From: Casey Schaufler <casey@schaufler-ca.com>
To: casey@schaufler-ca.com, paul@paul-moore.com, eparis@redhat.com,
linux-security-module@vger.kernel.org, audit@vger.kernel.org
Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
selinux@vger.kernel.org
Subject: [PATCH v4 0/4] Audit: Records for multiple security contexts
Date: Fri, 6 Jun 2025 17:51:30 -0700 [thread overview]
Message-ID: <20250607005134.10488-1-casey@schaufler-ca.com> (raw)
In-Reply-To: 20250607005134.10488-1-casey.ref@schaufler-ca.com
The Linux audit system includes LSM based security "context" information
in its events. Historically, only one LSM that uses security contexts can
be active on a system. One of the few obsticles to allowing multiple LSM
support is the inability to report more than one security context in an
audit event. This patchset provides a mechanism to provide supplimental
records containing more than one security context for subjects and
objects.
The mechanism for reporting multiple security contexts inspired
considerable discussion. It would have been possible to add multiple
contexts to existing records using sophisticated formatting. This would
have significant backward compatibility issues, and require additional
parsing in user space code. Adding new records for an event that contain
the contexts is more in keeping with the way audit events have been
constructed in the past.
Only audit events associated with system calls have required multiple
records prior to this. Mechanism has been added allowing any event
to be composed of multiple records. This should make it easier to
add information to existing audit events without breaking backward
compatability.
v4:
Use LSM_ID_UNDEF when checking for valid LSM IDs in
security_lsmprop_to_secctx().
Fix the object record to include only those for LSMs that use them.
Squash the two patches dealing with subject contexts.
Base the patches on Paul Moore's LSM initialization patchset.
https://lore.kernel.org/all/20250409185019.238841-31-paul@paul-moore.com/
v3:
Rework how security modules identify that they provide security
contexts to the audit system. Maintain a list within the audit
system of the security modules that provide security contexts.
Revert the separate counts of subject and object contexts.
v2:
Maintain separate counts for LSMs using subject contexts and object
contexts. AppArmor uses the former but not the latter.
Correct error handling in object record creation.
https://github.com/cschaufler/lsm-stacking#audit-6.14-rc1-v4
Casey Schaufler (4):
Audit: Create audit_stamp structure
LSM: security_lsmblob_to_secctx module selection
Audit: Add record for multiple task security contexts
Audit: Add record for multiple object contexts
include/linux/audit.h | 23 +++
include/linux/security.h | 6 +-
include/uapi/linux/audit.h | 2 +
kernel/audit.c | 274 ++++++++++++++++++++++++++++++-----
kernel/audit.h | 13 +-
kernel/auditsc.c | 65 +++------
net/netlabel/netlabel_user.c | 8 +-
security/apparmor/lsm.c | 3 +
security/lsm.h | 4 -
security/lsm_init.c | 5 -
security/security.c | 16 +-
security/selinux/hooks.c | 4 +
security/smack/smack_lsm.c | 4 +
13 files changed, 318 insertions(+), 109 deletions(-)
--
2.47.0
next parent reply other threads:[~2025-06-07 1:01 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20250607005134.10488-1-casey.ref@schaufler-ca.com>
2025-06-07 0:51 ` Casey Schaufler [this message]
2025-06-07 0:51 ` [PATCH v4 1/4] Audit: Create audit_stamp structure Casey Schaufler
2025-06-07 0:51 ` [PATCH v4 2/4] LSM: security_lsmblob_to_secctx module selection Casey Schaufler
2025-06-16 20:54 ` Paul Moore
2025-06-07 0:51 ` [PATCH v4 3/4] Audit: Add record for multiple task security contexts Casey Schaufler
2025-06-16 20:54 ` Paul Moore
2025-06-07 0:51 ` [PATCH v4 4/4] Audit: Add record for multiple object contexts Casey Schaufler
2025-06-16 20:54 ` Paul Moore
2025-07-04 20:18 ` Casey Schaufler
2025-07-15 20:40 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250607005134.10488-1-casey@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=audit@vger.kernel.org \
--cc=eparis@redhat.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox