Re: [PATCH] Disable execmem for sparc

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dennis Gilmore <dennis@ausil.us>
To: sparclinux@vger.kernel.org
Subject: Re: [PATCH] Disable execmem for sparc
Date: Fri, 26 Mar 2010 16:26:25 +0000	[thread overview]
Message-ID: <201003261126.34217.dennis@ausil.us> (raw)
In-Reply-To: <4BAA89B9.2030102@redhat.com>

[-- Attachment #1: Type: Text/Plain, Size: 5397 bytes --]

On Friday 26 March 2010 10:33:50 am Stephen Smalley wrote:
> On Thu, 2010-03-25 at 15:48 -0500, Dennis Gilmore wrote:
> > On Thursday 25 March 2010 03:24:58 pm David Miller wrote:
> > > From: "Tom \"spot\" Callaway" <tcallawa@redhat.com>
> > > Date: Wed, 24 Mar 2010 17:52:57 -0400
> > > 
> > > > Attached is a patch which disables execmem for sparc. Without it,
> > > > selinux does not work at all on SPARC64.
> > > > 
> > > > This patch should be reasonably non-controversial, because this is
> > > > already being done for PPC32.
> > > > 
> > > > Tested-by: Tom "spot" Callaway <tcallawa@redhat.com> (Ultra 10,
> > > > T5220)
> > > > 
> > > >            Dennis Gilmore <dgilmore@redhat.com>
> > > > 
> > > > Signed-off-by: Tom "spot" Callaway <tcallawa@redhat.com>
> > > 
> > > What is the reason why it doesn't work, I'm just curious?
> > > 
> > > Is there some dependency upon executable stacks or executable data
> > > segments always working?  Why can't SELINUX protect be used with
> > > that correctly?
> > 
> > what happens is that almost all binaries end up with execmem set  and
> > selinux prevents them from running.  the system fails to even get close
> > to coming up in a usable state
> > 
> > Dec 31 18:00:40 sparcbook kernel: type=1400 audit(8.160:3): avc:  denied 
> > { execmem } for  pid=208 comm="consoletype"
> > scontext=system_u:system_r:consoletype_t:s0
> > tcontext=system_u:system_r:consoletype_t:s0 tclass=process
> > Dec 31 18:00:40 sparcbook kernel: type=1400 audit(8.315:4): avc:  denied 
> > { execmem } for  pid=211 comm="hostname"
> > scontext=system_u:system_r:hostname_t:s0
> > tcontext=system_u:system_r:hostname_t:s0 tclass=process
> > Dec 31 18:00:40 sparcbook kernel: type=1400 audit(8.520:5): avc:  denied 
> > { execmem } for  pid=213 comm="mount"
> > scontext=system_u:system_r:mount_t:s0
> > tcontext=system_u:system_r:mount_t:s0 tclass=process
> > Dec 31 18:00:40 sparcbook kernel: type=1400 audit(8.570:6): avc:  denied 
> > { execmem } for  pid=203 comm="readahead-colle"
> > scontext=system_u:system_r:readahead_t:s0
> > tcontext=system_u:system_r:readahead_t:s0 tclass=process
> > 
> > is a small sample of the logs you get  not everything fails but almost
> > everything
> 
> I think we need to understand why this is happening - it usually
> reflects a toolchain problem (that was the case in the ppc32 situation,
> and was later fixed in Fedora through an updated toolchain and rebuilt
> userland).  eu-readelf -l /bin/hostname shows what?
eu-readelf -l /bin/hostname
Program Headers:
  Type           Offset   VirtAddr   PhysAddr   FileSiz  MemSiz   Flg Align
  PHDR           0x000034 0x00010034 0x00010034 0x000100 0x000100 R E 0x4
  INTERP         0x000134 0x00010134 0x00010134 0x000013 0x000013 R   0x1
        [Requesting program interpreter: /lib/ld-linux.so.2]
  LOAD           0x000000 0x00010000 0x00010000 0x002204 0x002204 R E 0x10000
  LOAD           0x002204 0x00022204 0x00022204 0x000284 0x0002ac RWE 0x10000
  DYNAMIC        0x002218 0x00022218 0x00022218 0x0000d0 0x0000d0 RW  0x4
  NOTE           0x000148 0x00010148 0x00010148 0x000044 0x000044 R   0x4
  GNU_EH_FRAME   0x002110 0x00012110 0x00012110 0x00003c 0x00003c R   0x4
  GNU_STACK      0x000000 0x00000000 0x00000000 0x000000 0x000000 RW  0x4

