From: greg@kroah.com (Greg KH)
To: kernelnewbies@lists.kernelnewbies.org
Subject: Linux Security Module listsecurity (and security xattr hooks) only one called?
Date: Tue, 6 Sep 2016 14:12:57 +0200 [thread overview]
Message-ID: <20160906121257.GA11772@kroah.com> (raw)
In-Reply-To: <CAKUCuZx8PyLxSbdxM0BOKBKokF_+yhMov2M5qOYu9OD7KzvDhw@mail.gmail.com>
On Tue, Sep 06, 2016 at 07:05:54AM -0400, Pasquier, Thomas wrote:
> Hello everyone,
>
> In security/security.c (see here:https://github.com/torvalds/linux/blob/
> 835c92d43b29eb354abdbd5475308a474d7efdfa/security/security.c)
>
> Looking at this:
>
> int security_inode_listsecurity(struct inode *inode, char *buffer, size_t
> buffer_size)
> {
> ? ? if (unlikely(IS_PRIVATE(inode)))
> ? ? ? ? return 0;
> ? ? return call_int_hook(inode_listsecurity, 0, inode, buffer, buffer_size);
> }
> One would expect all stacked security module to be called. However, when
> looking at this:
>
> #define call_int_hook(FUNC, IRC, ...) ({ ? ? ? ? ? ?\
> ? ? int RC = IRC; ? ? ? ? ? ? ? ? ? ? ? \
> ? ? do { ? ? ? ? ? ? ? ? ? ? ? ? ? ?\
> ? ? ? ? struct security_hook_list *P; ? ? ? ? ? \
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? \
> ? ? ? ? list_for_each_entry(P, &security_hook_heads.FUNC, list) { \
> ? ? ? ? ? ? RC = P->hook.FUNC(__VA_ARGS__); ? ? \
> ? ? ? ? ? ? if (RC != 0) ? ? ? ? ? ? ? ?\
> ? ? ? ? ? ? ? ? break; ? ? ? ? ? ? ?\
> ? ? ? ? } ? ? ? ? ? ? ? ? ? ? ? \
> ? ? } while (0); ? ? ? ? ? ? ? ? ? ? ? ?\
> ? ? RC; ? ? ? ? ? ? ? ? ? ? ? ? \
> })
> If one of the module return a non-zero value, the other are not called. That
> means that the list of security of xattr is not built (or rather that it only
> contains the first module being called), as the lenght of inserted element is
> returned. Similarly for setsecurity and getsecurity, it seems that only one
> module will be called as if the given module does not support the security
> xattr, it returns -EOPNOTSUPP (instead I believe the next module being called,
> until one supporting the attribute is met).
>
> I am aware that LSM stacking is not fully supported yet:
> https://lwn.net/Articles/635771/
> https://lwn.net/Articles/697259/
>
> Here fix setsecurity and getsecurity:?https://github.com/cschaufler/smack-next/
> blob/next/security/security.c; but listsecurity would appear to still not
> behave as I would expect. However, I may be missing something.
>
> What is the rational here? I could change the code to support multiple security
> xattr, but don't want to do so before I am sure I understand why it was done
> like this. Any help is welcome.
Why not ask on the linux-security mailing list where the developers of
this code live?
good luck!
greg k-h
next prev parent reply other threads:[~2016-09-06 12:12 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-06 11:05 Linux Security Module listsecurity (and security xattr hooks) only one called? Pasquier, Thomas
2016-09-06 12:12 ` Greg KH [this message]
2016-09-06 17:35 ` Valdis.Kletnieks at vt.edu
-- strict thread matches above, loose matches on Subject: below --
2016-09-05 15:20 Pasquier, Thomas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160906121257.GA11772@kroah.com \
--to=greg@kroah.com \
--cc=kernelnewbies@lists.kernelnewbies.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).