* [PATCH v2 0/3] lsm: introduce lsm_config_self_policy() and lsm_config_system_policy() syscalls
@ 2025-06-19 18:15 Maxime Bélair
2025-06-19 18:15 ` [PATCH v2 1/3] Wire up lsm_config_self_policy and lsm_config_system_policy syscalls Maxime Bélair
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Maxime Bélair @ 2025-06-19 18:15 UTC (permalink / raw)
To: linux-security-module
Cc: john.johansen, paul, jmorris, serge, mic, kees,
stephen.smalley.work, casey, takedakn, penguin-kernel, song,
linux-api, apparmor, linux-kernel, Maxime Bélair
This patchset introduces two new syscalls: lsm_config_self_policy(),
lsm_config_system_policy() and the associated Linux Security Module hooks
security_lsm_config_*_policy(), providing a unified interface for loading
and managing LSM policies. These syscalls complement the existing per‑LSM
pseudo‑filesystem mechanism and work even when those filesystems are not
mounted or available.
With these new syscalls, users and administrators may lock down access to
the pseudo‑filesystem yet still manage LSM policies. Two tightly-scoped
entry points then replace the many file operations exposed by those
filesystems, significantly reducing the attack surface. This is
particularly useful in containers or processes already confined by
Landlock, where these pseudo‑filesystems are typically unavailable.
Because they provide a logical and unified interface, these syscalls are
simpler to use than several heterogeneous pseudo‑filesystems and avoid
edge cases such as partially loaded policies. They also eliminates VFS
overhead, yielding performance gains notably when many policies are
loaded, for instance at boot time.
This initial implementation is intentionally minimal to limit the scope
of changes. Currently, only policy loading is supported, and only
AppArmor registers this LSM hook. However, any LSM can adopt this
interface, and future patches could extend this syscall to support more
operations, such as replacing, removing, or querying loaded policies.
Landlock already provides three Landlock‑specific syscalls (e.g.
landlock_add_rule()) to restrict ambient rights for sets of processes
without touching any pseudo-filesystem. lsm_config_*_policy() generalizes
that approach to the entire LSM layer, so any module can choose to
support either or both of these syscalls, and expose its policy
operations through a uniform interface and reap the advantages outlined
above.
This patchset is available at [1], a minimal user space example
showing how to use lsm_config_system_policy with AppArmor is at [2] and a
performance benchmark of both syscalls is available at [3].
[1] https://github.com/emixam16/linux/tree/lsm_syscall
[2] https://gitlab.com/emixam16/apparmor/tree/lsm_syscall
[3] https://gitlab.com/-/snippets/4864908
--
Changes in v2
- Split lsm_manage_policy() into two distinct syscalls:
lsm_config_self_policy() and lsm_config_system_policy()
- The LSM hook now calls only the appropriate LSM (and not all LSMs)
- Add a configuration variable to limit the buffer size of these
syscalls
- AppArmor now allows stacking policies through lsm_config_self_policy()
and loading policies in any namespace through
lsm_config_system_policy()
--
Maxime Bélair (3):
Wire up lsm_config_self_policy and lsm_config_system_policy syscalls
lsm: introduce security_lsm_config_*_policy hooks
AppArmor: add support for lsm_config_self_policy and
lsm_config_system_policy
arch/alpha/kernel/syscalls/syscall.tbl | 2 +
arch/arm/tools/syscall.tbl | 2 +
arch/m68k/kernel/syscalls/syscall.tbl | 2 +
arch/microblaze/kernel/syscalls/syscall.tbl | 2 +
arch/mips/kernel/syscalls/syscall_n32.tbl | 2 +
arch/mips/kernel/syscalls/syscall_n64.tbl | 2 +
arch/mips/kernel/syscalls/syscall_o32.tbl | 2 +
arch/parisc/kernel/syscalls/syscall.tbl | 2 +
arch/powerpc/kernel/syscalls/syscall.tbl | 2 +
arch/s390/kernel/syscalls/syscall.tbl | 2 +
arch/sh/kernel/syscalls/syscall.tbl | 2 +
arch/sparc/kernel/syscalls/syscall.tbl | 2 +
arch/x86/entry/syscalls/syscall_32.tbl | 2 +
arch/x86/entry/syscalls/syscall_64.tbl | 2 +
arch/xtensa/kernel/syscalls/syscall.tbl | 2 +
include/linux/lsm_hook_defs.h | 4 ++
include/linux/security.h | 16 +++++
include/linux/syscalls.h | 5 ++
include/uapi/asm-generic/unistd.h | 6 +-
include/uapi/linux/lsm.h | 8 +++
kernel/sys_ni.c | 2 +
security/Kconfig | 22 ++++++
security/apparmor/apparmorfs.c | 31 +++++++++
security/apparmor/include/apparmorfs.h | 3 +
security/apparmor/lsm.c | 63 +++++++++++++++++
security/lsm_syscalls.c | 25 +++++++
security/security.c | 69 +++++++++++++++++++
tools/include/uapi/asm-generic/unistd.h | 6 +-
.../arch/x86/entry/syscalls/syscall_64.tbl | 2 +
29 files changed, 290 insertions(+), 2 deletions(-)
base-commit: 9c32cda43eb78f78c73aee4aa344b777714e259b
--
2.48.1
^ permalink raw reply [flat|nested] 9+ messages in thread* [PATCH v2 1/3] Wire up lsm_config_self_policy and lsm_config_system_policy syscalls 2025-06-19 18:15 [PATCH v2 0/3] lsm: introduce lsm_config_self_policy() and lsm_config_system_policy() syscalls Maxime Bélair @ 2025-06-19 18:15 ` Maxime Bélair 2025-06-19 18:15 ` [PATCH v2 2/3] lsm: introduce security_lsm_config_*_policy hooks Maxime Bélair 2025-06-19 18:15 ` [PATCH v2 3/3] AppArmor: add support for lsm_config_self_policy and lsm_config_system_policy Maxime Bélair 2 siblings, 0 replies; 9+ messages in thread From: Maxime Bélair @ 2025-06-19 18:15 UTC (permalink / raw) To: linux-security-module Cc: john.johansen, paul, jmorris, serge, mic, kees, stephen.smalley.work, casey, takedakn, penguin-kernel, song, linux-api, apparmor, linux-kernel, Maxime Bélair Add support for the new lsm_config_self_policy and lsm_config_system_policy syscalls, providing a unified API for loading and modifying LSM policies, for the current user and for the entire system, respectively without requiring the LSM’s pseudo-filesystems. Benefits: - Works even if the LSM pseudo-filesystem isn’t mounted or available (e.g. in containers) - Offers a logical and unified interface rather than multiple heterogeneous pseudo-filesystems - Avoids the overhead of other kernel interfaces for better efficiency Signed-off-by: Maxime Bélair <maxime.belair@canonical.com> --- arch/alpha/kernel/syscalls/syscall.tbl | 2 ++ arch/arm/tools/syscall.tbl | 2 ++ arch/m68k/kernel/syscalls/syscall.tbl | 2 ++ arch/microblaze/kernel/syscalls/syscall.tbl | 2 ++ arch/mips/kernel/syscalls/syscall_n32.tbl | 2 ++ arch/mips/kernel/syscalls/syscall_n64.tbl | 2 ++ arch/mips/kernel/syscalls/syscall_o32.tbl | 2 ++ arch/parisc/kernel/syscalls/syscall.tbl | 2 ++ arch/powerpc/kernel/syscalls/syscall.tbl | 2 ++ arch/s390/kernel/syscalls/syscall.tbl | 2 ++ arch/sh/kernel/syscalls/syscall.tbl | 2 ++ arch/sparc/kernel/syscalls/syscall.tbl | 2 ++ arch/x86/entry/syscalls/syscall_32.tbl | 2 ++ arch/x86/entry/syscalls/syscall_64.tbl | 2 ++ arch/xtensa/kernel/syscalls/syscall.tbl | 2 ++ include/linux/syscalls.h | 5 +++++ include/uapi/asm-generic/unistd.h | 6 +++++- kernel/sys_ni.c | 2 ++ security/lsm_syscalls.c | 12 ++++++++++++ tools/include/uapi/asm-generic/unistd.h | 6 +++++- tools/perf/arch/x86/entry/syscalls/syscall_64.tbl | 2 ++ 21 files changed, 61 insertions(+), 2 deletions(-) diff --git a/arch/alpha/kernel/syscalls/syscall.tbl b/arch/alpha/kernel/syscalls/syscall.tbl index 2dd6340de6b4..4fc75352220d 100644 --- a/arch/alpha/kernel/syscalls/syscall.tbl +++ b/arch/alpha/kernel/syscalls/syscall.tbl @@ -507,3 +507,5 @@ 575 common listxattrat sys_listxattrat 576 common removexattrat sys_removexattrat 577 common open_tree_attr sys_open_tree_attr +578 common lsm_config_self_policy sys_lsm_config_self_policy +579 common lsm_config_system_policy sys_lsm_config_system_policy diff --git a/arch/arm/tools/syscall.tbl b/arch/arm/tools/syscall.tbl index 27c1d5ebcd91..326483cb94a4 100644 --- a/arch/arm/tools/syscall.tbl +++ b/arch/arm/tools/syscall.tbl @@ -482,3 +482,5 @@ 465 common listxattrat sys_listxattrat 466 common removexattrat sys_removexattrat 467 common open_tree_attr sys_open_tree_attr +468 common lsm_config_self_policy sys_lsm_config_self_policy +469 common lsm_config_system_policy sys_lsm_config_system_policy diff --git a/arch/m68k/kernel/syscalls/syscall.tbl b/arch/m68k/kernel/syscalls/syscall.tbl index 9fe47112c586..d37364df1cd7 100644 --- a/arch/m68k/kernel/syscalls/syscall.tbl +++ b/arch/m68k/kernel/syscalls/syscall.tbl @@ -467,3 +467,5 @@ 465 common listxattrat sys_listxattrat 466 common removexattrat sys_removexattrat 467 common open_tree_attr sys_open_tree_attr +468 common lsm_config_self_policy sys_lsm_config_self_policy +469 common lsm_config_system_policy sys_lsm_config_system_policy diff --git a/arch/microblaze/kernel/syscalls/syscall.tbl b/arch/microblaze/kernel/syscalls/syscall.tbl index 7b6e97828e55..9d58ebfcf967 100644 --- a/arch/microblaze/kernel/syscalls/syscall.tbl +++ b/arch/microblaze/kernel/syscalls/syscall.tbl @@ -473,3 +473,5 @@ 465 common listxattrat sys_listxattrat 466 common removexattrat sys_removexattrat 467 common open_tree_attr sys_open_tree_attr +468 common lsm_config_self_policy sys_lsm_config_self_policy +469 common lsm_config_system_policy sys_lsm_config_system_policy diff --git a/arch/mips/kernel/syscalls/syscall_n32.tbl b/arch/mips/kernel/syscalls/syscall_n32.tbl index aa70e371bb54..8627b5f56280 100644 --- a/arch/mips/kernel/syscalls/syscall_n32.tbl +++ b/arch/mips/kernel/syscalls/syscall_n32.tbl @@ -406,3 +406,5 @@ 465 n32 listxattrat sys_listxattrat 466 n32 removexattrat sys_removexattrat 467 n32 open_tree_attr sys_open_tree_attr +468 n32 lsm_config_self_policy sys_lsm_config_self_policy +469 n32 lsm_config_system_policy sys_lsm_config_system_policy diff --git a/arch/mips/kernel/syscalls/syscall_n64.tbl b/arch/mips/kernel/syscalls/syscall_n64.tbl index 1e8c44c7b614..813207b61f58 100644 --- a/arch/mips/kernel/syscalls/syscall_n64.tbl +++ b/arch/mips/kernel/syscalls/syscall_n64.tbl @@ -382,3 +382,5 @@ 465 n64 listxattrat sys_listxattrat 466 n64 removexattrat sys_removexattrat 467 n64 open_tree_attr sys_open_tree_attr +468 n64 lsm_config_self_policy sys_lsm_config_self_policy +469 n64 lsm_config_system_policy sys_lsm_config_system_policy diff --git a/arch/mips/kernel/syscalls/syscall_o32.tbl b/arch/mips/kernel/syscalls/syscall_o32.tbl index 114a5a1a6230..9cd0946b4370 100644 --- a/arch/mips/kernel/syscalls/syscall_o32.tbl +++ b/arch/mips/kernel/syscalls/syscall_o32.tbl @@ -455,3 +455,5 @@ 465 o32 listxattrat sys_listxattrat 466 o32 removexattrat sys_removexattrat 467 o32 open_tree_attr sys_open_tree_attr +468 o32 lsm_config_self_policy sys_lsm_config_self_policy +469 o32 lsm_config_system_policy sys_lsm_config_system_policy diff --git a/arch/parisc/kernel/syscalls/syscall.tbl b/arch/parisc/kernel/syscalls/syscall.tbl index 94df3cb957e9..9db01dd55793 100644 --- a/arch/parisc/kernel/syscalls/syscall.tbl +++ b/arch/parisc/kernel/syscalls/syscall.tbl @@ -466,3 +466,5 @@ 465 common listxattrat sys_listxattrat 466 common removexattrat sys_removexattrat 467 common open_tree_attr sys_open_tree_attr +468 common lsm_config_self_policy sys_lsm_config_self_policy +469 common lsm_config_system_policy sys_lsm_config_system_policy diff --git a/arch/powerpc/kernel/syscalls/syscall.tbl b/arch/powerpc/kernel/syscalls/syscall.tbl index 9a084bdb8926..97714acb39ab 100644 --- a/arch/powerpc/kernel/syscalls/syscall.tbl +++ b/arch/powerpc/kernel/syscalls/syscall.tbl @@ -558,3 +558,5 @@ 465 common listxattrat sys_listxattrat 466 common removexattrat sys_removexattrat 467 common open_tree_attr sys_open_tree_attr +468 common lsm_config_self_policy sys_lsm_config_self_policy +469 common lsm_config_system_policy sys_lsm_config_system_policy diff --git a/arch/s390/kernel/syscalls/syscall.tbl b/arch/s390/kernel/syscalls/syscall.tbl index a4569b96ef06..d2b0f14fb516 100644 --- a/arch/s390/kernel/syscalls/syscall.tbl +++ b/arch/s390/kernel/syscalls/syscall.tbl @@ -470,3 +470,5 @@ 465 common listxattrat sys_listxattrat sys_listxattrat 466 common removexattrat sys_removexattrat sys_removexattrat 467 common open_tree_attr sys_open_tree_attr sys_open_tree_attr +468 common lsm_config_self_policy sys_lsm_config_self_policy sys_lsm_config_self_policy +469 common lsm_config_system_policy sys_lsm_config_system_policy sys_lsm_config_system_policy diff --git a/arch/sh/kernel/syscalls/syscall.tbl b/arch/sh/kernel/syscalls/syscall.tbl index 52a7652fcff6..210d7118ce16 100644 --- a/arch/sh/kernel/syscalls/syscall.tbl +++ b/arch/sh/kernel/syscalls/syscall.tbl @@ -471,3 +471,5 @@ 465 common listxattrat sys_listxattrat 466 common removexattrat sys_removexattrat 467 common open_tree_attr sys_open_tree_attr +468 common lsm_config_self_policy sys_lsm_config_self_policy +469 common lsm_config_system_policy sys_lsm_config_system_policy diff --git a/arch/sparc/kernel/syscalls/syscall.tbl b/arch/sparc/kernel/syscalls/syscall.tbl index 83e45eb6c095..494417d80680 100644 --- a/arch/sparc/kernel/syscalls/syscall.tbl +++ b/arch/sparc/kernel/syscalls/syscall.tbl @@ -513,3 +513,5 @@ 465 common listxattrat sys_listxattrat 466 common removexattrat sys_removexattrat 467 common open_tree_attr sys_open_tree_attr +468 common lsm_config_self_policy sys_lsm_config_self_policy +469 common lsm_config_system_policy sys_lsm_config_system_policy diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl index ac007ea00979..36c2c538e04f 100644 --- a/arch/x86/entry/syscalls/syscall_32.tbl +++ b/arch/x86/entry/syscalls/syscall_32.tbl @@ -473,3 +473,5 @@ 465 i386 listxattrat sys_listxattrat 466 i386 removexattrat sys_removexattrat 467 i386 open_tree_attr sys_open_tree_attr +468 i386 lsm_config_self_policy sys_lsm_config_self_policy +469 i386 lsm_config_system_policy sys_lsm_config_system_policy diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl index cfb5ca41e30d..7eefbccfe531 100644 --- a/arch/x86/entry/syscalls/syscall_64.tbl +++ b/arch/x86/entry/syscalls/syscall_64.tbl @@ -391,6 +391,8 @@ 465 common listxattrat sys_listxattrat 466 common removexattrat sys_removexattrat 467 common open_tree_attr sys_open_tree_attr +468 common lsm_config_self_policy sys_lsm_config_self_policy +469 common lsm_config_system_policy sys_lsm_config_system_policy # # Due to a historical design error, certain syscalls are numbered differently diff --git a/arch/xtensa/kernel/syscalls/syscall.tbl b/arch/xtensa/kernel/syscalls/syscall.tbl index f657a77314f8..90d86a54a952 100644 --- a/arch/xtensa/kernel/syscalls/syscall.tbl +++ b/arch/xtensa/kernel/syscalls/syscall.tbl @@ -438,3 +438,5 @@ 465 common listxattrat sys_listxattrat 466 common removexattrat sys_removexattrat 467 common open_tree_attr sys_open_tree_attr +468 common lsm_config_self_policy sys_lsm_config_self_policy +469 common lsm_config_system_policy sys_lsm_config_system_policy diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index e5603cc91963..15b0f35c42fe 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -988,6 +988,11 @@ asmlinkage long sys_lsm_get_self_attr(unsigned int attr, struct lsm_ctx __user * asmlinkage long sys_lsm_set_self_attr(unsigned int attr, struct lsm_ctx __user *ctx, u32 size, u32 flags); asmlinkage long sys_lsm_list_modules(u64 __user *ids, u32 __user *size, u32 flags); +asmlinkage long sys_lsm_config_self_policy(u32 lsm_id, u32 op, void __user *buf, + u32 __user *size, u32 flags); +asmlinkage long sys_lsm_config_system_policy(u32 lsm_id, u32 op, void __user *buf, + u32 __user *size, u32 flags); + /* * Architecture-specific system calls diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index 2892a45023af..34278cc6a476 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -851,9 +851,13 @@ __SYSCALL(__NR_listxattrat, sys_listxattrat) __SYSCALL(__NR_removexattrat, sys_removexattrat) #define __NR_open_tree_attr 467 __SYSCALL(__NR_open_tree_attr, sys_open_tree_attr) +#define __NR_lsm_config_self_policy 468 +__SYSCALL(__NR_lsm_config_self_policy, lsm_config_self_policy) +#define __NR_lsm_config_system_policy 469 +__SYSCALL(__NR_lsm_config_system_policy, lsm_config_system_policy) #undef __NR_syscalls -#define __NR_syscalls 468 +#define __NR_syscalls 470 /* * 32 bit systems traditionally used different diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index c00a86931f8c..3ecebcd3fbe0 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -172,6 +172,8 @@ COND_SYSCALL_COMPAT(fadvise64_64); COND_SYSCALL(lsm_get_self_attr); COND_SYSCALL(lsm_set_self_attr); COND_SYSCALL(lsm_list_modules); +COND_SYSCALL(lsm_config_self_policy); +COND_SYSCALL(lsm_config_system_policy); /* CONFIG_MMU only */ COND_SYSCALL(swapon); diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c index 8440948a690c..a3cb6dab8102 100644 --- a/security/lsm_syscalls.c +++ b/security/lsm_syscalls.c @@ -118,3 +118,15 @@ SYSCALL_DEFINE3(lsm_list_modules, u64 __user *, ids, u32 __user *, size, return lsm_active_cnt; } + +SYSCALL_DEFINE5(lsm_config_self_policy, u32, lsm_id, u32, op, void __user *, + buf, u32 __user *, size, u32, flags) +{ + return 0; +} + +SYSCALL_DEFINE5(lsm_config_system_policy, u32, lsm_id, u32, op, void __user *, + buf, u32 __user *, size, u32, flags) +{ + return 0; +} diff --git a/tools/include/uapi/asm-generic/unistd.h b/tools/include/uapi/asm-generic/unistd.h index 2892a45023af..34278cc6a476 100644 --- a/tools/include/uapi/asm-generic/unistd.h +++ b/tools/include/uapi/asm-generic/unistd.h @@ -851,9 +851,13 @@ __SYSCALL(__NR_listxattrat, sys_listxattrat) __SYSCALL(__NR_removexattrat, sys_removexattrat) #define __NR_open_tree_attr 467 __SYSCALL(__NR_open_tree_attr, sys_open_tree_attr) +#define __NR_lsm_config_self_policy 468 +__SYSCALL(__NR_lsm_config_self_policy, lsm_config_self_policy) +#define __NR_lsm_config_system_policy 469 +__SYSCALL(__NR_lsm_config_system_policy, lsm_config_system_policy) #undef __NR_syscalls -#define __NR_syscalls 468 +#define __NR_syscalls 470 /* * 32 bit systems traditionally used different diff --git a/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl b/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl index cfb5ca41e30d..7eefbccfe531 100644 --- a/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl +++ b/tools/perf/arch/x86/entry/syscalls/syscall_64.tbl @@ -391,6 +391,8 @@ 465 common listxattrat sys_listxattrat 466 common removexattrat sys_removexattrat 467 common open_tree_attr sys_open_tree_attr +468 common lsm_config_self_policy sys_lsm_config_self_policy +469 common lsm_config_system_policy sys_lsm_config_system_policy # # Due to a historical design error, certain syscalls are numbered differently -- 2.48.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH v2 2/3] lsm: introduce security_lsm_config_*_policy hooks 2025-06-19 18:15 [PATCH v2 0/3] lsm: introduce lsm_config_self_policy() and lsm_config_system_policy() syscalls Maxime Bélair 2025-06-19 18:15 ` [PATCH v2 1/3] Wire up lsm_config_self_policy and lsm_config_system_policy syscalls Maxime Bélair @ 2025-06-19 18:15 ` Maxime Bélair 2025-06-20 3:03 ` Randy Dunlap ` (2 more replies) 2025-06-19 18:15 ` [PATCH v2 3/3] AppArmor: add support for lsm_config_self_policy and lsm_config_system_policy Maxime Bélair 2 siblings, 3 replies; 9+ messages in thread From: Maxime Bélair @ 2025-06-19 18:15 UTC (permalink / raw) To: linux-security-module Cc: john.johansen, paul, jmorris, serge, mic, kees, stephen.smalley.work, casey, takedakn, penguin-kernel, song, linux-api, apparmor, linux-kernel, Maxime Bélair Define two new LSM hooks: security_lsm_config_self_policy and security_lsm_config_system_policy and wire them into the corresponding lsm_config_*_policy() syscalls so that LSMs can register a unified interface for policy management. This initial, minimal implementation only supports the LSM_POLICY_LOAD operation to limit changes. Signed-off-by: Maxime Bélair <maxime.belair@canonical.com> --- include/linux/lsm_hook_defs.h | 4 ++ include/linux/security.h | 16 ++++++++ include/uapi/linux/lsm.h | 8 ++++ security/Kconfig | 22 +++++++++++ security/lsm_syscalls.c | 17 ++++++++- security/security.c | 69 +++++++++++++++++++++++++++++++++++ 6 files changed, 134 insertions(+), 2 deletions(-) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index bf3bbac4e02a..fca490444643 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -464,3 +464,7 @@ LSM_HOOK(int, 0, bdev_alloc_security, struct block_device *bdev) LSM_HOOK(void, LSM_RET_VOID, bdev_free_security, struct block_device *bdev) LSM_HOOK(int, 0, bdev_setintegrity, struct block_device *bdev, enum lsm_integrity_type type, const void *value, size_t size) +LSM_HOOK(int, -EINVAL, lsm_config_self_policy, u32 lsm_id, u32 op, + void __user *buf, size_t size, u32 