From: Georgia Garcia <georgia.garcia@canonical.com>
To: Casey Schaufler <casey@schaufler-ca.com>,
paul@paul-moore.com, linux-security-module@vger.kernel.org
Cc: jmorris@namei.org, serge@hallyn.com, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
mic@digikod.net
Subject: Re: [PATCH 01/13] LSM: Add the lsmblob data structure.
Date: Mon, 26 Aug 2024 10:34:36 -0300 [thread overview]
Message-ID: <63b777bb7b200f26f06211d62e2be8e5e571666d.camel@canonical.com> (raw)
In-Reply-To: <20240825190048.13289-2-casey@schaufler-ca.com>
Hi Casey,
On Sun, 2024-08-25 at 12:00 -0700, Casey Schaufler wrote:
> When more than one security module is exporting data to audit and
> networking sub-systems a single 32 bit integer is no longer
> sufficient to represent the data. Add a structure to be used instead.
>
> The lsmblob structure definition is intended to keep the LSM
> specific information private to the individual security modules.
> The module specific information is included in a new set of
> header files under include/lsm. Each security module is allowed
> to define the information included for its use in the lsmblob.
> SELinux includes a u32 secid. Smack includes a pointer into its
> global label list. The conditional compilation based on feature
> inclusion is contained in the include/lsm files.
>
> Suggested-by: Paul Moore <paul@paul-moore.com>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> ---
> include/linux/lsm/apparmor.h | 17 +++++++++++++++++
> include/linux/lsm/bpf.h | 16 ++++++++++++++++
> include/linux/lsm/selinux.h | 16 ++++++++++++++++
> include/linux/lsm/smack.h | 17 +++++++++++++++++
> include/linux/security.h | 20 ++++++++++++++++++++
> 5 files changed, 86 insertions(+)
> create mode 100644 include/linux/lsm/apparmor.h
> create mode 100644 include/linux/lsm/bpf.h
> create mode 100644 include/linux/lsm/selinux.h
> create mode 100644 include/linux/lsm/smack.h
>
> diff --git a/include/linux/lsm/apparmor.h b/include/linux/lsm/apparmor.h
> new file mode 100644
> index 000000000000..8ff1cd899a20
> --- /dev/null
> +++ b/include/linux/lsm/apparmor.h
> @@ -0,0 +1,17 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * Linux Security Module interface to other subsystems.
> + * AppArmor presents a single u32 value which is known as a secid.
Just a small nitpick: this comment doesn't match the code since it's
using aa_label instead of a u32 secid.
> + */
> +#ifndef __LINUX_LSM_APPARMOR_H
> +#define __LINUX_LSM_APPARMOR_H
> +
> +struct aa_label;
> +
> +struct lsmblob_apparmor {
> +#ifdef CONFIG_SECURITY_APPARMOR
> + struct aa_label *label;
> +#endif
> +};
> +
> +#endif /* ! __LINUX_LSM_APPARMOR_H */
> diff --git a/include/linux/lsm/bpf.h b/include/linux/lsm/bpf.h
> new file mode 100644
> index 000000000000..48abdcd82ded
> --- /dev/null
> +++ b/include/linux/lsm/bpf.h
> @@ -0,0 +1,16 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * Linux Security Module interface to other subsystems.
> + * BPF may present a single u32 value.
> + */
> +#ifndef __LINUX_LSM_BPF_H
> +#define __LINUX_LSM_BPF_H
> +#include <linux/types.h>
> +
> +struct lsmblob_bpf {
> +#ifdef CONFIG_BPF_LSM
> + u32 secid;
> +#endif
> +};
> +
> +#endif /* ! __LINUX_LSM_BPF_H */
> diff --git a/include/linux/lsm/selinux.h b/include/linux/lsm/selinux.h
> new file mode 100644
> index 000000000000..fd16456b36ac
> --- /dev/null
> +++ b/include/linux/lsm/selinux.h
> @@ -0,0 +1,16 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * Linux Security Module interface to other subsystems.
> + * SELinux presents a single u32 value which is known as a secid.
