx_to_secid

lsmblob. Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/linux/security.h | 26 ++-- kernel/cred.c | 4 +--- net/netfilter/nft_meta.c | 10 net/netfilter/xt_SECMARK.c| 7 +- net/netlabel

[PATCH v21 17/23] NET: Store LSM netlabel data in a lsmblob

netlabel use the lsm_id.slot to access the correct secid when using netlabel. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/net/netlabel.h | 8 +-- net/ipv4

[PATCH v21 16/23] LSM: security_secid_to_secctx in netlink netfilter

Change netlink netfilter interfaces to use lsmcontext pointers, and remove scaffolding. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org Cc: netfilter-de...@vger.kernel.org --- net/netfilter

[PATCH v21 14/23] LSM: Use lsmcontext in security_secid_to_secctx

new structure. Reviewed-by: Kees Cook Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- drivers/android/binder.c| 26 +++- include/linux/security.h| 4 +-- include/net/scm.h

[PATCH v21 13/23] LSM: Ensure the correct LSM context releaser

allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integr...@vger.kernel.org Cc: netdev@vger.kernel.org --

Re: [PATCH 0/3] Add LSM/SELinux support for GPRS Tunneling Protocol (GTP)

On 9/30/2020 5:20 AM, Richard Haines wrote: > On Wed, 2020-09-30 at 12:17 +0200, Pablo Neira Ayuso wrote: > >> Why do you need this? > I don't actually have a use for this, I only did it out of idle > curiosity. If it is useful to the community then okay. Given the > attemped move to Open 5G I

Re: [RFC PATCH] lsm,selinux: pass the family information along with xfrm flow

es the problem of > the LSM hook callers sending the wrong secid which would be much > worse. > > Reported-by: Herbert Xu > Signed-off-by: Paul Moore For what it may be worth Acked-by: Casey Schaufler > --- > include/linux/lsm_hook_defs.h |2 +- > include/linu

[PATCH v20 18/23] NET: Store LSM netlabel data in a lsmblob

netlabel use the lsm_id.slot to access the correct secid when using netlabel. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/net/netlabel.h | 8 +-- net/ipv4/cipso_ipv4.c

[PATCH v20 17/23] LSM: security_secid_to_secctx in netlink netfilter

Change netlink netfilter interfaces to use lsmcontext pointers, and remove scaffolding. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler cc: netdev@vger.kernel.org --- net/netfilter/nfnetlink_queue.c | 31

[PATCH v20 15/23] LSM: Use lsmcontext in security_secid_to_secctx

new structure. Reviewed-by: Kees Cook Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- drivers/android/binder.c| 26 +++- include/linux/security.h| 4 +-- include/net/scm.h

[PATCH v20 14/23] LSM: Ensure the correct LSM context releaser

allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integr...@vger.kernel.org Cc: netdev@vger.kernel.org --

[PATCH v20 06/23] LSM: Use lsmblob in security_secctx_to_secid

is scaffolding where interfaces have yet to be converted. Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/linux/security.h | 30 +++ include/net/scm.h | 7 +-- kernel/cred.c

Re: [PATCH v19 06/23] LSM: Use lsmblob in security_secctx_to_secid

On 7/28/2020 4:11 AM, John Johansen wrote: > On 7/24/20 1:32 PM, Casey Schaufler wrote: >> Change security_secctx_to_secid() to fill in a lsmblob instead >> of a u32 secid. Multiple LSMs may be able to interpret the >> string, and this allows for setting whichever secid is &

[PATCH v19 18/23] NET: Store LSM netlabel data in a lsmblob

netlabel use the lsm_id.slot to access the correct secid when using netlabel. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/net/netlabel.h | 8 +-- net/ipv4/cipso_ipv4.c

[PATCH v19 17/23] LSM: security_secid_to_secctx in netlink netfilter

Change netlink netfilter interfaces to use lsmcontext pointers, and remove scaffolding. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler cc: netdev@vger.kernel.org --- net/netfilter/nfnetlink_queue.c | 31

[PATCH v19 15/23] LSM: Use lsmcontext in security_secid_to_secctx

new structure. Reviewed-by: Kees Cook Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- drivers/android/binder.c| 26 +++- include/linux/security.h| 4 +-- include/net/scm.h

[PATCH v19 14/23] LSM: Ensure the correct LSM context releaser

allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integr...@vger.kernel.org Cc: netdev@vger.kernel.org --