flags) +LSM_HOOK(int, -EINVAL, lsm_config_system_policy, u32 lsm_id, u32 op, + void __user *buf, size_t size, u32 flags) diff --git a/include/linux/security.h b/include/linux/security.h index cc9b54d95d22..c2158f2656fd 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -581,6 +581,11 @@ void security_bdev_free(struct block_device *bdev); int security_bdev_setintegrity(struct block_device *bdev, enum lsm_integrity_type type, const void *value, size_t size); +int security_lsm_config_self_policy(u32 lsm_id, u32 op, void __user *buf, + size_t size, u32 flags); +int security_lsm_config_system_policy(u32 lsm_id, u32 op, void __user *buf, + size_t size, u32 flags); + #else /* CONFIG_SECURITY */ /** @@ -1603,6 +1608,17 @@ static inline int security_bdev_setintegrity(struct block_device *bdev, return 0; } +static int security_lsm_config_self_policy(u32 lsm_id, u32 op, void __user *buf, + size_t size, u32 flags) + + return -EOPNOTSUPP; +} + +static int security_lsm_config_system_policy(u32 lsm_id, u32 op, void __user *buf, + size_t size, u32 flags) + + return -EOPNOTSUPP; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/include/uapi/linux/lsm.h b/include/uapi/linux/lsm.h index 938593dfd5da..844279f819ce 100644 --- a/include/uapi/linux/lsm.h +++ b/include/uapi/linux/lsm.h @@ -90,4 +90,12 @@ struct lsm_ctx { */ #define LSM_FLAG_SINGLE 0x0001 +/* + * LSM_POLICY_XXX definitions identify the different operations + * configure lsm policies + */ + +#define LSM_POLICY_UNDEF 0 +#define LSM_POLICY_LOAD 100 + #endif /* _UAPI_LINUX_LSM_H */ diff --git a/security/Kconfig b/security/Kconfig index 4816fc74f81e..958be7b49a9e 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -220,6 +220,28 @@ config STATIC_USERMODEHELPER_PATH If you wish for all usermode helper programs to be disabled, specify an empty string here (i.e. ""). +config LSM_CONFIG_SELF_POLICY_MAX_BUFFER_SIZE + int "Maximum buffer size for lsm_manage_policy" + range 16384 1073741824 + depends on SECURITY + default 4194304 + help + The maximum size of the buffer argument of lsm_config_self_policy. + + The default value of 4194304 (4MiB) is reasonable and should be large + enough to fit policies in for most cases. + +config LSM_CONFIG_SYSTEM_POLICY_MAX_BUFFER_SIZE + int "Maximum buffer size for lsm_manage_policy" + range 16384 1073741824 + depends on SECURITY + default 4194304 + help + The maximum size of the buffer argument of lsm_config_system_policy. + + The default value of 4194304 (4MiB) is reasonable and should be large + enough to fit policies in for most cases + source "security/selinux/Kconfig" source "security/smack/Kconfig" source "security/tomoyo/Kconfig" diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c index a3cb6dab8102..dd016ba6976c 100644 --- a/security/lsm_syscalls.c +++ b/security/lsm_syscalls.c @@ -122,11 +122,24 @@ SYSCALL_DEFINE3(lsm_list_modules, u64 __user *, ids, u32 __user *, size, SYSCALL_DEFINE5(lsm_config_self_policy, u32, lsm_id, u32, op, void __user *, buf, u32 __user *, size, u32, flags) { - return 0; + size_t usize; + + if (get_user(usize, size)) + return -EFAULT; + + return security_lsm_config_self_policy(lsm_id, op, buf, usize, flags); } SYSCALL_DEFINE5(lsm_config_system_policy, u32, lsm_id, u32, op, void __user *, buf, u32 __user *, size, u32, flags) { - return 0; + size_t usize; + + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; + + if (get_user(usize, size)) + return -EFAULT; + + return security_lsm_config_system_policy(lsm_id, op, buf, usize, flags); } diff --git a/security/security.c b/security/security.c index fb57e8fddd91..8efea2b6e967 100644 --- a/security/security.c +++ b/security/security.c @@ -5883,6 +5883,75 @@ int security_bdev_setintegrity(struct block_device *bdev, } EXPORT_SYMBOL(security_bdev_setintegrity); +/** + * security_lsm_config_self_policy() - Manage caller's LSM policies + * @lsm_id: id of the LSM to target + * @op: Operation to perform (one of the LSM_POLICY_XXX values) + * @buf: userspace pointer to policy data + * @size: size of @buf + * @flags: lsm policy management flags + * + * Manage the policies of a LSM for the current domain/user. This notably allows + * to update them even when the lsmfs is unavailable is restricted. Currently, + * only LSM_POLICY_LOAD is supported. + * + * Return: Returns 0 on success, error on failure. + */ +int security_lsm_config_self_policy(u32 lsm_id, u32 op, void __user *buf, + size_t size, u32 flags) +{ + int rc = LSM_RET_DEFAULT(lsm_config_self_policy); + struct lsm_static_call *scall; + + if (size > (CONFIG_LSM_CONFIG_SELF_POLICY_MAX_BUFFER_SIZE)) + return -E2BIG; + + lsm_for_each_hook(scall, lsm_config_self_policy) { + if ((scall->hl->lsmid->id) == lsm_id) { + rc = scall->hl->hook.lsm_config_self_policy(lsm_id, op, buf, size, flags); + break; + } + } + + return rc; +} +EXPORT_SYMBOL(security_lsm_config_self_policy); + +/** + * security_lsm_config_system_policy() - Manage system LSM policies + * @lsm_id: id of the lsm to target + * @op: Operation to perform (one of the LSM_POLICY_XXX values) + * @buf: userspace pointer to policy data + * @size: size of @buf + * @flags: lsm policy management flags + * + * Manage the policies of a LSM for the whole system. This notably allows + * to update them even when the lsmfs is unavailable is restricted. Currently, + * only LSM_POLICY_LOAD is supported. + * + * Return: Returns 0 on success, error on failure. + */ +int security_lsm_config_system_policy(u32 lsm_id, u32 op, void __user *buf, + size_t size, u32 flags) +{ + int rc = LSM_RET_DEFAULT(lsm_config_system_policy); + struct lsm_static_call *scall; + + if (size > (CONFIG_LSM_CONFIG_SYSTEM_POLICY_MAX_BUFFER_SIZE)) + return -E2BIG; + + lsm_for_each_hook(scall, lsm_config_system_policy) { + if ((scall->hl->lsmid->id) == lsm_id) { + rc = scall->hl->hook.lsm_config_system_policy(lsm_id, op, buf, size, flags); + break; + } + } + + return rc; +} +EXPORT_SYMBOL(security_lsm_config_system_policy); + + #ifdef CONFIG_PERF_EVENTS /** * security_perf_event_open() - Check if a perf event open is allowed -- 2.48.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH v2 2/3] lsm: introduce security_lsm_config_*_policy hooks 2025-06-19 18:15 ` [PATCH v2 2/3] lsm: introduce security_lsm_config_*_policy hooks Maxime Bélair @ 2025-06-20 3:03 ` Randy Dunlap 2025-06-20 6:28 ` kernel test robot 2025-06-20 10:54 ` kernel test robot 2 siblings, 0 replies; 9+ messages in thread From: Randy Dunlap @ 2025-06-20 3:03 UTC (permalink / raw) To: Maxime Bélair, linux-security-module Cc: john.johansen, paul, jmorris, serge, mic, kees, stephen.smalley.work, casey, takedakn, penguin-kernel, song, linux-api, apparmor, linux-kernel On 6/19/25 11:15 AM, Maxime Bélair wrote: > Define two new LSM hooks: security_lsm_config_self_policy and > security_lsm_config_system_policy and wire them into the corresponding > lsm_config_*_policy() syscalls so that LSMs can register a unified > interface for policy management. This initial, minimal implementation > only supports the LSM_POLICY_LOAD operation to limit changes. > > Signed-off-by: Maxime Bélair <maxime.belair@canonical.com> > --- > include/linux/lsm_hook_defs.h | 4 ++ > include/linux/security.h | 16 ++++++++ > include/uapi/linux/lsm.h | 8 ++++ > security/Kconfig | 22 +++++++++++ > security/lsm_syscalls.c | 17 ++++++++- > security/security.c | 69 +++++++++++++++++++++++++++++++++++ > 6 files changed, 134 insertions(+), 2 deletions(-) > > diff --git a/security/Kconfig b/security/Kconfig > index 4816fc74f81e..958be7b49a9e 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -220,6 +220,28 @@ config STATIC_USERMODEHELPER_PATH > If you wish for all usermode helper programs to be disabled, > specify an empty string here (i.e. ""). > > +config LSM_CONFIG_SELF_POLICY_MAX_BUFFER_SIZE > + int "Maximum buffer size for lsm_manage_policy" Update function name. > + range 16384 1073741824 > + depends on SECURITY > + default 4194304 > + help > + The maximum size of the buffer argument of lsm_config_self_policy. > + > + The default value of 4194304 (4MiB) is reasonable and should be large > + enough to fit policies in for most cases. > + > +config LSM_CONFIG_SYSTEM_POLICY_MAX_BUFFER_SIZE > + int "Maximum buffer size for lsm_manage_policy" same here. > + range 16384 1073741824 > + depends on SECURITY > + default 4194304 > + help > + The maximum size of the buffer argument of lsm_config_system_policy. > + > + The default value of 4194304 (4MiB) is reasonable and should be large > + enough to fit policies in for most cases > + > source "security/selinux/Kconfig" > source "security/smack/Kconfig" > source "security/tomoyo/Kconfig" > diff --git a/security/security.c b/security/security.c > index fb57e8fddd91..8efea2b6e967 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -5883,6 +5883,75 @@ int security_bdev_setintegrity(struct block_device *bdev, > } > EXPORT_SYMBOL(security_bdev_setintegrity); > > +/** > + * security_lsm_config_self_policy() - Manage caller's LSM policies > + * @lsm_id: id of the LSM to target > + * @op: Operation to perform (one of the LSM_POLICY_XXX values) > + * @buf: userspace pointer to policy data > + * @size: size of @buf > + * @flags: lsm policy management flags > + * > + * Manage the policies of a LSM for the current domain/user. This notably allows > + * to update them even when the lsmfs is unavailable is restricted. Currently, or ? > + * only LSM_POLICY_LOAD is supported. > + * > + * Return: Returns 0 on success, error on failure. > + */ > +int security_lsm_config_self_policy(u32 lsm_id, u32 op, void __user *buf, > + size_t size, u32 flags) > +{ > + int rc = LSM_RET_DEFAULT(lsm_config_self_policy); > + struct lsm_static_call *scall; > + > + if (size > (CONFIG_LSM_CONFIG_SELF_POLICY_MAX_BUFFER_SIZE)) > + return -E2BIG; > + > + lsm_for_each_hook(scall, lsm_config_self_policy) { > + if ((scall->hl->lsmid->id) == lsm_id) { > + rc = scall->hl->hook.lsm_config_self_policy(lsm_id, op, buf, size, flags); > + break; > + } > + } > + > + return rc; > +} > +EXPORT_SYMBOL(security_lsm_config_self_policy); > + > +/** > + * security_lsm_config_system_policy() - Manage system LSM policies > + * @lsm_id: id of the lsm to target > + * @op: Operation to perform (one of the LSM_POLICY_XXX values) > + * @buf: userspace