From: Paul Moore <paul@paul-moore.com>
To: Casey Schaufler <casey@schaufler-ca.com>,
casey@schaufler-ca.com, linux-security-module@vger.kernel.org
Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
selinux@vger.kernel.org, mic@digikod.net,
linux-integrity@vger.kernel.org, netdev@vger.kernel.org,
audit@vger.kernel.org, netfilter-devel@vger.kernel.org,
linux-nfs@vger.kernel.org, Todd Kjos <tkjos@google.com>
Subject: Re: [PATCH v3 1/5] LSM: Ensure the correct LSM context releaser
Date: Thu, 31 Oct 2024 18:53:37 -0400 [thread overview]
Message-ID: <da6c8ffc5088f7dc728b2fcf61ee34ea@paul-moore.com> (raw)
In-Reply-To: <20241023212158.18718-2-casey@schaufler-ca.com>
On Oct 23, 2024 Casey Schaufler <casey@schaufler-ca.com> wrote:
>
> Add a new lsm_context data structure to hold all the information about a
> "security context", including the string, its size and which LSM allocated
> the string. The allocation information is necessary because LSMs have
> different policies regarding the lifecycle of these strings. SELinux
> allocates and destroys them on each use, whereas Smack provides a pointer
> to an entry in a list that never goes away.
>
> Update security_release_secctx() to use the lsm_context instead of a
> (char *, len) pair. Change its callers to do likewise. The LSMs
> supporting this hook have had comments added to remind the developer
> that there is more work to be done.
>
> The BPF security module provides all LSM hooks. While there has yet to
> be a known instance of a BPF configuration that uses security contexts,
> the possibility is real. In the existing implementation there is
> potential for multiple frees in that case.
>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> Cc: linux-integrity@vger.kernel.org
> Cc: netdev@vger.kernel.org
> Cc: audit@vger.kernel.org
> Cc: netfilter-devel@vger.kernel.org
> To: Pablo Neira Ayuso <pablo@netfilter.org>
> Cc: linux-nfs@vger.kernel.org
> Cc: Todd Kjos <tkjos@google.com>
> ---
> drivers/android/binder.c | 24 +++++++--------
> fs/ceph/xattr.c | 6 +++-
> fs/nfs/nfs4proc.c | 8 +++--
> fs/nfsd/nfs4xdr.c | 8 +++--
> include/linux/lsm_hook_defs.h | 2 +-
> include/linux/security.h | 35 ++++++++++++++++++++--
> include/net/scm.h | 11 +++----
> kernel/audit.c | 30 +++++++++----------
> kernel/auditsc.c | 23 +++++++-------
> net/ipv4/ip_sockglue.c | 10 +++----
> net/netfilter/nf_conntrack_netlink.c | 10 +++----
> net/netfilter/nf_conntrack_standalone.c | 9 +++---
> net/netfilter/nfnetlink_queue.c | 13 +++++---
> net/netlabel/netlabel_unlabeled.c | 40 +++++++++++--------------
> net/netlabel/netlabel_user.c | 11 ++++---
> security/apparmor/include/secid.h | 2 +-
> security/apparmor/secid.c | 11 +++++--
> security/security.c | 8 ++---
> security/selinux/hooks.c | 11 +++++--
> 19 files changed, 165 insertions(+), 107 deletions(-)
This revision looks okay to me, and with no real comments from the other
affected subsystems on this or the previous revision I'm going to go
ahead and merge this into the lsm/dev branch.
Thanks Casey.
--
paul-moore.com
next prev parent reply other threads:[~2024-10-31 22:53 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20241023212158.18718-1-casey@schaufler-ca.com>
2024-10-23 21:21 ` [PATCH v3 1/5] LSM: Ensure the correct LSM context releaser Casey Schaufler
2024-10-31 22:53 ` Paul Moore [this message]
2024-12-06 20:05 ` Kees Bakker
2024-12-06 20:57 ` Casey Schaufler
2024-10-23 21:21 ` [PATCH v3 2/5] LSM: Replace context+len with lsm_context Casey Schaufler
2024-10-24 16:10 ` Pablo Neira Ayuso
2024-10-24 17:57 ` Casey Schaufler
2024-10-31 22:53 ` Paul Moore
2024-10-31 23:15 ` Pablo Neira Ayuso
2024-10-31 23:23 ` Pablo Neira Ayuso
2024-10-31 23:58 ` Casey Schaufler
2024-11-01 7:25 ` Pablo Neira Ayuso
2024-11-01 16:14 ` Casey Schaufler
2024-11-01 16:35 ` Paul Moore
2024-11-01 16:42 ` Paul Moore
2024-11-01 16:59 ` Casey Schaufler
2024-11-01 17:54 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=da6c8ffc5088f7dc728b2fcf61ee34ea@paul-moore.com \
--to=paul@paul-moore.com \
--cc=audit@vger.kernel.org \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stephen.smalley.work@gmail.com \
--cc=tkjos@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox