From: "Serge E. Hallyn" <serge@hallyn.com>
To: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Cc: linux-doc@vger.kernel.org, NeilBrown <neilb@suse.de>,
linux-kernel@vger.kernel.org, David Howells <dhowells@redhat.com>,
Eric Dumazet <edumazet@google.com>,
selinux@tycho.nsa.gov, Jonathan Corbet <corbet@lwn.net>,
havner@gmail.com,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
Jiri Slaby <jslaby@suse.com>, Stephen Smalley <sds@tycho.nsa.gov>,
Alexey Dobriyan <adobriyan@gmail.com>,
Kees Cook <keescook@chromium.org>, Arnd Bergmann <arnd@arndb.de>,
Mauro Carvalho Chehab <mchehab@osg.samsung.com>,
Fabian Frederick <fabf@skynet.be>,
Al Viro <viro@zeniv.linux.org.uk>,
James Morris <james.l.morris@oracle.com>,
John Johansen <john.johansen@canonical.com>,
Greg KH <gregkh@linuxfoundation.org>,
Oleg Nesterov <oleg@redhat.com>,
Andy Lutomirski <luto@amacapital.net>,
linux-security-module@vger.kernel.org,
Zefan Li <lizefan@huawei.com>, Joe Perches <joe@perches.com>,
linux-fsdevel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH v3 06/11] smack: don't use implicit star to display smackfs/syslog
Date: Thu, 30 Jul 2015 17:42:56 -0500 [thread overview]
Message-ID: <20150730224256.GF13589@mail.hallyn.com> (raw)
In-Reply-To: <1437732285-11524-7-git-send-email-l.pawelczyk@samsung.com>
On Fri, Jul 24, 2015 at 12:04:40PM +0200, Lukasz Pawelczyk wrote:
> Smackfs/syslog is analogous to onlycap and unconfined. When not filled
> they don't do anything. In such cases onlycap and unconfined displayed
> nothing when read, but syslog unconditionally displayed star. This
> doesn't work well with namespaces where the star could have been
> unmapped. Besides the meaning of this star was different then a star
> that could be written to this file. This was misleading.
>
> This also brings syslog read/write functions on par with onlycap and
> unconfined where it is possible to reset the value to NULL as should be
> possible according to comment in smackfs.c describing smack_syslog_label
> variable.
>
> Before that the initial state was to allow (smack_syslog_label was
> NULL), but after writing star to it the current had to be labeled star
> as well to have an access, even thought reading the smackfs/syslog
> returned the same result in both cases.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> ---
> security/smack/smackfs.c | 42 +++++++++++++++++++++++++++---------------
> 1 file changed, 27 insertions(+), 15 deletions(-)
>
> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
> index 81a2888..89f847bba 100644
> --- a/security/smack/smackfs.c
> +++ b/security/smack/smackfs.c
> @@ -2362,23 +2362,20 @@ static const struct file_operations smk_change_rule_ops = {
> static ssize_t smk_read_syslog(struct file *filp, char __user *buf,
> size_t cn, loff_t *ppos)
> {
> - struct smack_known *skp;
> + char *smack = "";
> ssize_t rc = -EINVAL;
> int asize;
>
> if (*ppos != 0)
> return 0;
>
> - if (smack_syslog_label == NULL)
> - skp = &smack_known_star;
> - else
> - skp = smack_syslog_label;
> + if (smack_syslog_label != NULL)
> + smack = smack_syslog_label->smk_known;
>
> - asize = strlen(skp->smk_known) + 1;
> + asize = strlen(smack) + 1;
>
> if (cn >= asize)
> - rc = simple_read_from_buffer(buf, cn, ppos, skp->smk_known,
> - asize);
> + rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
>
> return rc;
> }
> @@ -2406,16 +2403,31 @@ static ssize_t smk_write_syslog(struct file *file, const char __user *buf,
> if (data == NULL)
> return -ENOMEM;
>
> - if (copy_from_user(data, buf, count) != 0)
> + if (copy_from_user(data, buf, count) != 0) {
> rc = -EFAULT;
> - else {
> - skp = smk_import_entry(data, count);
> - if (IS_ERR(skp))
> - rc = PTR_ERR(skp);
> - else
> - smack_syslog_label = skp;
> + goto freeout;
> }
>
> + /*
> + * Clear the smack_syslog_label on invalid label errors. This means
> + * that we can pass a null string to unset the syslog value.