pointer to policy data > + * @size: size of @buf > + * @flags: lsm policy management flags > + * > + * Manage the policies of a LSM for the whole system. This notably allows > + * to update them even when the lsmfs is unavailable is restricted. Currently, or ? > + * only LSM_POLICY_LOAD is supported. > + * > + * Return: Returns 0 on success, error on failure. > + */ > +int security_lsm_config_system_policy(u32 lsm_id, u32 op, void __user *buf, > + size_t size, u32 flags) > +{ [snip] -- ~Randy ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v2 2/3] lsm: introduce security_lsm_config_*_policy hooks 2025-06-19 18:15 ` [PATCH v2 2/3] lsm: introduce security_lsm_config_*_policy hooks Maxime Bélair 2025-06-20 3:03 ` Randy Dunlap @ 2025-06-20 6:28 ` kernel test robot 2025-06-20 10:54 ` kernel test robot 2 siblings, 0 replies; 9+ messages in thread From: kernel test robot @ 2025-06-20 6:28 UTC (permalink / raw) To: Maxime Bélair, linux-security-module Cc: llvm, oe-kbuild-all, john.johansen, paul, jmorris, serge, mic, kees, stephen.smalley.work, casey, takedakn, penguin-kernel, song, linux-api, apparmor, linux-kernel, Maxime Bélair Hi Maxime, kernel test robot noticed the following build errors: [auto build test ERROR on 9c32cda43eb78f78c73aee4aa344b777714e259b] url: https://github.com/intel-lab-lkp/linux/commits/Maxime-B-lair/Wire-up-lsm_config_self_policy-and-lsm_config_system_policy-syscalls/20250620-022714 base: 9c32cda43eb78f78c73aee4aa344b777714e259b patch link: https://lore.kernel.org/r/20250619181600.478038-3-maxime.belair%40canonical.com patch subject: [PATCH v2 2/3] lsm: introduce security_lsm_config_*_policy hooks config: x86_64-buildonly-randconfig-003-20250620 (https://download.01.org/0day-ci/archive/20250620/202506201415.KiEs36AG-lkp@intel.com/config) compiler: clang version 20.1.2 (https://github.com/llvm/llvm-project 58df0ef89dd64126512e4ee27b4ac3fd8ddf6247) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250620/202506201415.KiEs36AG-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202506201415.KiEs36AG-lkp@intel.com/ All errors (new ones prefixed by >>): In file included from kernel/fork.c:52: >> include/linux/security.h:1614:2: error: expected function body after function declarator 1614 | return -EOPNOTSUPP; | ^ >> include/linux/security.h:1615:1: error: extraneous closing brace ('}') 1615 | } | ^ include/linux/security.h:1620:2: error: expected function body after function declarator 1620 | return -EOPNOTSUPP; | ^ include/linux/security.h:1621:1: error: extraneous closing brace ('}') 1621 | } | ^ 4 errors generated. -- In file included from kernel/sysctl.c:29: >> include/linux/security.h:1614:2: error: expected function body after function declarator 1614 | return -EOPNOTSUPP; | ^ >> include/linux/security.h:1615:1: error: extraneous closing brace ('}') 1615 | } | ^ include/linux/security.h:1620:2: error: expected function body after function declarator 1620 | return -EOPNOTSUPP; | ^ include/linux/security.h:1621:1: error: extraneous closing brace ('}') 1621 | } | ^ In file included from kernel/sysctl.c:46: In file included from include/linux/nfs_fs.h:31: In file included from include/linux/sunrpc/auth.h:13: In file included from include/linux/sunrpc/sched.h:19: include/linux/sunrpc/xdr.h:803:46: warning: result of comparison of constant 4611686018427387903 with expression of type '__u32' (aka 'unsigned int') is always false [-Wtautological-constant-out-of-range-compare] 803 | if (U32_MAX >= SIZE_MAX / sizeof(*p) && len > SIZE_MAX / sizeof(*p)) | ~~~ ^ ~~~~~~~~~~~~~~~~~~~~~ 1 warning and 4 errors generated. -- In file included from kernel/signal.c:30: >> include/linux/security.h:1614:2: error: expected function body after function declarator 1614 | return -EOPNOTSUPP; | ^ >> include/linux/security.h:1615:1: error: extraneous closing brace ('}') 1615 | } | ^ include/linux/security.h:1620:2: error: expected function body after function declarator 1620 | return -EOPNOTSUPP; | ^ include/linux/security.h:1621:1: error: extraneous closing brace ('}') 1621 | } | ^ kernel/signal.c:142:37: warning: array index 3 is past the end of the array (that has type 'unsigned long[1]') [-Warray-bounds] 142 | case 4: ready = signal->sig[3] &~ blocked->sig[3]; | ^ ~ arch/x86/include/asm/signal.h:24:2: note: array 'sig' declared here 24 | unsigned long sig[_NSIG_WORDS]; | ^ kernel/signal.c:142:19: warning: array index 3 is past the end of the array (that has type 'unsigned long[1]') [-Warray-bounds] 142 | case 4: ready = signal->sig[3] &~ blocked->sig[3]; | ^ ~ arch/x86/include/asm/signal.h:24:2: note: array 'sig' declared here 24 | unsigned long sig[_NSIG_WORDS]; | ^ kernel/signal.c:143:30: warning: array index 2 is past the end of the array (that has type 'unsigned long[1]') [-Warray-bounds] 143 | ready |= signal->sig[2] &~ blocked->sig[2]; | ^ ~ arch/x86/include/asm/signal.h:24:2: note: array 'sig' declared here 24 | unsigned long sig[_NSIG_WORDS]; | ^ kernel/signal.c:143:12: warning: array index 2 is past the end of the array (that has type 'unsigned long[1]') [-Warray-bounds] 143 | ready |= signal->sig[2] &~ blocked->sig[2]; | ^ ~ arch/x86/include/asm/signal.h:24:2: note: array 'sig' declared here 24 | unsigned long sig[_NSIG_WORDS]; | ^ kernel/signal.c:144:30: warning: array index 1 is past the end of the array (that has type 'unsigned long[1]') [-Warray-bounds] 144 | ready |= signal->sig[1] &~ blocked->sig[1]; | ^ ~ arch/x86/include/asm/signal.h:24:2: note: array 'sig' declared here 24 | unsigned long sig[_NSIG_WORDS]; | ^ kernel/signal.c:144:12: warning: array index 1 is past the end of the array (that has type 'unsigned long[1]') [-Warray-bounds] 144 | ready |= signal->sig[1] &~ blocked->sig[1]; | ^ ~ arch/x86/include/asm/signal.h:24:2: note: array 'sig' declared here 24 | unsigned long sig[_NSIG_WORDS]; | ^ kernel/signal.c:148:37: warning: array index 1 is past the end of the array (that has type 'unsigned long[1]') [-Warray-bounds] 148 | case 2: ready = signal->sig[1] &~ blocked->sig[1]; | ^ ~ arch/x86/include/asm/signal.h:24:2: note: array 'sig' declared here 24 | unsigned long sig[_NSIG_WORDS]; | ^ kernel/signal.c:148:19: warning: array index 1 is past the end of the array (that has type 'unsigned long[1]') [-Warray-bounds] 148 | case 2: ready = signal->sig[1] &~ blocked->sig[1]; | ^ ~ arch/x86/include/asm/signal.h:24:2: note: array 'sig' declared here 24 | unsigned long sig[_NSIG_WORDS]; | ^ 8 warnings and 4 errors generated. -- In file included from kernel/dma/swiotlb.c:53: In file included from include/trace/events/swiotlb.h:41: In file included from include/trace/define_trace.h:119: In file included from include/trace/trace_events.h:21: In file included from include/linux/trace_events.h:10: In file included from include/linux/perf_event.h:62: >> include/linux/security.h:1614:2: error: expected function body after function declarator 1614 | return -EOPNOTSUPP; | ^ >> include/linux/security.h:1615:1: error: extraneous closing brace ('}') 1615 | } | ^ include/linux/security.h:1620:2: error: expected function body after function declarator 1620 | return -EOPNOTSUPP; | ^ include/linux/security.h:1621:1: error: extraneous closing brace ('}') 1621 | } | ^ kernel/dma/swiotlb.c:639:20: warning: shift count >= width of type [-Wshift-count-overflow] 639 | phys_limit < DMA_BIT_MASK(64) && | ^~~~~~~~~~~~~~~~ include/linux/dma-mapping.h:73:54: note: expanded from macro 'DMA_BIT_MASK' 73 | #define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1)) | ^ ~~~ 1 warning and 4 errors generated. -- In file included from kernel/events/core.c:34: In file included from include/linux/syscalls.h:94: In file included from include/trace/syscall.h:7: In file included from include/linux/trace_events.h:10: In file included from include/linux/perf_event.h:62: >> include/linux/security.h:1614:2: error: expected function body after function declarator 1614 | return -EOPNOTSUPP; | ^ >> include/linux/security.h:1615:1: error: extraneous closing brace ('}') 1615 | } | ^ include/linux/security.h:1620:2: error: expected function body after function declarator 1620 | return -EOPNOTSUPP; | ^ include/linux/security.h:1621:1: error: extraneous closing brace ('}') 1621 | } | ^ In file included from kernel/events/core.c:43: include/linux/mman.h:157:9: warning: division by zero is undefined [-Wdivision-by-zero] 157 | _calc_vm_trans(flags, MAP_SYNC, VM_SYNC ) | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/mman.h:135:21: note: expanded from macro '_calc_vm_trans' 135 | : ((x) & (bit1)) / ((bit1) / (bit2)))) | ^ ~~~~~~~~~~~~~~~~~ include/linux/mman.h:158:9: warning: division by zero is undefined [-Wdivision-by-zero] 158 | _calc_vm_trans(flags, MAP_STACK, VM_NOHUGEPAGE) | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/mman.h:135:21: note: expanded from macro '_calc_vm_trans' 135 | : ((x) & (bit1)) / ((bit1) / (bit2)))) | ^ ~~~~~~~~~~~~~~~~~ 2 warnings and 4 errors generated. vim +1614 include/linux/security.h 1610 1611 static int security_lsm_config_self_policy(u32 lsm_id, u32 op, void __user *buf, 1612 size_t size, u32 flags) 1613 > 1614 return -EOPNOTSUPP; > 1615 } 1616 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v2 2/3] lsm: introduce security_lsm_config_*_policy hooks 2025-06-19 18:15 ` [PATCH v2 2/3] lsm: introduce security_lsm_config_*_policy hooks Maxime Bélair 2025-06-20 3:03 ` Randy Dunlap 2025-06-20 6:28 ` kernel test robot @ 2025-06-20 10:54 ` kernel test robot 2 siblings, 0 replies; 9+ messages in thread From: kernel test robot @ 2025-06-20 10:54 UTC (permalink / raw) To: Maxime Bélair, linux-security-module Cc: oe-kbuild-all, john.johansen, paul, jmorris, serge, mic, kees, stephen.smalley.work, casey, takedakn, penguin-kernel, song, linux-api, apparmor, linux-kernel, Maxime Bélair Hi Maxime, kernel test robot noticed the following build warnings: [auto build test WARNING on 9c32cda43eb78f78c73aee4aa344b777714e259b] url: https://github.com/intel-lab-lkp/linux/commits/Maxime-B-lair/Wire-up-lsm_config_self_policy-and-lsm_config_system_policy-syscalls/20250620-022714 base: 9c32cda43eb78f78c73aee4aa344b777714e259b patch link: https://lore.kernel.org/r/20250619181600.478038-3-maxime.belair%40canonical.com patch subject: [PATCH v2 2/3] lsm: introduce security_lsm_config_*_policy