 Section to Segment mapping:
  Segment Sections...
   00     
   01      [RO: .interp]
   02      [RO: .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym 
.dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .text .fini 
.rodata .eh_frame_hdr .eh_frame]
   03      .ctors .dtors .jcr .dynamic .got .plt .data .bss
   04      .dynamic
   05      [RO: .note.ABI-tag .note.gnu.build-id]
   06      [RO: .eh_frame_hdr]
   07     

> 
> > > And since we're touching selinux code we need to at a minimum
> > > CC: them so they can have a look at your change.
> > > 
> > > --------------------
> > > diff -up linux-2.6.32.noarch/security/selinux/hooks.c.mprotect-sparc
> > > linux-2.6.32.noarch/security/selinux/hooks.c ---
> > > linux-2.6.32.noarch/security/selinux/hooks.c.mprotect-sparc	2010-03-10
> > > 08:28:20.957571926 -0500 +++
> > > linux-2.6.32.noarch/security/selinux/hooks.c	2010-03-10
> > > 08:29:15.732698763 -0500 @@ -3010,7 +3010,7 @@ static int
> > > file_map_prot_check(struct fi
> > > 
> > >  	const struct cred *cred = current_cred();
> > >  	int rc = 0;
> > > 
> > > -#ifndef CONFIG_PPC32
> > > +#if !defined(CONFIG_PPC32) && !defined(CONFIG_SPARC)
> > > 
> > >  	if ((prot & PROT_EXEC) && (!file || (!shared && (prot &
> > >  	PROT_WRITE)))) {
> > >  	
> > >  		/*
> > >  		
> > >  		 * We are making executable an anonymous mapping or a
> > > 
> > > @@ -3082,7 +3082,7 @@ static int selinux_file_mprotect(struct
> > > 
> > >  	if (selinux_checkreqprot)
> > >  	
> > >  		prot = reqprot;
> > > 
> > > -#ifndef CONFIG_PPC32
> > > +#if !defined(CONFIG_PPC32) && !defined(CONFIG_SPARC)
> > > 
> > >  	if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
> > >  	
> > >  		int rc = 0;
> > >  		if (vma->vm_start >= vma->vm_mm->start_brk &&
> > > 
> > > --
> > > To unsubscribe from this list: send the line "unsubscribe sparclinux"
> > > in the body of a message to majordomo@vger.kernel.org
> > > More majordomo info at  http://vger.kernel.org/majordomo-info.html

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

next prev parent reply	other threads:[~2010-03-26 16:26 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-03-24 21:52 [PATCH] Disable execmem for sparc Tom "spot" Callaway
2010-03-25 20:24 ` David Miller
2010-03-25 20:48 ` Dennis Gilmore
2010-03-26 15:33 ` Stephen Smalley
2010-03-26 16:26 ` Dennis Gilmore [this message]
2010-04-08  5:03 ` David Miller
2010-04-15 12:43 ` Stephen Smalley
2010-04-15 22:25 ` David Miller
2010-04-16 12:36 ` Stephen Smalley
2010-04-19  4:15 ` David Miller
2010-04-27 15:34 ` Tom "spot" Callaway
2010-04-27 17:05 ` Stephen Smalley
2010-04-27 18:20 ` Tom "spot" Callaway
2010-04-27 18:47 ` David Miller
2010-04-28 19:57 ` Stephen Smalley
2010-04-28 20:02 ` David Miller
2010-04-28 22:59 ` James Morris

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201003261126.34217.dennis@ausil.us \
    --to=dennis@ausil.us \
    --cc=sparclinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.