> + *
> + * Importing will also reject a label beginning with '-',
> + * so "-syslog" will also work.
> + *
> + * But do so only on invalid label, not on system errors.
> + */
> + skp = smk_import_entry(data, count);
> + if (PTR_ERR(skp) == -EINVAL)
> + skp = NULL;
> + else if (IS_ERR(skp)) {
> + rc = PTR_ERR(skp);
> + goto freeout;
> + }
> +
> + smack_syslog_label = skp;
> +
> +freeout:
> kfree(data);
> return rc;
> }
> --
> 2.4.3
WARNING: multiple messages have this Message-ID (diff)
From: "Serge E. Hallyn" <serge@hallyn.com>
To: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Alexey Dobriyan <adobriyan@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@amacapital.net>,
Arnd Bergmann <arnd@arndb.de>,
Casey Schaufler <casey@schaufler-ca.com>,
David Howells <dhowells@redhat.com>,
Eric Dumazet <edumazet@google.com>,
Eric Paris <eparis@parisplace.org>,
Fabian Frederick <fabf@skynet.be>,
Greg KH <gregkh@linuxfoundation.org>,
James Morris <james.l.morris@oracle.com>,
Jiri Slaby <jslaby@suse.com>, Joe Perches <joe@perches.com>,
John Johansen <john.johansen@canonical.com>,
Jonathan Corbet <corbet@lwn.net>,
Kees Cook <keescook@chromium.org>,
Mauro Carvalho Chehab <mchehab@osg.samsung.com>,
NeilBrown <neilb@suse.de>, Oleg Nesterov <oleg@redhat.com>,
Paul Moore <paul@paul-moore.com>, Stephen Smalley <sds@
Subject: Re: [PATCH v3 06/11] smack: don't use implicit star to display smackfs/syslog
Date: Thu, 30 Jul 2015 17:42:56 -0500 [thread overview]
Message-ID: <20150730224256.GF13589@mail.hallyn.com> (raw)
In-Reply-To: <1437732285-11524-7-git-send-email-l.pawelczyk@samsung.com>
On Fri, Jul 24, 2015 at 12:04:40PM +0200, Lukasz Pawelczyk wrote:
> Smackfs/syslog is analogous to onlycap and unconfined. When not filled
> they don't do anything. In such cases onlycap and unconfined displayed
> nothing when read, but syslog unconditionally displayed star. This
> doesn't work well with namespaces where the star could have been
> unmapped. Besides the meaning of this star was different then a star
> that could be written to this file. This was misleading.
>
> This also brings syslog read/write functions on par with onlycap and
> unconfined where it is possible to reset the value to NULL as should be
> possible according to comment in smackfs.c describing smack_syslog_label
> variable.
>
> Before that the initial state was to allow (smack_syslog_label was
> NULL), but after writing star to it the current had to be labeled star
> as well to have an access, even thought reading the smackfs/syslog
> returned the same result in both cases.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> ---
> security/smack/smackfs.c | 42 +++++++++++++++++++++++++++---------------
> 1 file changed, 27 insertions(+), 15 deletions(-)
>
> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
> index 81a2888..89f847bba 100644
> --- a/security/smack/smackfs.c
> +++ b/security/smack/smackfs.c
> @@ -2362,23 +2362,20 @@ static const struct file_operations smk_change_rule_ops = {
> static ssize_t smk_read_syslog(struct file *filp, char __user *buf,
> size_t cn, loff_t *ppos)
> {
> - struct smack_known *skp;
> + char *smack = "";
> ssize_t rc = -EINVAL;
> int asize;
>
> if (*ppos != 0)
> return 0;
>
> - if (smack_syslog_label == NULL)
> - skp = &smack_known_star;
> - else
> - skp = smack_syslog_label;
> + if (smack_syslog_label != NULL)
> + smack = smack_syslog_label->smk_known;
>
> - asize = strlen(skp->smk_known) + 1;
> + asize = strlen(smack) + 1;
>
> if (cn >= asize)
> - rc = simple_read_from_buffer(buf, cn, ppos, skp->smk_known,
> - asize);
> + rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
>
> return rc;
> }
> @@ -2406,16 +2403,31 @@ static ssize_t smk_write_syslog(struct file *file, const char __user *buf,
> if (data == NULL)
> return -ENOMEM;
>
> - if (copy_from_user(data, buf, count) != 0)
> + if (copy_from_user(data, buf, count) != 0) {
> rc = -EFAULT;
> - else {
> - skp = smk_import_entry(data, count);
> - if (IS_ERR(skp))
> - rc = PTR_ERR(skp);
> - else
> - smack_syslog_label = skp;
> + goto freeout;
> }
>
> + /*
> + * Clear the smack_syslog_label on invalid label errors. This means
> + * that we can pass a null string to unset the syslog value.
> + *
> + * Importing will also reject a label beginning with '-',
> + * so "-syslog" will also work.
> + *
> + * But do so only on invalid label, not on system errors.
> + */
> + skp = smk_import_entry(data, count);
> + if (PTR_ERR(skp) == -EINVAL)
> + skp = NULL;
> + else if (IS_ERR(skp)) {
> + rc = PTR_ERR(skp);
> + goto freeout;
> + }
> +
> + smack_syslog_label = skp;
> +
> +freeout:
> kfree(data);
> return rc;
> }
> --
> 2.4.3
WARNING: multiple messages have this Message-ID (diff)
From: "Serge E. Hallyn" <serge@hallyn.com>
To: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Alexey Dobriyan <adobriyan@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@amacapital.net>,
Arnd Bergmann <arnd@arndb.de>,
Casey Schaufler <casey@schaufler-ca.com>,
David Howells <dhowells@redhat.com>,
Eric Dumazet <edumazet@google.com>,
Eric Paris <eparis@parisplace.org>,
Fabian Frederick <fabf@skynet.be>,
Greg KH <gregkh@linuxfoundation.org>,
James Morris <james.l.morris@oracle.com>,
Jiri Slaby <jslaby@suse.com>, Joe Perches <joe@perches.com>,
John Johansen <john.johansen@canonical.com>,
Jonathan Corbet <corbet@lwn.net>,
Kees Cook <keescook@chromium.org>,
Mauro Carvalho Chehab <mchehab@osg.samsung.com>,
NeilBrown <neilb@suse.de>, Oleg Nesterov <oleg@redhat.com>,
Paul Moore <paul@paul-moore.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
Zefan Li <lizefan@huawei.com>,
linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
havner@gmail.com
Subject: Re: [PATCH v3 06/11] smack: don't use implicit star to display smackfs/syslog
Date: Thu, 30 Jul 2015 17:42:56 -0500 [thread overview]
Message-ID: <20150730224256.GF13589@mail.hallyn.com> (raw)
In-Reply-To: <1437732285-11524-7-git-send-email-l.pawelczyk@samsung.com>
On Fri, Jul 24, 2015 at 12:04:40PM +0200, Lukasz Pawelczyk wrote:
> Smackfs/syslog is analogous to onlycap and unconfined. When not filled
> they don't do anything. In such cases onlycap and unconfined displayed
> nothing when read, but syslog unconditionally displayed star. This
> doesn't work well with namespaces where the star could have been
> unmapped. Besides the meaning of this star was different then a star
> that could be written to this file. This was misleading.
>
> This also brings syslog read/write functions on par with onlycap and
> unconfined where it is possible to reset the value to NULL as should be
> possible according to comment in smackfs.c describing smack_syslog_label
> variable.