hooks config: i386-buildonly-randconfig-006-20250620 (https://download.01.org/0day-ci/archive/20250620/202506201824.SlorGLXM-lkp@intel.com/config) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250620/202506201824.SlorGLXM-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202506201824.SlorGLXM-lkp@intel.com/ All warnings (new ones prefixed by >>): | ^~~~~~~~~~~~~~~ include/linux/trace_events.h:869:13: error: storage class specified for parameter 'perf_trace_destroy' 869 | extern void perf_trace_destroy(struct perf_event *event); | ^~~~~~~~~~~~~~~~~~ include/linux/trace_events.h:870:13: error: storage class specified for parameter 'perf_trace_add' 870 | extern int perf_trace_add(struct perf_event *event, int flags); | ^~~~~~~~~~~~~~ include/linux/trace_events.h:871:13: error: storage class specified for parameter 'perf_trace_del' 871 | extern void perf_trace_del(struct perf_event *event, int flags); | ^~~~~~~~~~~~~~ include/linux/trace_events.h:890:13: error: storage class specified for parameter 'ftrace_profile_set_filter' 890 | extern int ftrace_profile_set_filter(struct perf_event *event, int event_id, | ^~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/trace_events.h:892:13: error: storage class specified for parameter 'ftrace_profile_free_filter' 892 | extern void ftrace_profile_free_filter(struct perf_event *event); | ^~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/trace_events.h:935:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 935 | { | ^ include/trace/syscall.h:25:1: warning: empty declaration 25 | struct syscall_metadata { | ^~~~~~ include/trace/syscall.h:47:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 47 | { | ^ In file included from include/linux/syscalls.h:104: arch/x86/include/asm/syscall_wrapper.h:11:13: error: storage class specified for parameter '__x64_sys_ni_syscall' 11 | extern long __x64_sys_ni_syscall(const struct pt_regs *regs); | ^~~~~~~~~~~~~~~~~~~~ arch/x86/include/asm/syscall_wrapper.h:12:13: error: storage class specified for parameter '__ia32_sys_ni_syscall' 12 | extern long __ia32_sys_ni_syscall(const struct pt_regs *regs); | ^~~~~~~~~~~~~~~~~~~~~ include/linux/syscalls.h:211:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 211 | { | ^ In file included from include/linux/linkage.h:8, from include/linux/preempt.h:10: arch/x86/include/asm/linkage.h:20:35: error: expected declaration specifiers before '__attribute__' 20 | #define asmlinkage CPP_ASMLINKAGE __attribute__((regparm(0))) | ^~~~~~~~~~~~~ include/linux/syscalls.h:1220:1: note: in expansion of macro 'asmlinkage' 1220 | asmlinkage long sys_ni_posix_timers(void); | ^~~~~~~~~~ include/linux/syscalls.h:1262:12: error: storage class specified for parameter 'do_fchownat' 1262 | extern int do_fchownat(int dfd, const char __user *filename, uid_t user, | ^~~~~~~~~~~ include/linux/syscalls.h:1267:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 1267 | { | ^ include/linux/syscalls.h:1273:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 1273 | { | ^ include/linux/syscalls.h:1281:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 1281 | { | ^ include/linux/syscalls.h:1288:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 1288 | { | ^ include/linux/syscalls.h:1293:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 1293 | { | ^ block/ioprio.c:34:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 34 | { | ^ arch/x86/include/asm/syscall_wrapper.h:224:21: error: storage class specified for parameter '__se_sys_ioprio_set' 224 | static long __se_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)); \ | ^~~~~~~~ include/linux/syscalls.h:235:9: note: in expansion of macro '__SYSCALL_DEFINEx' 235 | __SYSCALL_DEFINEx(x, sname, __VA_ARGS__) | ^~~~~~~~~~~~~~~~~ include/linux/syscalls.h:226:36: note: in expansion of macro 'SYSCALL_DEFINEx' 226 | #define SYSCALL_DEFINE3(name, ...) SYSCALL_DEFINEx(3, _##name, __VA_ARGS__) | ^~~~~~~~~~~~~~~ block/ioprio.c:69:1: note: in expansion of macro 'SYSCALL_DEFINE3' 69 | SYSCALL_DEFINE3(ioprio_set, int, which, int, who, int, ioprio) | ^~~~~~~~~~~~~~~ arch/x86/include/asm/syscall_wrapper.h:225:28: error: storage class specified for parameter '__do_sys_ioprio_set' 225 | static inline long __do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__));\ | ^~~~~~~~ include/linux/syscalls.h:235:9: note: in expansion of macro '__SYSCALL_DEFINEx' 235 | __SYSCALL_DEFINEx(x, sname, __VA_ARGS__) | ^~~~~~~~~~~~~~~~~ include/linux/syscalls.h:226:36: note: in expansion of macro 'SYSCALL_DEFINEx' 226 | #define SYSCALL_DEFINE3(name, ...) SYSCALL_DEFINEx(3, _##name, __VA_ARGS__) | ^~~~~~~~~~~~~~~ block/ioprio.c:69:1: note: in expansion of macro 'SYSCALL_DEFINE3' 69 | SYSCALL_DEFINE3(ioprio_set, int, which, int, who, int, ioprio) | ^~~~~~~~~~~~~~~ arch/x86/include/asm/syscall_wrapper.h:225:28: warning: parameter '__do_sys_ioprio_set' declared 'inline' 225 | static inline long __do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__));\ | ^~~~~~~~ include/linux/syscalls.h:235:9: note: in expansion of macro '__SYSCALL_DEFINEx' 235 | __SYSCALL_DEFINEx(x, sname, __VA_ARGS__) | ^~~~~~~~~~~~~~~~~ include/linux/syscalls.h:226:36: note: in expansion of macro 'SYSCALL_DEFINEx' 226 | #define SYSCALL_DEFINE3(name, ...) SYSCALL_DEFINEx(3, _##name, __VA_ARGS__) | ^~~~~~~~~~~~~~~ block/ioprio.c:69:1: note: in expansion of macro 'SYSCALL_DEFINE3' 69 | SYSCALL_DEFINE3(ioprio_set, int, which, int, who, int, ioprio) | ^~~~~~~~~~~~~~~ >> block/ioprio.c:69:1: warning: 'gnu_inline' attribute ignored [-Wattributes] arch/x86/include/asm/syscall_wrapper.h:225:28: error: 'no_instrument_function' attribute applies only to functions 225 | static inline long __do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__));\ | ^~~~~~~~ include/linux/syscalls.h:235:9: note: in expansion of macro '__SYSCALL_DEFINEx' 235 | __SYSCALL_DEFINEx(x, sname, __VA_ARGS__) | ^~~~~~~~~~~~~~~~~ include/linux/syscalls.h:226:36: note: in expansion of macro 'SYSCALL_DEFINEx' 226 | #define SYSCALL_DEFINE3(name, ...) SYSCALL_DEFINEx(3, _##name, __VA_ARGS__) | ^~~~~~~~~~~~~~~ block/ioprio.c:69:1: note: in expansion of macro 'SYSCALL_DEFINE3' 69 | SYSCALL_DEFINE3(ioprio_set, int, which, int, who, int, ioprio) | ^~~~~~~~~~~~~~~ arch/x86/include/asm/syscall_wrapper.h:93:55: error: expected declaration specifiers before ';' token 93 | ALLOW_ERROR_INJECTION(__##abi##_##name, ERRNO); \ | ^ arch/x86/include/asm/syscall_wrapper.h:128:9: note: in expansion of macro '__SYS_STUBx' 128 | __SYS_STUBx(ia32, sys##name, \ | ^~~~~~~~~~~ arch/x86/include/asm/syscall_wrapper.h:227:9: note: in expansion of macro '__IA32_SYS_STUBx' 227 | __IA32_SYS_STUBx(x, name, __VA_ARGS__) \ | ^~~~~~~~~~~~~~~~ include/linux/syscalls.h:235:9: note: in expansion of macro '__SYSCALL_DEFINEx' 235 | __SYSCALL_DEFINEx(x, sname, __VA_ARGS__) | ^~~~~~~~~~~~~~~~~ include/linux/syscalls.h:226:36: note: in expansion of macro 'SYSCALL_DEFINEx' 226 | #define SYSCALL_DEFINE3(name, ...) SYSCALL_DEFINEx(3, _##name, __VA_ARGS__) | ^~~~~~~~~~~~~~~ block/ioprio.c:69:1: note: in expansion of macro 'SYSCALL_DEFINE3' 69 | SYSCALL_DEFINE3(ioprio_set, int, which, int, who, int, ioprio) | ^~~~~~~~~~~~~~~ arch/x86/include/asm/syscall_wrapper.h:95:9: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 95 | { \ | ^ arch/x86/include/asm/syscall_wrapper.h:128:9: note: in expansion of macro '__SYS_STUBx' 128 | __SYS_STUBx(ia32, sys##name, \ | ^~~~~~~~~~~ arch/x86/include/asm/syscall_wrapper.h:227:9: note: in expansion of macro '__IA32_SYS_STUBx' 227 | __IA32_SYS_STUBx(x, name, __VA_ARGS__) \ | ^~~~~~~~~~~~~~~~ include/linux/syscalls.h:235:9: note: in expansion of macro '__SYSCALL_DEFINEx' 235 | __SYSCALL_DEFINEx(x, sname, __VA_ARGS__) | ^~~~~~~~~~~~~~~~~ include/linux/syscalls.h:226:36: note: in expansion of macro 'SYSCALL_DEFINEx' 226 | #define SYSCALL_DEFINE3(name, ...) SYSCALL_DEFINEx(3, _##name, __VA_ARGS__) | ^~~~~~~~~~~~~~~ block/ioprio.c:69:1: note: in expansion of macro 'SYSCALL_DEFINE3' 69 | SYSCALL_DEFINE3(ioprio_set, int, which, int, who, int, ioprio) | ^~~~~~~~~~~~~~~ arch/x86/include/asm/syscall_wrapper.h:229:9: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 229 | { \ | ^ include/linux/syscalls.h:235:9: note: in expansion of macro '__SYSCALL_DEFINEx' 235 | __SYSCALL_DEFINEx(x, sname, __VA_ARGS__) | ^~~~~~~~~~~~~~~~~ include/linux/syscalls.h:226:36: note: in expansion of macro 'SYSCALL_DEFINEx' 226 | #define SYSCALL_DEFINE3(name, ...) SYSCALL_DEFINEx(3, _##name, __VA_ARGS__) | ^~~~~~~~~~~~~~~ block/ioprio.c:69:1: note: in expansion of macro 'SYSCALL_DEFINE3' 69 | SYSCALL_DEFINE3(ioprio_set, int, which, int, who, int, ioprio) | ^~~~~~~~~~~~~~~ block/ioprio.c:70:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 70 | { | ^ block/ioprio.c:143:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 143 | { | ^ block/ioprio.c:163:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 163 | { | ^ block/ioprio.c:180:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 180 | { | ^ arch/x86/include/asm/syscall_wrapper.h:224:21: error: storage class specified for parameter '__se_sys_ioprio_get' 224 | static long __se_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)); \ | ^~~~~~~~ include/linux/syscalls.h:235:9: note: in expansion of macro '__SYSCALL_DEFINEx' 235 | __SYSCALL_DEFINEx(x, sname, __VA_ARGS__) | ^~~~~~~~~~~~~~~~~ include/linux/syscalls.h:225:36: note: in expansion of macro 'SYSCALL_DEFINEx' 225 | #define SYSCALL_DEFINE2(name, ...) SYSCALL_DEFINEx(2, _##name, __VA_ARGS__) | ^~~~~~~~~~~~~~~ block/ioprio.c:184:1: note: in expansion of macro 'SYSCALL_DEFINE2' 184 | SYSCALL_DEFINE2(ioprio_get, int, which, int, who) | ^~~~~~~~~~~~~~~ arch/x86/include/asm/syscall_wrapper.h:225:28: error: storage class specified for parameter '__do_sys_ioprio_get' 225 | static inline long __do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__));\ | ^~~~~~~~ include/linux/syscalls.h:235:9: note: in expansion of macro '__SYSCALL_DEFINEx' 235 | __SYSCALL_DEFINEx(x, sname, __VA_ARGS__) | ^~~~~~~~~~~~~~~~~ include/linux/syscalls.h:225:36: note: in expansion of macro 'SYSCALL_DEFINEx' 225 | #define SYSCALL_DEFINE2(name, ...) SYSCALL_DEFINEx(2, _##name, __VA_ARGS__) | ^~~~~~~~~~~~~~~ block/ioprio.c:184:1: note: in expansion