[PATCH v19 06/23] LSM: Use lsmblob in security_secctx_to_secid

is scaffolding where interfaces have yet to be converted. Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/linux/security.h | 30 +++ include/net/scm.h | 7 +-- kernel/cred.c

Re: [PATCH v18 05/23] net: Prepare UDS for security module stacking

On 7/9/2020 9:28 AM, John Johansen wrote: > On 7/9/20 9:11 AM, Stephen Smalley wrote: >> On Wed, Jul 8, 2020 at 8:23 PM Casey Schaufler >> wrote: >>> Change the data used in UDS SO_PEERSEC processing from a >>> secid to a more g

[PATCH v18 18/23] NET: Store LSM netlabel data in a lsmblob

netlabel use the lsm_id.slot to access the correct secid when using netlabel. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/net/netlabel.h | 8 +-- net/ipv4/cipso_ipv4.c

[PATCH v18 17/23] LSM: security_secid_to_secctx in netlink netfilter

Change netlink netfilter interfaces to use lsmcontext pointers, and remove scaffolding. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler cc: netdev@vger.kernel.org --- net/netfilter/nfnetlink_queue.c | 31

[PATCH v18 15/23] LSM: Use lsmcontext in security_secid_to_secctx

new structure. Reviewed-by: Kees Cook Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- drivers/android/binder.c| 26 +++- include/linux/security.h| 4 +-- include/net/scm.h

[PATCH v18 14/23] LSM: Ensure the correct LSM context releaser

allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integr...@vger.kernel.org Cc: netdev@vger.kernel.org --

[PATCH v18 06/23] LSM: Use lsmblob in security_secctx_to_secid

is scaffolding where interfaces have yet to be converted. Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/linux/security.h | 30 +++ include/net/scm.h | 7 +-- kernel/cred.c

[PATCH v18 05/23] net: Prepare UDS for security module stacking

guarantee that the addition of other data to the unix_skb_parms or support for additional security modules wouldn't exceed what is available. Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- include/linux/security.h | 7 +-- include/net/af_unix.h

Re: [PATCH] security: fix the default value of secid_to_secctx hook

On 5/18/2020 2:43 PM, Schaufler, Casey wrote: >> -Original Message- >> From: linux-kernel-ow...@vger.kernel.org > ow...@vger.kernel.org> On Behalf Of Arnd Bergmann >> Sent: Saturday, May 16, 2020 1:05 AM >> To: Alexei Starovoitov >> Cc: James Morris ; Anders Roxell >> ; Alexei Starovoitov

[PATCH v17 17/23] LSM: security_secid_to_secctx in netlink netfilter

Change netlink netfilter interfaces to use lsmcontext pointers, and remove scaffolding. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler cc: netdev@vger.kernel.org --- net/netfilter/nfnetlink_queue.c | 31

[PATCH v17 15/23] LSM: Use lsmcontext in security_secid_to_secctx

new structure. Reviewed-by: Kees Cook Acked-by: Stephen Smalley Acked-by: Paul Moore Signed-off-by: Casey Schaufler Cc: netdev@vger.kernel.org --- drivers/android/binder.c| 26 +++- include/linux/security.h| 4 +-- include/net/scm.h

[PATCH v17 14/23] LSM: Ensure the correct LSM context releaser

allocates and destroys them on each use, whereas Smack provides a pointer to an entry in a list that never goes away. Reviewed-by: Kees Cook Reviewed-by: John Johansen Acked-by: Stephen Smalley Signed-off-by: Casey Schaufler Cc: linux-integr...@vger.kernel.org Cc: netdev@vger.kernel.org --

[PATCH v17 05/23] net: Prepare UDS for security module stacking

guarantee that the addition of other data to the unix_skb_parms or support for additional security modules wouldn't exceed what is available. Reviewed-by: Kees Cook Signed-off-by: Casey Schaufler cc: netdev@vger.kernel.org --- include/linux/security.h | 7 +-- include/net/af_unix.h

Re: [PATCH v5 bpf-next 0/3] Introduce CAP_BPF

On 5/8/2020 2:53 PM, Alexei Starovoitov wrote: > From: Alexei Starovoitov > > v4->v5: > > Split BPF operations that are allowed under CAP_SYS_ADMIN into combination of > CAP_BPF, CAP_PERFMON, CAP_NET_ADMIN and keep some of them under CAP_SYS_ADMIN. > > The user process has to have > - CAP_BPF and

Re: New skb extension for use by LSMs (skb "security blob")?

On 8/22/2019 3:36 PM, David Miller wrote: > From: Casey Schaufler > Date: Thu, 22 Aug 2019 15:34:44 -0700 > >> On 8/22/2019 3:28 PM, David Miller wrote: >>> From: Casey Schaufler >>> Date: Thu, 22 Aug 2019 14:59:37 -0700 >>> >>>> Sure, you

Re: New skb extension for use by LSMs (skb "security blob")?

On 8/22/2019 3:28 PM, David Miller wrote: > From: Casey Schaufler > Date: Thu, 22 Aug 2019 14:59:37 -0700 > >> Sure, you *can* do that, but it would be insane to do so. > We look up the neighbour table entries on every single packet we > transmit from the kernel in the same

Re: New skb extension for use by LSMs (skb "security blob")?

On 8/22/2019 2:18 PM, David Miller wrote: > From: Casey Schaufler > Date: Thu, 22 Aug 2019 13:35:01 -0700 > >> If the secmark where replaced by a security blob, the u32 secmark field >> in an sk_buff would be replaced by a void * security field. > You can already use the

Re: New skb extension for use by LSMs (skb "security blob")?

On 8/22/2019 1:15 PM, Florian Westphal wrote: > Casey Schaufler wrote: >> Given that the original objection to using a skb extension for a >> security blob was that an extension is dynamic, and that the ubiquitous >> nature of LSM use makes that unreasonable, it would seem t

Re: New skb extension for use by LSMs (skb "security blob")?

On 8/22/2019 9:32 AM, Paul Moore wrote: > On Thu, Aug 22, 2019 at 3:03 AM Florian Westphal wrote: >> Paul Moore wrote: >>> Hello netdev, >>> >>> I was just made aware of the skb extension work, and it looks very >>> appealing from a LSM perspective. As some of you probably remember, >>> we (the

Re: New skb extension for use by LSMs (skb "security blob")?

On 8/21/2019 8:54 PM, David Miller wrote: > From: Paul Moore > Date: Wed, 21 Aug 2019 23:27:03 -0400 > >> On Wed, Aug 21, 2019 at 6:50 PM David Miller wrote: >>> From: Paul Moore >>> Date: Wed, 21 Aug 2019 18:00:09 -0400 >>> I was just made aware of the skb extension work, and it looks very

Re: [PATCH 1/2] rtnetlink: gate MAC address with an LSM hook

On 8/21/2019 6:45 AM, Jeff Vander Stoep wrote: > MAC addresses are often considered sensitive because they are > usually unique and can be used to identify/track a device or > user [1]. > > The MAC address is accessible via the RTM_NEWLINK message type of a > netlink route socket[2]. Ideally we cou

Re: [PATCH] net: socket: Always initialize family field at move_addr_to_kernel().

On 4/11/2019 4:31 AM, Tetsuo Handa wrote: On 2019/04/04 13:49, David Miller wrote: From: Tetsuo Handa Date: Wed, 3 Apr 2019 06:07:40 +0900 On 2019/04/03 5:23, David Miller wrote: Please fix RDS and other protocols to examine the length properly instead. Do you prefer adding branches only fo

Re: [PATCH net] ipv6: make icmp6_send() robust against null skb->dev

On 1/4/2019 11:38 AM, Eric Dumazet wrote: > On Fri, Jan 4, 2019 at 11:36 AM Casey Schaufler > wrote: >> On 1/4/2019 11:00 AM, Eric Dumazet wrote: >>> syzbot was able to crash one host with the following stack trace : >>> >>> kasan: GPF could be caused

Re: [PATCH net] ipv6: make icmp6_send() robust against null skb->dev

> Fixes: d66a8acbda92 ("Smack: Inform peer that IPv6 traffic has been blocked") > Signed-off-by: Eric Dumazet > Cc: Piotr Sawicki > Cc: Casey Schaufler > Reported-by: syzbot > --- > net/ipv6/icmp.c | 8 ++-- > 1 file changed

Re: [PATCH v2 4/4] smack: provide socketpair callback

n't look like it will cause any problems. I've only been able to test it in a general way. I haven't created specific tests, but it passes the usual Smack use cases. Acked-by: Casey Schaufler > --- > security/smack/smack_lsm.c | 22 ++ > 1 file change

Re: [PATCH 0/3] Introduce LSM-hook for socketpair(2)