>
> Before that the initial state was to allow (smack_syslog_label was
> NULL), but after writing star to it the current had to be labeled star
> as well to have an access, even thought reading the smackfs/syslog
> returned the same result in both cases.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
> ---
> security/smack/smackfs.c | 42 +++++++++++++++++++++++++++---------------
> 1 file changed, 27 insertions(+), 15 deletions(-)
>
> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
> index 81a2888..89f847bba 100644
> --- a/security/smack/smackfs.c
> +++ b/security/smack/smackfs.c
> @@ -2362,23 +2362,20 @@ static const struct file_operations smk_change_rule_ops = {
> static ssize_t smk_read_syslog(struct file *filp, char __user *buf,
> size_t cn, loff_t *ppos)
> {
> - struct smack_known *skp;
> + char *smack = "";
> ssize_t rc = -EINVAL;
> int asize;
>
> if (*ppos != 0)
> return 0;
>
> - if (smack_syslog_label == NULL)
> - skp = &smack_known_star;
> - else
> - skp = smack_syslog_label;
> + if (smack_syslog_label != NULL)
> + smack = smack_syslog_label->smk_known;
>
> - asize = strlen(skp->smk_known) + 1;
> + asize = strlen(smack) + 1;
>
> if (cn >= asize)
> - rc = simple_read_from_buffer(buf, cn, ppos, skp->smk_known,
> - asize);
> + rc = simple_read_from_buffer(buf, cn, ppos, smack, asize);
>
> return rc;
> }
> @@ -2406,16 +2403,31 @@ static ssize_t smk_write_syslog(struct file *file, const char __user *buf,
> if (data == NULL)
> return -ENOMEM;
>
> - if (copy_from_user(data, buf, count) != 0)
> + if (copy_from_user(data, buf, count) != 0) {
> rc = -EFAULT;
> - else {
> - skp = smk_import_entry(data, count);
> - if (IS_ERR(skp))
> - rc = PTR_ERR(skp);
> - else
> - smack_syslog_label = skp;
> + goto freeout;
> }
>
> + /*
> + * Clear the smack_syslog_label on invalid label errors. This means
> + * that we can pass a null string to unset the syslog value.
> + *
> + * Importing will also reject a label beginning with '-',
> + * so "-syslog" will also work.
> + *
> + * But do so only on invalid label, not on system errors.
> + */
> + skp = smk_import_entry(data, count);
> + if (PTR_ERR(skp) == -EINVAL)
> + skp = NULL;
> + else if (IS_ERR(skp)) {
> + rc = PTR_ERR(skp);
> + goto freeout;
> + }
> +
> + smack_syslog_label = skp;
> +
> +freeout:
> kfree(data);
> return rc;
> }
> --
> 2.4.3
next prev parent reply other threads:[~2015-07-30 22:42 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-24 10:04 [PATCH v3 00/11] Smack namespace Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 01/11] user_ns: 3 new LSM hooks for user namespace operations Lukasz Pawelczyk
2015-07-30 21:30 ` Serge E. Hallyn
2015-07-30 21:30 ` Serge E. Hallyn
2015-07-30 21:30 ` Serge E. Hallyn
2015-07-31 9:28 ` Lukasz Pawelczyk
2015-07-31 9:28 ` Lukasz Pawelczyk
2015-07-31 9:28 ` Lukasz Pawelczyk
2015-08-01 3:48 ` Serge E. Hallyn
2015-08-01 3:48 ` Serge E. Hallyn
2015-08-01 3:48 ` Serge E. Hallyn
2015-08-03 11:34 ` Lukasz Pawelczyk
2015-08-03 11:34 ` Lukasz Pawelczyk
2015-08-03 11:34 ` Lukasz Pawelczyk
2015-08-04 1:38 ` Kees Cook
2015-08-04 1:38 ` Kees Cook
2015-08-04 1:38 ` Kees Cook
2015-08-21 5:04 ` Paul Moore
2015-08-21 5:04 ` Paul Moore
2015-08-21 15:56 ` Paul Moore
2015-08-21 15:56 ` Paul Moore
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 02/11] lsm: /proc/$PID/attr/label_map file and getprocattr_seq hook Lukasz Pawelczyk
