linux/security/security.c, branch v4.11Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
https://git.shady.money/linux/atom?h=v4.112017-02-09T23:28:49ZMerge branch 'stable-4.11' of git://git.infradead.org/users/pcmoore/selinux into next2017-02-09T23:28:49ZJames Morrisjames.l.morris@oracle.com2017-02-09T23:28:49Zurn:sha1:a2a15479d617ebbab67c60b4eed02524536af780LSM: Add /sys/kernel/security/lsm2017-01-19T02:18:29ZCasey Schauflercasey@schaufler-ca.com2017-01-19T01:09:05Zurn:sha1:d69dece5f5b6bc7a5e39d2b6136ddc69469331fe
I am still tired of having to find indirect ways to determine
what security modules are active on a system. I have added
/sys/kernel/security/lsm, which contains a comma separated
list of the active security modules. No more groping around
in /proc/filesystems or other clever hacks.
Unchanged from previous versions except for being updated
to the latest security next branch.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
security,selinux,smack: kill security_task_wait hook2017-01-12T16:10:57ZStephen Smalleysds@tycho.nsa.gov2017-01-10T17:28:32Zurn:sha1:3a2f5a59a695a73e0cde9a61e0feae5fa730e936
As reported by yangshukui, a permission denial from security_task_wait()
can lead to a soft lockup in zap_pid_ns_processes() since it only expects
sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can
in general lead to zombies; in the absence of some way to automatically
reparent a child process upon a denial, the hook is not useful. Remove
the security hook and its implementations in SELinux and Smack. Smack
already removed its check from its hook.
Reported-by: yangshukui <yangshukui@huawei.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
proc,security: move restriction on writing /proc/pid/attr nodes to proc2017-01-09T15:07:31ZStephen Smalleysds@tycho.nsa.gov2017-01-09T15:07:31Zurn:sha1:b21507e272627c434e8dd74e8d51fd8245281b59
Processes can only alter their own security attributes via
/proc/pid/attr nodes. This is presently enforced by each individual
security module and is also imposed by the Linux credentials
implementation, which only allows a task to alter its own credentials.
Move the check enforcing this restriction from the individual
security modules to proc_pid_attr_write() before calling the security hook,
and drop the unnecessary task argument to the security hook since it can
only ever be the current task.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
security, overlayfs: Provide hook to correctly label newly created files2016-08-09T00:46:46ZVivek Goyalvgoyal@redhat.com2016-07-13T14:44:52Zurn:sha1:2602625b7e46576b00db619ac788c508ba3bcb2c
During a new file creation we need to make sure new file is created with the
right label. New file is created in upper/ so effectively file should get
label as if task had created file in upper/.
We switched to mounter's creds for actual file creation. Also if there is a
whiteout present, then file will be created in work/ dir first and then
renamed in upper. In none of the cases file will be labeled as we want it to
be.
This patch introduces a new hook dentry_create_files_as(), which determines
the label/context dentry will get if it had been created by task in upper
and modify passed set of creds appropriately. Caller makes use of these new
creds for file creation.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
[PM: fix whitespace issues found with checkpatch.pl]
[PM: changes to use stat->mode in ovl_create_or_link()]
Signed-off-by: Paul Moore <paul@paul-moore.com>
security,overlayfs: Provide security hook for copy up of xattrs for overlay file2016-08-09T00:42:13ZVivek Goyalvgoyal@redhat.com2016-07-13T14:44:49Zurn:sha1:121ab822ef21914adac2fa3730efeeb8fd762473
Provide a security hook which is called when xattrs of a file are being
copied up. This hook is called once for each xattr and LSM can return
0 if the security module wants the xattr to be copied up, 1 if the
security module wants the xattr to be discarded on the copy, -EOPNOTSUPP
if the security module does not handle/manage the xattr, or a -errno
upon an error.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
[PM: whitespace cleanup for checkpatch.pl]
Signed-off-by: Paul Moore <paul@paul-moore.com>
security, overlayfs: provide copy up security hook for unioned files2016-08-09T00:06:53ZVivek Goyalvgoyal@redhat.com2016-07-13T15:13:56Zurn:sha1:d8ad8b49618410ddeafd78465b63a6cedd6c9484
Provide a security hook to label new file correctly when a file is copied
up from lower layer to upper layer of a overlay/union mount.
This hook can prepare a new set of creds which are suitable for new file
creation during copy up. Caller will use new creds to create file and then
revert back to old creds and release new creds.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
[PM: whitespace cleanup to appease checkpatch.pl]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Merge branch 'work.const-qstr' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs2016-08-06T13:49:02ZLinus Torvaldstorvalds@linux-foundation.org2016-08-06T13:49:02Zurn:sha1:835c92d43b29eb354abdbd5475308a474d7efdfa
Pull qstr constification updates from Al Viro:
"Fairly self-contained bunch - surprising lot of places passes struct
qstr * as an argument when const struct qstr * would suffice; it
complicates analysis for no good reason.
I'd prefer to feed that separately from the assorted fixes (those are
in #for-linus and with somewhat trickier topology)"
* 'work.const-qstr' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
qstr: constify instances in adfs
qstr: constify instances in lustre
qstr: constify instances in f2fs
qstr: constify instances in ext2
qstr: constify instances in vfat
qstr: constify instances in procfs
qstr: constify instances in fuse
qstr constify instances in fs/dcache.c
qstr: constify instances in nfs
qstr: constify instances in ocfs2
qstr: constify instances in autofs4
qstr: constify instances in hfs
qstr: constify instances in hfsplus
qstr: constify instances in logfs
qstr: constify dentry_init_security
qstr: constify dentry_init_security2016-07-21T03:30:06ZAl Viroviro@zeniv.linux.org.uk2016-07-20T20:06:15Zurn:sha1:4f3ccd76572a83278166c12f3e351e74cc03578c
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
LSM: Fix for security_inode_getsecurity and -EOPNOTSUPP2016-06-06T09:59:18ZCasey Schauflercasey@schaufler-ca.com2016-06-01T00:24:15Zurn:sha1:2885c1e3e0c29e4a1915214ddc9673925f538299
Serge Hallyn pointed out that the current implementation of
security_inode_getsecurity() works if there is only one hook
provided for it, but will fail if there is more than one and
the attribute requested isn't supplied by the first module.
This isn't a problem today, since only SELinux and Smack
provide this hook and there is (currently) no way to enable
both of those modules at the same time. Serge, however, wants
to introduce a capability attribute and an inode_getsecurity
hook in the capability security module to handle it. This
addresses that upcoming problem, will be required for "extreme
stacking" and is just a better implementation.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>