On 4/23/2018 6:30 AM, David Herrmann wrote: > Hi > > This series adds a new LSM hook for the socketpair(2) syscall. The idea > is to allow SO_PEERSEC to be called on AF_UNIX sockets created via > socketpair(2), and return the same information as if you emulated > socketpair(2) via a temporary liste

Re: [RFC PATCH ghak32 V2 01/13] audit: add container id

On 4/18/2018 5:46 PM, Paul Moore wrote: > On Wed, Apr 18, 2018 at 8:41 PM, Casey Schaufler > wrote: >> On 4/18/2018 4:47 PM, Paul Moore wrote: >>> On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs wrote: >>>> Implement the proc fs write to set th

Re: [RFC PATCH ghak32 V2 01/13] audit: add container id

On 4/18/2018 4:47 PM, Paul Moore wrote: > On Fri, Mar 16, 2018 at 5:00 AM, Richard Guy Briggs wrote: >> Implement the proc fs write to set the audit container ID of a process, >> emitting an AUDIT_CONTAINER record to document the event. >> ... >> >> diff --git a/include/linux/sched.h b/include/lin

Re: [PATCH bpf-next v8 05/11] seccomp,landlock: Enforce Landlock programs per process hierarchy

On 2/27/2018 9:36 AM, Andy Lutomirski wrote: > On Tue, Feb 27, 2018 at 5:30 PM, Casey Schaufler > wrote: >> On 2/27/2018 8:39 AM, Andy Lutomirski wrote: >>> On Tue, Feb 27, 2018 at 5:32 AM, Alexei Starovoitov >>> wrote: >>>> [ Snip ] >>> A

Re: [PATCH bpf-next v8 05/11] seccomp,landlock: Enforce Landlock programs per process hierarchy

On 2/27/2018 8:39 AM, Andy Lutomirski wrote: > On Tue, Feb 27, 2018 at 5:32 AM, Alexei Starovoitov > wrote: >> [ Snip ] > An earlier version of the patch set used the seccomp filter chain. > Mickaël, what exactly was wrong with that approach other than that the > seccomp() syscall was awkward for

Re: RFC(V3): Audit Kernel Container IDs

On 2/2/2018 3:24 PM, Paul Moore wrote: > On Fri, Feb 2, 2018 at 5:19 PM, Simo Sorce wrote: >> On Fri, 2018-02-02 at 16:24 -0500, Paul Moore wrote: >>> On Wed, Jan 10, 2018 at 2:00 AM, Richard Guy Briggs wrote: On 2018-01-09 11:18, Simo Sorce wrote: > On Tue, 2018-01-09 at 07:16 -0500, Ri

Re: [PATCH v3 1/4] security: Add support for SCTP security hooks

On 12/22/2017 5:05 AM, Marcelo Ricardo Leitner wrote: > From: Richard Haines > > The SCTP security hooks are explained in: > Documentation/security/LSM-sctp.rst > > Signed-off-by: Richard Haines > Acked-by: Marcelo Ricardo Leitner > --- > Documentation/security/LSM-sctp.rst | 194 > +++

Re: RFC(v2): Audit Kernel Container IDs

On 12/11/2017 8:30 AM, Eric Paris wrote: > On Sat, 2017-12-09 at 10:28 -0800, Casey Schaufler wrote: >> Because a container doesn't have to use namespaces to be a container >> you still need a mechanism for a process to declare that it is in >> fact >> in a containe

Re: RFC(v2): Audit Kernel Container IDs

On 12/9/2017 2:20 AM, Micka�l Sala�n wrote: > On 12/10/2017 18:33, Casey Schaufler wrote: >> On 10/12/2017 7:14 AM, Richard Guy Briggs wrote: >>> Containers are a userspace concept. The kernel knows nothing of them. >>> >>> The Linux audit system needs a w

Re: [BUG] kernel stack corruption during/after Netlabel error

On 11/30/2017 9:57 AM, Eric Dumazet wrote: > On Thu, 2017-11-30 at 10:30 -0700, David Ahern wrote: >> On 11/30/17 8:44 AM, David Ahern wrote: >>> On 11/30/17 3:50 AM, Eric Dumazet wrote: @@ -1631,24 +1659,6 @@ int tcp_v4_rcv(struct sk_buff *skb)     th = (const struct tcphdr *)skb->