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-30 21:49 ` Serge E. Hallyn
2015-07-30 21:49 ` Serge E. Hallyn
2015-07-30 21:49 ` Serge E. Hallyn
2015-08-21 5:14 ` Paul Moore
2015-08-21 5:14 ` Paul Moore
2015-08-21 9:30 ` Lukasz Pawelczyk
2015-08-21 9:30 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 03/11] lsm: add file opener's cred to a setprocattr arguments Lukasz Pawelczyk
2015-07-30 21:50 ` Serge E. Hallyn
2015-07-30 21:50 ` Serge E. Hallyn
2015-07-30 21:50 ` Serge E. Hallyn
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 04/11] lsm: inode_pre_setxattr hook Lukasz Pawelczyk
2015-07-30 21:56 ` Serge E. Hallyn
2015-07-30 21:56 ` Serge E. Hallyn
2015-07-30 21:56 ` Serge E. Hallyn
2015-07-31 9:43 ` Lukasz Pawelczyk
2015-07-31 9:43 ` Lukasz Pawelczyk
2015-07-31 9:43 ` Lukasz Pawelczyk
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 05/11] smack: extend capability functions and fix 2 checks Lukasz Pawelczyk
2015-07-30 22:10 ` Serge E. Hallyn
2015-07-30 22:10 ` Serge E. Hallyn
2015-07-30 22:10 ` Serge E. Hallyn
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 06/11] smack: don't use implicit star to display smackfs/syslog Lukasz Pawelczyk
2015-07-30 22:42 ` Serge E. Hallyn [this message]
2015-07-30 22:42 ` Serge E. Hallyn
2015-07-30 22:42 ` Serge E. Hallyn
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 07/11] smack: abstraction layer for 2 common Smack operations Lukasz Pawelczyk
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 08/11] smack: misc cleanups in preparation for a namespace patch Lukasz Pawelczyk
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 09/11] smack: namespace groundwork Lukasz Pawelczyk
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 10/11] smack: namespace implementation Lukasz Pawelczyk
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-24 10:04 ` [PATCH v3 11/11] smack: documentation for the Smack namespace Lukasz Pawelczyk
2015-07-24 10:04 ` Lukasz Pawelczyk
2015-07-29 15:25 ` Serge E. Hallyn
2015-07-29 15:25 ` Serge E. Hallyn
2015-07-29 15:25 ` Serge E. Hallyn
2015-07-29 16:10 ` Lukasz Pawelczyk
2015-07-29 16:10 ` Lukasz Pawelczyk
2015-07-29 16:13 ` Lukasz Pawelczyk
2015-07-29 16:13 ` Lukasz Pawelczyk
2015-07-29 16:13 ` Lukasz Pawelczyk
2015-07-29 16:24 ` Lukasz Pawelczyk
2015-07-29 16:24 ` Lukasz Pawelczyk
2015-07-29 16:24 ` Lukasz Pawelczyk
2015-07-29 16:37 ` Serge E. Hallyn
2015-07-29 16:37 ` Serge E. Hallyn
2015-07-29 16:37 ` Serge E. Hallyn
2015-07-29 17:05 ` Lukasz Pawelczyk
2015-07-29 17:05 ` Lukasz Pawelczyk
2015-07-29 17:05 ` Lukasz Pawelczyk
2015-07-30 19:11 ` Serge E. Hallyn
2015-07-30 19:11 ` Serge E. Hallyn
2015-07-30 19:11 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150730224256.GF13589@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=edumazet@google.com \
--cc=fabf@skynet.be \
--cc=gregkh@linuxfoundation.org \
--cc=havner@gmail.com \
--cc=james.l.morris@oracle.com \
--cc=joe@perches.com \
--cc=john.johansen@canonical.com \
--cc=jslaby@suse.com \
--cc=keescook@chromium.org \
--cc=l.pawelczyk@samsung.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=luto@amacapital.net \
--cc=mchehab@osg.samsung.com \
--cc=neilb@suse.de \
--cc=oleg@redhat.com \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.