of macro 'SYSCALL_DEFINE2' 184 | SYSCALL_DEFINE2(ioprio_get, int, which, int, who) | ^~~~~~~~~~~~~~~ arch/x86/include/asm/syscall_wrapper.h:225:28: warning: parameter '__do_sys_ioprio_get' declared 'inline' 225 | static inline long __do_sys##name(__MAP(x,__SC_DECL,__VA_ARGS__));\ | ^~~~~~~~ include/linux/syscalls.h:235:9: note: in expansion of macro '__SYSCALL_DEFINEx' -- include/linux/init_syscalls.h:7:12: error: section attribute not allowed for 'init_chroot' 7 | int __init init_chroot(const char *filename); | ^~~~~~~~~~~ include/linux/init_syscalls.h:8:12: error: section attribute not allowed for 'init_chown' 8 | int __init init_chown(const char *filename, uid_t user, gid_t group, int flags); | ^~~~~~~~~~ include/linux/init_syscalls.h:9:12: error: section attribute not allowed for 'init_chmod' 9 | int __init init_chmod(const char *filename, umode_t mode); | ^~~~~~~~~~ include/linux/init_syscalls.h:10:12: error: section attribute not allowed for 'init_eaccess' 10 | int __init init_eaccess(const char *filename); | ^~~~~~~~~~~~ include/linux/init_syscalls.h:11:12: error: section attribute not allowed for 'init_stat' 11 | int __init init_stat(const char *filename, struct kstat *stat, int flags); | ^~~~~~~~~ include/linux/init_syscalls.h:12:12: error: section attribute not allowed for 'init_mknod' 12 | int __init init_mknod(const char *filename, umode_t mode, unsigned int dev); | ^~~~~~~~~~ include/linux/init_syscalls.h:13:12: error: section attribute not allowed for 'init_link' 13 | int __init init_link(const char *oldname, const char *newname); | ^~~~~~~~~ include/linux/init_syscalls.h:14:12: error: section attribute not allowed for 'init_symlink' 14 | int __init init_symlink(const char *oldname, const char *newname); | ^~~~~~~~~~~~ include/linux/init_syscalls.h:15:12: error: section attribute not allowed for 'init_unlink' 15 | int __init init_unlink(const char *pathname); | ^~~~~~~~~~~ include/linux/init_syscalls.h:16:12: error: section attribute not allowed for 'init_mkdir' 16 | int __init init_mkdir(const char *pathname, umode_t mode); | ^~~~~~~~~~ include/linux/init_syscalls.h:17:12: error: section attribute not allowed for 'init_rmdir' 17 | int __init init_rmdir(const char *pathname); | ^~~~~~~~~~ include/linux/init_syscalls.h:18:12: error: section attribute not allowed for 'init_utimes' 18 | int __init init_utimes(char *filename, struct timespec64 *ts); | ^~~~~~~~~~~ include/linux/init_syscalls.h:19:12: error: section attribute not allowed for 'init_dup' 19 | int __init init_dup(struct file *file); | ^~~~~~~~ In file included from init/do_mounts.h:12: include/linux/task_work.h:8:16: error: storage class specified for parameter 'task_work_func_t' 8 | typedef void (*task_work_func_t)(struct callback_head *); | ^~~~~~~~~~~~~~~~ include/linux/task_work.h:11:45: error: expected declaration specifiers or '...' before 'task_work_func_t' 11 | init_task_work(struct callback_head *twork, task_work_func_t func) | ^~~~~~~~~~~~~~~~ include/linux/task_work.h:16:1: warning: empty declaration 16 | enum task_work_notify_mode { | ^~~~ include/linux/task_work.h:25:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 25 | { | ^ include/linux/task_work.h:34:67: error: expected declaration specifiers or '...' before 'task_work_func_t' 34 | struct callback_head *task_work_cancel_func(struct task_struct *, task_work_func_t); | ^~~~~~~~~~~~~~~~ include/linux/task_work.h:39:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 39 | { | ^ init/do_mounts.h:17:12: error: storage class specified for parameter 'root_mountflags' 17 | extern int root_mountflags; | ^~~~~~~~~~~~~~~ init/do_mounts.h:20:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 20 | { | ^ init/do_mounts.h:32:39: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 32 | static inline int rd_load_disk(int n) { return 0; } | ^ init/do_mounts.h:33:45: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 33 | static inline int rd_load_image(char *from) { return 0; } | ^ init/do_mounts.h:38:13: error: section attribute not allowed for 'initrd_load' 38 | bool __init initrd_load(char *root_device_name); | ^~~~~~~~~~~ init/do_mounts.h:49:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 49 | { | ^ init/do_mounts_initrd.c:17:21: error: storage class specified for parameter 'real_root_dev' 17 | static unsigned int real_root_dev; /* do_proc_dointvec cannot handle kdev_t */ | ^~~~~~~~~~~~~ init/do_mounts_initrd.c:18:23: error: storage class specified for parameter 'mount_initrd' 18 | static int __initdata mount_initrd = 1; | ^~~~~~~~~~~~ init/do_mounts_initrd.c:18:1: error: parameter 'mount_initrd' is initialized 18 | static int __initdata mount_initrd = 1; | ^~~~~~ init/do_mounts_initrd.c:18:23: error: section attribute not allowed for 'mount_initrd' 18 | static int __initdata mount_initrd = 1; | ^~~~~~~~~~~~ init/do_mounts_initrd.c:20:13: error: section attribute not allowed for 'phys_initrd_start' 20 | phys_addr_t phys_initrd_start __initdata; | ^~~~~~~~~~~~~~~~~ init/do_mounts_initrd.c:21:15: error: section attribute not allowed for 'phys_initrd_size' 21 | unsigned long phys_initrd_size __initdata; | ^~~~~~~~~~~~~~~~ init/do_mounts_initrd.c:24:31: error: storage class specified for parameter 'kern_do_mounts_initrd_table' 24 | static const struct ctl_table kern_do_mounts_initrd_table[] = { | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ init/do_mounts_initrd.c:24:21: error: parameter 'kern_do_mounts_initrd_table' is initialized 24 | static const struct ctl_table kern_do_mounts_initrd_table[] = { | ^~~~~~~~~ >> init/do_mounts_initrd.c:25:9: warning: braces around scalar initializer 25 | { | ^ init/do_mounts_initrd.c:25:9: note: (near initialization for 'kern_do_mounts_initrd_table') init/do_mounts_initrd.c:26:17: error: field name not in record or union initializer 26 | .procname = "real-root-dev", | ^ init/do_mounts_initrd.c:26:17: note: (near initialization for 'kern_do_mounts_initrd_table') init/do_mounts_initrd.c:26:35: error: initialization of 'const struct ctl_table *' from incompatible pointer type 'char *' [-Werror=incompatible-pointer-types] 26 | .procname = "real-root-dev", | ^~~~~~~~~~~~~~~ init/do_mounts_initrd.c:26:35: note: (near initialization for 'kern_do_mounts_initrd_table') init/do_mounts_initrd.c:27:17: error: field name not in record or union initializer 27 | .data = &real_root_dev, | ^ init/do_mounts_initrd.c:27:17: note: (near initialization for 'kern_do_mounts_initrd_table') >> init/do_mounts_initrd.c:27:35: warning: excess elements in scalar initializer 27 | .data = &real_root_dev, | ^ init/do_mounts_initrd.c:27:35: note: (near initialization for 'kern_do_mounts_initrd_table') init/do_mounts_initrd.c:28:17: error: field name not in record or union initializer 28 | .maxlen = sizeof(int), | ^ init/do_mounts_initrd.c:28:17: note: (near initialization for 'kern_do_mounts_initrd_table') init/do_mounts_initrd.c:28:35: warning: excess elements in scalar initializer 28 | .maxlen = sizeof(int), | ^~~~~~ init/do_mounts_initrd.c:28:35: note: (near initialization for 'kern_do_mounts_initrd_table') init/do_mounts_initrd.c:29:17: error: field name not in record or union initializer 29 | .mode = 0644, | ^ init/do_mounts_initrd.c:29:17: note: (near initialization for 'kern_do_mounts_initrd_table') init/do_mounts_initrd.c:29:35: warning: excess elements in scalar initializer 29 | .mode = 0644, | ^~~~ init/do_mounts_initrd.c:29:35: note: (near initialization for 'kern_do_mounts_initrd_table') init/do_mounts_initrd.c:30:17: error: field name not in record or union initializer 30 | .proc_handler = proc_dointvec, | ^ init/do_mounts_initrd.c:30:17: note: (near initialization for 'kern_do_mounts_initrd_table') init/do_mounts_initrd.c:30:35: warning: excess elements in scalar initializer 30 | .proc_handler = proc_dointvec, | ^~~~~~~~~~~~~ init/do_mounts_initrd.c:30:35: note: (near initialization for 'kern_do_mounts_initrd_table') init/do_mounts_initrd.c:35:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '{' token 35 | { | ^ include/linux/compiler.h:166:45: error: storage class specified for parameter '__UNIQUE_ID___addressable_kernel_do_mounts_initrd_sysctls_init369' 166 | #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__) | ^~~~~~~~~~~~ include/linux/compiler_types.h:83:23: note: in definition of macro '___PASTE' 83 | #define ___PASTE(a,b) a##b | ^ include/linux/compiler.h:166:29: note: in expansion of macro '__PASTE' 166 | #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__) | ^~~~~~~ include/linux/compiler_types.h:84:22: note: in expansion of macro '___PASTE' 84 | #define __PASTE(a,b) ___PASTE(a,b) | ^~~~~~~~ include/linux/compiler.h:166:37: note: in expansion of macro '__PASTE' 166 | #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__) | ^~~~~~~ include/linux/compiler.h:286:9: note: in expansion of macro '__UNIQUE_ID' 286 | __UNIQUE_ID(__PASTE(__addressable_,sym)) = (void *)(uintptr_t)&sym; | ^~~~~~~~~~~ include/linux/compiler.h:289:9: note: in expansion of macro '___ADDRESSABLE' 289 | ___ADDRESSABLE(sym, __section(".discard.addressable")) | ^~~~~~~~~~~~~~ include/linux/init.h:256:9: note: in expansion of macro '__ADDRESSABLE' 256 | __ADDRESSABLE(fn) | ^~~~~~~~~~~~~ include/linux/init.h:261:9: note: in expansion of macro '__define_initcall_stub' 261 | __define_initcall_stub(__stub, fn) \ | ^~~~~~~~~~~~~~~~~~~~~~ include/linux/init.h:274:9: note: in expansion of macro '____define_initcall' 274 | ____define_initcall(fn, \ | ^~~~~~~~~~~~~~~~~~~ include/linux/init.h:280:9: note: in expansion of macro '__unique_initcall' 280 | __unique_initcall(fn, id, __sec, __initcall_id(fn)) | ^~~~~~~~~~~~~~~~~ include/linux/init.h:282:35: note: in expansion of macro '___define_initcall' 282 | #define __define_initcall(fn, id) ___define_initcall(fn, id, .initcall##id) | ^~~~~~~~~~~~~~~~~~ include/linux/init.h:313:41: note: in expansion of macro '__define_initcall' 313 | #define late_initcall(fn) __define_initcall(fn, 7) | ^~~~~~~~~~~~~~~~~ init/do_mounts_initrd.c:39:1: note: in expansion of macro 'late_initcall' 39 | late_initcall(kernel_do_mounts_initrd_sysctls_init); | ^~~~~~~~~~~~~ init/do_mounts_initrd.c:39:1: error: parameter '__UNIQUE_ID___addressable_kernel_do_mounts_initrd_sysctls_init369' is initialized >> init/do_mounts_initrd.c:39:1: warning: 'used' attribute ignored [-Wattributes] include/linux/compiler.h:166:45: error: section attribute not allowed for '__UNIQUE_ID___addressable_kernel_do_mounts_initrd_sysctls_init369' 166 | #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__) | ^~~~~~~~~~~~ include/linux/compiler_types.h:83:23: note: in definition of macro '___PASTE' 83 | #define ___PASTE(a,b) a##b | ^ include/linux/compiler.h:166:29: note: in expansion of macro '__PASTE' 166 | #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__) | ^~~~~~~ include/linux/compiler_types.h:84:22: note: in expansion of macro '___PASTE' 84 | #define __PASTE(a,b) ___PASTE(a,b) | ^~~~~~~~ include/linux/compiler.h:166:37: note: in expansion of macro '__PASTE' 166 | #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__) | ^~~~~~~ include/linux/compiler.h:286:9: note: in expansion of macro '__UNIQUE_ID' 286 | __UNIQUE_ID(__PASTE(__addressable_,sym)) = (void *)(uintptr_t)&sym; | ^~~~~~~~~~~ include/linux/compiler.h:289:9: note: in expansion of macro '___ADDRESSABLE' 289 | ___ADDRESSABLE(sym, __section(".discard.addressable")) | ^~~~~~~~~~~~~~ include/linux/init.h:256:9: note: in expansion of macro '__ADDRESSABLE' 256 | __ADDRESSABLE(fn) | ^~~~~~~~~~~~~ include/linux/init.h:261:9: note: in expansion of macro '__define_initcall_stub' 261 | __define_initcall_stub(__stub, fn) \ | ^~~~~~~~~~~~~~~~~~~~~~ include/linux/init.h:274:9: note: in expansion of macro '____define_initcall' 274 | ____define_initcall(fn, \ | ^~~~~~~~~~~~~~~~~~~ include/linux/init.h:280:9: note: in expansion of macro '__unique_initcall' 280 | __unique_initcall(fn, id, __sec, __initcall_id(fn)) | ^~~~~~~~~~~~~~~~~ include/linux/init.h:282:35: note: in expansion of macro '___define_initcall' 282 | #define __define_initcall(fn, id) ___define_initcall(fn, id, .initcall##id) | ^~~~~~~~~~~~~~~~~~ include/linux/init.h:313:41: note: in expansion of macro '__define_initcall' 313 | #define late_initcall(fn) __define_initcall(fn, 7) | ^~~~~~~~~~~~~~~~~ init/do_mounts_initrd.c:39:1: note: in expansion of macro 'late_initcall' 39 | late_initcall(kernel_do_mounts_initrd_sysctls_init); | ^~~~~~~~~~~~~ In file included from include/linux/array_size.h:5, from include/linux/kernel.h:16: init/do_mounts_initrd.c:39:15: error: 'kernel_do_mounts_initrd_sysctls_init' undeclared (first use in this function) 39 | late_initcall(kernel_do_mounts_initrd_sysctls_init); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/compiler.h:286:72: note: in definition of macro '___ADDRESSABLE' 286 | __UNIQUE_ID(__PASTE(__addressable_,sym)) = (void *)(uintptr_t)&sym; | ^~~ include/linux/init.h:256:9: note: in expansion of macro '__ADDRESSABLE' 256 | __ADDRESSABLE(fn) | ^~~~~~~~~~~~~ include/linux/init.h:261:9: note: in expansion of macro '__define_initcall_stub' 261 | __define_initcall_stub(__stub, fn) \ | ^~~~~~~~~~~~~~~~~~~~~~ include/linux/init.h:274:9: note: in expansion of macro '____define_initcall' 274 | ____define_initcall(fn, \ | ^~~~~~~~~~~~~~~~~~~ include/linux/init.h:280:9: note: in expansion of macro '__unique_initcall' 280 | __unique_initcall(fn, id, __sec, __initcall_id(fn)) | ^~~~~~~~~~~~~~~~~ include/linux/init.h:282:35: note: in expansion of macro '___define_initcall' 282 | #define __define_initcall(fn, id) ___define_initcall(fn, id, .initcall##id) | ^~~~~~~~~~~~~~~~~~ include/linux/init.h:313:41: note: in expansion of macro '__define_initcall' 313 | #define late_initcall(fn) __define_initcall(fn, 7) | ^~~~~~~~~~~~~~~~~ init/do_mounts_initrd.c:39:1: note: in expansion of macro 'late_initcall' 39 | late_initcall(kernel_do_mounts_initrd_sysctls_init); | ^~~~~~~~~~~~~ init/do_mounts_initrd.c:39:15: note: each undeclared identifier is reported only once for each function it appears in 39 | late_initcall(kernel_do_mounts_initrd_sysctls_init); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/compiler.h:286:72: note: in definition of macro '___ADDRESSABLE' 286 | __UNIQUE_ID(__PASTE(__addressable_,sym)) = (void *)(uintptr_t)&sym; | ^~~ include/linux/init.h:256:9: note: in expansion of macro '__ADDRESSABLE' 256 | __ADDRESSABLE(fn) | ^~~~~~~~~~~~~ include/linux/init.h:261:9: note: in expansion of macro '__define_initcall_stub' 261 | __define_initcall_stub(__stub, fn) \ | ^~~~~~~~~~~~~~~~~~~~~~ include/linux/init.h:274:9: note: in expansion of macro '____define_initcall' 274 | ____define_initcall(fn, \ | ^~~~~~~~~~~~~~~~~~~ include/linux/init.h:280:9: note: in expansion of macro '__unique_initcall' 280 | __unique_initcall(fn, id, __sec, __initcall_id(fn)) | ^~~~~~~~~~~~~~~~~ include/linux/init.h:282:35: note: in expansion of macro '___define_initcall' 282 | #define __define_initcall(fn, id) ___define_initcall(fn, id, .initcall##id) | ^~~~~~~~~~~~~~~~~~ include/linux/init.h:313:41: note: in expansion of macro '__define_initcall' 313 | #define late_initcall(fn) __define_initcall(fn, 7) | ^~~~~~~~~~~~~~~~~ init/do_mounts_initrd.c:39:1: note: in expansion of macro 'late_initcall' 39 | late_initcall(kernel_do_mounts_initrd_sysctls_init); | ^~~~~~~~~~~~~ In file included from include/linux/printk.h:6, from include/linux/kernel.h:31: .. vim +16 include/linux/stddef.h 6e218287432472 Richard Knutsson 2006-09-30 14 ^1da177e4c3f41 Linus Torvalds 2005-04-16 15 #undef offsetof 14e83077d55ff4 Rasmus Villemoes 2022-03-23 @16 #define offsetof(TYPE, MEMBER) __builtin_offsetof(TYPE, MEMBER) 3876488444e712 Denys Vlasenko 2015-03-09 17 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki ^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH v2 3/3] AppArmor: add support for lsm_config_self_policy and lsm_config_system_policy 2025-06-19 18:15 [PATCH v2 0/3] lsm: introduce lsm_config_self_policy() and lsm_config_system_policy() syscalls Maxime Bélair 2025-06-19 18:15 ` [PATCH v2 1/3] Wire up lsm_config_self_policy and lsm_config_system_policy syscalls Maxime Bélair 2025-06-19 18:15 ` [PATCH v2 2/3] lsm: introduce security_lsm_config_*_policy hooks Maxime Bélair @ 2025-06-19 18:15 ` Maxime Bélair 2025-06-20 3:09 ` Randy Dunlap 2025-06-20 6:28 ` kernel test robot 2 siblings, 2 replies; 9+ messages in thread From: Maxime Bélair @ 2025-06-19 18:15 UTC (permalink / raw) To: linux-security-module Cc: john.johansen, paul, jmorris, serge, mic, kees, stephen.smalley.work, casey, takedakn, penguin-kernel, song, linux-api, apparmor, linux-kernel, Maxime Bélair Enable users to manage AppArmor policies through the new hooks lsm_config_self_policy and lsm_config_system_policy. lsm_config_self_policy allows stacking existing policies in the kernel. This ensures that it can only further restrict the caller and can never be used to gain new privileges. lsm_config_system_policy allows loading or replacing AppArmor policies in any AppArmor namespace. Signed-off-by: Maxime Bélair <maxime.belair@canonical.com> --- security/apparmor/apparmorfs.c | 31 +++++++++++++ security/apparmor/include/apparmorfs.h | 3 ++ security/apparmor/lsm.c | 63 ++++++++++++++++++++++++++ 3 files changed, 97 insertions(+) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 6039afae4bfc..827fe06b20ac 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -439,6 +439,37 @@ static ssize_t policy_update(u32 mask, const char __user *buf, size_t size, return error; } +/** + * aa_profile_load_ns_name - load a profile into the current namespace identified by name + * @name The name of the namesapce to load the policy in. "" for root_ns + * @name_size size of @name. 0 For root ns + * @buf buffer containing the user-provided policy + * @size size of @buf + * @ppos position pointer in the file + * + * Returns: 0 on success, negative value on error + */ +ssize_t aa_profile_load_ns_name(char *name, size_t name_size, const void __user *buf, + size_t size, loff_t *ppos) +{ + struct aa_ns *ns; + + if (name_size == 0) + ns = aa_get_ns(root_ns); + else + ns = aa_lookupn_ns(root_ns, name, name_size); + + if (!ns) + return -EINVAL; + + int error = policy_update(AA_MAY_LOAD_POLICY | AA_MAY_REPLACE_POLICY, + buf, size, ppos, ns); + + aa_put_ns(ns); + + return error >= 0 ? 0 : error; +} + /* .load file hook fn to load policy */ static ssize_t profile_load(struct file *f, const char __user *buf, size_t size, loff_t *pos) diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h index 1e94904f68d9..fd415afb7659 100644 --- a/security/apparmor/include/apparmorfs.h +++ b/security/apparmor/include/apparmorfs.h @@ -112,6 +112,9 @@ int __aafs_profile_mkdir(struct aa_profile *profile, struct dentry *parent); void __aafs_ns_rmdir(struct aa_ns *ns); int __aafs_ns_mkdir(struct aa_ns *ns, struct dentry *parent, const char *name, struct dentry *dent); +ssize_t aa_profile_load_ns_name(char *name, size_t name_len, const void __user *buf, + size_t size, loff_t *ppos); + struct aa_loaddata; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 9b6c2f157f83..b38c4926cdc2 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1275,6 +1275,65 @@ static int apparmor_socket_shutdown(struct socket *sock, int how) return aa_sock_perm(OP_SHUTDOWN, AA_MAY_SHUTDOWN, sock); } +/** + * apparmor_lsm_config_self_policy - Stack a profile + * @buf: buffer containing the user-provided name of the profile to stack + * @size: size of @buf + * + * Returns: 0 on success, negative value on error + */ +static int apparmor_lsm_config_self_policy(u32 lsm_id, u32 op, void __user *buf, + size_t size, u32 flags) +{ + char *name = kvmalloc(size, GFP_KERNEL); + long name_size; + int ret; + + if (op != LSM_POLICY_LOAD || flags) + return -EOPNOTSUPP; + + name_size = strncpy_from_user(name, buf, size); + if (name_size < 0) + return name_size; + + ret = aa_change_profile(name, AA_CHANGE_STACK); + + kvfree(name); + + return ret; +} + +/** + * apparmor_lsm_config_system_policy - Load or replace a system policy + * @buf: user-supplied buffer in the form "<ns>\0<policy>" + * <ns> is the namespace to load the policy into (empty string for root) + * <policy> is the policy to load + * then '\0' then the policy to load + * @size: size of @buf + * + * Returns: 0 on success, negative value on error + */ +static int apparmor_lsm_config_system_policy(u32 lsm_id, u32 op, void __user *buf, + size_t size, u32 flags) +{ + loff_t pos = 0; // Partial writing is not currently supported + char