Re: [BUG] kernel stack corruption during/after Netlabel error

On 11/30/2017 2:50 AM, Eric Dumazet wrote: > On Wed, 2017-11-29 at 19:16 -0800, Casey Schaufler wrote: >> On 11/29/2017 4:31 PM, James Morris wrote: >>> On Wed, 29 Nov 2017, Casey Schaufler wrote: >>> >>>> I see that there is a proposed fix later in the thre

Re: [BUG] kernel stack corruption during/after Netlabel error

On 11/30/2017 2:50 AM, Eric Dumazet wrote: > On Wed, 2017-11-29 at 19:16 -0800, Casey Schaufler wrote: >> On 11/29/2017 4:31 PM, James Morris wrote: >>> On Wed, 29 Nov 2017, Casey Schaufler wrote: >>> >>>> I see that there is a proposed fix later in the thre

Re: [BUG] kernel stack corruption during/after Netlabel error

On 11/29/2017 4:31 PM, James Morris wrote: > On Wed, 29 Nov 2017, Casey Schaufler wrote: > >> I see that there is a proposed fix later in the thread, but I don't see >> the patch. Could you send it to me, so I can try it on my problem? > Forwarded off-list. The patch

Re: [BUG] kernel stack corruption during/after Netlabel error

On 11/29/2017 2:26 AM, James Morris wrote: > I'm seeing a kernel stack corruption bug (detected via gcc) when running > the SELinux testsuite on a 4.15-rc1 kernel, in the 2nd inet_socket test: > > https://github.com/SELinuxProject/selinux-testsuite/blob/master/tests/inet_socket/test > > # Verify

Re: RFC(v2): Audit Kernel Container IDs

On 10/18/2017 5:05 PM, Richard Guy Briggs wrote: > On 2017-10-17 01:10, Casey Schaufler wrote: >> On 10/16/2017 5:33 PM, Richard Guy Briggs wrote: >>> On 2017-10-12 16:33, Casey Schaufler wrote: >>>> On 10/12/2017 7:14 AM, Richard Guy Briggs wrote: >>>>

Re: RFC(v2): Audit Kernel Container IDs

On 10/17/2017 8:44 AM, James Bottomley wrote: > On Tue, 2017-10-17 at 11:28 -0400, Simo Sorce wrote: >>> Without a *kernel* policy on containerIDs you can't say what >>> security policy is being exempted. >> The policy has been basically stated earlier. >> >> A way to track a set of processes from

Re: RFC(v2): Audit Kernel Container IDs

On 10/17/2017 8:28 AM, Simo Sorce wrote: > On Tue, 2017-10-17 at 07:59 -0700, Casey Schaufler wrote: >> On 10/17/2017 5:31 AM, Simo Sorce wrote: >>> On Mon, 2017-10-16 at 21:42 -0400, Steve Grubb wrote: >>>> On Monday, October 16, 2017 8:33:40 PM EDT Richard Guy Bri

Re: RFC(v2): Audit Kernel Container IDs

On 10/17/2017 5:31 AM, Simo Sorce wrote: > On Mon, 2017-10-16 at 21:42 -0400, Steve Grubb wrote: >> On Monday, October 16, 2017 8:33:40 PM EDT Richard Guy Briggs wrote: >>> There is such a thing, but the kernel doesn't know about it >>> yet.  This same situation exists for loginuid and sessionid wh

Re: RFC(v2): Audit Kernel Container IDs

On 10/16/2017 5:33 PM, Richard Guy Briggs wrote: > On 2017-10-12 16:33, Casey Schaufler wrote: >> On 10/12/2017 7:14 AM, Richard Guy Briggs wrote: >>> Containers are a userspace concept. The kernel knows nothing of them. >>> >>> The Linux audit system needs a w

Re: RFC(v2): Audit Kernel Container IDs

On 10/12/2017 7:14 AM, Richard Guy Briggs wrote: > Containers are a userspace concept. The kernel knows nothing of them. > > The Linux audit system needs a way to be able to track the container > provenance of events and actions. Audit needs the kernel's help to do > this. > > Since the concept o

Re: Permissions for eBPF objects

Adding the LSM list to the thread. On 8/25/2017 11:01 AM, Jeffrey Vander Stoep via Selinux wrote: > I’d like to get your thoughts on adding LSM permission checks on BPF objects. Aside from the use of these objects requiring privilege, what sort of controls do you think might be reasonable? Who "o

  1   2   >