name[256]; + long name_size; + + if (op != LSM_POLICY_LOAD || flags) + return -EOPNOTSUPP; + + name_size = strncpy_from_user(name, buf, 256); + if (name_size < 0) + return name_size; + else if (name_size == 256) + return -E2BIG; + + return aa_profile_load_ns_name(name, name_size, buf + name_size + 1, + size - name_size - 1, &pos); +} + + #ifdef CONFIG_NETWORK_SECMARK /** * apparmor_socket_sock_rcv_skb - check perms before associating skb to sk @@ -1483,6 +1542,10 @@ static struct security_hook_list apparmor_hooks[] __ro_after_init = { LSM_HOOK_INIT(socket_getsockopt, apparmor_socket_getsockopt), LSM_HOOK_INIT(socket_setsockopt, apparmor_socket_setsockopt), LSM_HOOK_INIT(socket_shutdown, apparmor_socket_shutdown), + + LSM_HOOK_INIT(lsm_config_self_policy, apparmor_lsm_config_self_policy), + LSM_HOOK_INIT(lsm_config_system_policy, + apparmor_lsm_config_system_policy), #ifdef CONFIG_NETWORK_SECMARK LSM_HOOK_INIT(socket_sock_rcv_skb, apparmor_socket_sock_rcv_skb), #endif -- 2.48.1 ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH v2 3/3] AppArmor: add support for lsm_config_self_policy and lsm_config_system_policy 2025-06-19 18:15 ` [PATCH v2 3/3] AppArmor: add support for lsm_config_self_policy and lsm_config_system_policy Maxime Bélair @ 2025-06-20 3:09 ` Randy Dunlap 2025-06-20 6:28 ` kernel test robot 1 sibling, 0 replies; 9+ messages in thread From: Randy Dunlap @ 2025-06-20 3:09 UTC (permalink / raw) To: Maxime Bélair, linux-security-module Cc: john.johansen, paul, jmorris, serge, mic, kees, stephen.smalley.work, casey, takedakn, penguin-kernel, song, linux-api, apparmor, linux-kernel On 6/19/25 11:15 AM, Maxime Bélair wrote: > Enable users to manage AppArmor policies through the new hooks > lsm_config_self_policy and lsm_config_system_policy. > > lsm_config_self_policy allows stacking existing policies in the kernel. > This ensures that it can only further restrict the caller and can never > be used to gain new privileges. > > lsm_config_system_policy allows loading or replacing AppArmor policies in > any AppArmor namespace. > > Signed-off-by: Maxime Bélair <maxime.belair@canonical.com> > --- > security/apparmor/apparmorfs.c | 31 +++++++++++++ > security/apparmor/include/apparmorfs.h | 3 ++ > security/apparmor/lsm.c | 63 ++++++++++++++++++++++++++ > 3 files changed, 97 insertions(+) > > diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c > index 6039afae4bfc..827fe06b20ac 100644 > --- a/security/apparmor/apparmorfs.c > +++ b/security/apparmor/apparmorfs.c > @@ -439,6 +439,37 @@ static ssize_t policy_update(u32 mask, const char __user *buf, size_t size, > return error; > } > > +/** > + * aa_profile_load_ns_name - load a profile into the current namespace identified by name > + * @name The name of the namesapce to load the policy in. "" for root_ns > + * @name_size size of @name. 0 For root ns > + * @buf buffer containing the user-provided policy > + * @size size of @buf > + * @ppos position pointer in the file Please use proper kernel-doc syntax above. Each @var_name should be followed by a ':'. > + * > + * Returns: 0 on success, negative value on error > + */ > +ssize_t aa_profile_load_ns_name(char *name, size_t name_size, const void __user *buf, > + size_t size, loff_t *ppos) > +{ > + struct aa_ns *ns; > + > + if (name_size == 0) > + ns = aa_get_ns(root_ns); > + else > + ns = aa_lookupn_ns(root_ns, name, name_size); > + > + if (!ns) > + return -EINVAL; > + > + int error = policy_update(AA_MAY_LOAD_POLICY | AA_MAY_REPLACE_POLICY, > + buf, size, ppos, ns); > + > + aa_put_ns(ns); > + > + return error >= 0 ? 0 : error; > +} > + > /* .load file hook fn to load policy */ > static ssize_t profile_load(struct file *f, const char __user *buf, size_t size, > loff_t *pos) > diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c > index 9b6c2f157f83..b38c4926cdc2 100644 > --- a/security/apparmor/lsm.c > +++ b/security/apparmor/lsm.c > @@ -1275,6 +1275,65 @@ static int apparmor_socket_shutdown(struct socket *sock, int how) > return aa_sock_perm(OP_SHUTDOWN, AA_MAY_SHUTDOWN, sock); > } > > +/** > + * apparmor_lsm_config_self_policy - Stack a profile > + * @buf: buffer containing the user-provided name of the profile to stack > + * @size: size of @buf Describe all function parameters in kernel-doc above. > + * > + * Returns: 0 on success, negative value on error > + */ > +static int apparmor_lsm_config_self_policy(u32 lsm_id, u32 op, void __user *buf, > + size_t size, u32 flags) > +{ > + char *name = kvmalloc(size, GFP_KERNEL); Check return value (i.e., name) before use? > + long name_size;> + int ret; > + > + if (op != LSM_POLICY_LOAD || flags) > + return -EOPNOTSUPP; > + > + name_size = strncpy_from_user(name, buf, size); > + if (name_size < 0) > + return name_size; > + > + ret = aa_change_profile(name, AA_CHANGE_STACK); > + > + kvfree(name); > + > + return ret; > +} > + > +/** > + * apparmor_lsm_config_system_policy - Load or replace a system policy > + * @buf: user-supplied buffer in the form "<ns>\0<policy>" > + * <ns> is the namespace to load the policy into (empty string for root) > + * <policy> is the policy to load > + * then '\0' then the policy to load Misplaced line? > + * @size: size of @buf Please describe all function parameters in kernel-doc notation. > + * > + * Returns: 0 on success, negative value on error > + */ > +static int apparmor_lsm_config_system_policy(u32 lsm_id, u32 op, void __user *buf, > + size_t size, u32 flags) > +{ [snip] -- ~Randy ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH v2 3/3] AppArmor: add support for lsm_config_self_policy and lsm_config_system_policy 2025-06-19 18:15 ` [PATCH v2 3/3] AppArmor: add support for lsm_config_self_policy and lsm_config_system_policy Maxime Bélair 2025-06-20 3:09 ` Randy Dunlap @ 2025-06-20 6:28 ` kernel test robot 1 sibling, 0 replies; 9+ messages in thread From: kernel test robot @ 2025-06-20 6:28 UTC (permalink / raw) To: Maxime Bélair, linux-security-module Cc: oe-kbuild-all, john.johansen, paul, jmorris, serge, mic, kees, stephen.smalley.work, casey, takedakn, penguin-kernel, song, linux-api, apparmor, linux-kernel, Maxime Bélair Hi Maxime, kernel test robot noticed the following build warnings: [auto build test WARNING on 9c32cda43eb78f78c73aee4aa344b777714e259b] url: https://github.com/intel-lab-lkp/linux/commits/Maxime-B-lair/Wire-up-lsm_config_self_policy-and-lsm_config_system_policy-syscalls/20250620-022714 base: 9c32cda43eb78f78c73aee4aa344b777714e259b patch link: https://lore.kernel.org/r/20250619181600.478038-4-maxime.belair%40canonical.com patch subject: [PATCH v2 3/3] AppArmor: add support for lsm_config_self_policy and lsm_config_system_policy config: x86_64-buildonly-randconfig-002-20250620 (https://download.01.org/0day-ci/archive/20250620/202506201414.tHOEthTb-lkp@intel.com/config) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250620/202506201414.tHOEthTb-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202506201414.tHOEthTb-lkp@intel.com/ All warnings (new ones prefixed by >>): >> security/apparmor/apparmorfs.c:454: warning: Function parameter or struct member 'name' not described in 'aa_profile_load_ns_name' >> security/apparmor/apparmorfs.c:454: warning: Function parameter or struct member 'name_size' not described in 'aa_profile_load_ns_name' >> security/apparmor/apparmorfs.c:454: warning: Function parameter or struct member 'buf' not described in 'aa_profile_load_ns_name' >> security/apparmor/apparmorfs.c:454: warning: Function parameter or struct member 'size' not described in 'aa_profile_load_ns_name' >> security/apparmor/apparmorfs.c:454: warning: Function parameter or struct member 'ppos' not described in 'aa_profile_load_ns_name' -- >> security/apparmor/lsm.c:1287: warning: Function parameter or struct member 'lsm_id' not described in 'apparmor_lsm_config_self_policy' >> security/apparmor/lsm.c:1287: warning: Function parameter or struct member 'op' not described in 'apparmor_lsm_config_self_policy' >> security/apparmor/lsm.c:1287: warning: Function parameter or struct member 'flags' not described in 'apparmor_lsm_config_self_policy' >> security/apparmor/lsm.c:1318: warning: Function parameter or struct member 'lsm_id' not described in 'apparmor_lsm_config_system_policy' >> security/apparmor/lsm.c:1318: warning: Function parameter or struct member 'op' not described in 'apparmor_lsm_config_system_policy' >> security/apparmor/lsm.c:1318: warning: Function parameter or struct member 'flags' not described in 'apparmor_lsm_config_system_policy' vim +454 security/apparmor/apparmorfs.c 441 442 /** 443 * aa_profile_load_ns_name - load a profile into the current namespace identified by name 444 * @name The name of the namesapce to load the policy in. "" for root_ns 445 * @name_size size of @name. 0 For root ns 446 * @buf buffer containing the user-provided policy 447 * @size size of @buf 448 * @ppos position pointer in the file 449 * 450 * Returns: 0 on success, negative value on error 451 */ 452 ssize_t aa_profile_load_ns_name(char *name, size_t name_size, const void __user *buf, 453 size_t size, loff_t *ppos) > 454 { 455 struct aa_ns *ns; 456 457 if (name_size == 0) 458 ns = aa_get_ns(root_ns); 459 else 460 ns = aa_lookupn_ns(root_ns, name, name_size); 461 462 if (!ns) 463 return -EINVAL; 464 465 int error = policy_update(AA_MAY_LOAD_POLICY | AA_MAY_REPLACE_POLICY, 466 buf, size, ppos, ns); 467 468 aa_put_ns(ns); 469 470 return error >= 0 ? 0 : error; 471 } 472 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2025-06-20 10:55 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-06-19 18:15 [PATCH v2 0/3] lsm: introduce lsm_config_self_policy() and lsm_config_system_policy() syscalls Maxime Bélair 2025-06-19 18:15 ` [PATCH v2 1/3] Wire up lsm_config_self_policy and lsm_config_system_policy syscalls Maxime Bélair 2025-06-19 18:15 ` [PATCH v2 2/3] lsm: introduce security_lsm_config_*_policy hooks Maxime Bélair 2025-06-20 3:03 ` Randy Dunlap 2025-06-20 6:28 ` kernel test robot 2025-06-20 10:54 ` kernel test robot 2025-06-19 18:15 ` [PATCH v2 3/3] AppArmor: add support for lsm_config_self_policy and lsm_config_system_policy Maxime Bélair 2025-06-20 3:09 ` Randy Dunlap 2025-06-20 6:28 ` kernel test robot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).