> + */
> +#ifndef __LINUX_LSM_SELINUX_H
> +#define __LINUX_LSM_SELINUX_H
> +#include <linux/types.h>
> +
> +struct lsmblob_selinux {
> +#ifdef CONFIG_SECURITY_SELINUX
> + u32 secid;
> +#endif
> +};
> +
> +#endif /* ! __LINUX_LSM_SELINUX_H */
> diff --git a/include/linux/lsm/smack.h b/include/linux/lsm/smack.h
> new file mode 100644
> index 000000000000..2018f288302f
> --- /dev/null
> +++ b/include/linux/lsm/smack.h
> @@ -0,0 +1,17 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +/*
> + * Linux Security Module interface to other subsystems.
> + * Smack presents a pointer into the global Smack label list.
> + */
> +#ifndef __LINUX_LSM_SMACK_H
> +#define __LINUX_LSM_SMACK_H
> +
> +struct smack_known;
> +
> +struct lsmblob_smack {
> +#ifdef CONFIG_SECURITY_SMACK
> + struct smack_known *skp;
> +#endif
> +};
> +
> +#endif /* ! __LINUX_LSM_SMACK_H */
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 1390f1efb4f0..0057a22137e8 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -34,6 +34,10 @@
> #include <linux/sockptr.h>
> #include <linux/bpf.h>
> #include <uapi/linux/lsm.h>
> +#include <linux/lsm/selinux.h>
> +#include <linux/lsm/smack.h>
> +#include <linux/lsm/apparmor.h>
> +#include <linux/lsm/bpf.h>
>
> struct linux_binprm;
> struct cred;
> @@ -140,6 +144,22 @@ enum lockdown_reason {
> LOCKDOWN_CONFIDENTIALITY_MAX,
> };
>
> +/* scaffolding */
> +struct lsmblob_scaffold {
> + u32 secid;
> +};
> +
> +/*
> + * Data exported by the security modules
> + */
> +struct lsmblob {
> + struct lsmblob_selinux selinux;
> + struct lsmblob_smack smack;
> + struct lsmblob_apparmor apparmor;
> + struct lsmblob_bpf bpf;
> + struct lsmblob_scaffold scaffold;
> +};
> +
> extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
> extern u32 lsm_active_cnt;
> extern const struct lsm_id *lsm_idlist[];
next prev parent reply other threads:[~2024-08-26 13:34 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20240825190048.13289-1-casey.ref@schaufler-ca.com>
2024-08-25 19:00 ` [PATCH 00/13] LSM: Move away from secids Casey Schaufler
2024-08-25 19:00 ` [PATCH 01/13] LSM: Add the lsmblob data structure Casey Schaufler
2024-08-26 13:34 ` Georgia Garcia [this message]
2024-08-25 19:00 ` [PATCH 02/13] LSM: Use lsmblob in security_audit_rule_match Casey Schaufler
2024-08-26 19:31 ` kernel test robot
2024-08-25 19:00 ` [PATCH 03/13] LSM: Add lsmblob_to_secctx hook Casey Schaufler
2024-08-26 17:43 ` Georgia Garcia
2024-08-26 18:45 ` Casey Schaufler
2024-08-27 14:45 ` Georgia Garcia
2024-08-25 19:00 ` [PATCH 04/13] Audit: maintain an lsmblob in audit_context Casey Schaufler
2024-08-27 15:01 ` Georgia Garcia
2024-08-27 15:08 ` Georgia Garcia
2024-08-25 19:00 ` [PATCH 05/13] LSM: Use lsmblob in security_ipc_getsecid Casey Schaufler
2024-08-27 12:23 ` Stephen Smalley
2024-08-25 19:00 ` [PATCH 06/13] Audit: Update shutdown LSM data Casey Schaufler
2024-08-25 19:00 ` [PATCH 07/13] LSM: Use lsmblob in security_current_getsecid Casey Schaufler
2024-08-26 21:24 ` kernel test robot
2024-08-25 19:00 ` [PATCH 08/13] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler
2024-08-25 19:00 ` [PATCH 09/13] Audit: use an lsmblob in audit_names Casey Schaufler
2024-08-25 19:00 ` [PATCH 10/13] LSM: Create new security_cred_getlsmblob LSM hook Casey Schaufler
2024-08-27 5:00 ` kernel test robot
2024-08-25 19:00 ` [PATCH 11/13] Audit: Change context data from secid to lsmblob Casey Schaufler
2024-08-25 19:00 ` [PATCH 12/13] Netlabel: Use lsmblob for audit data Casey Schaufler
2024-08-25 19:00 ` [PATCH 13/13] LSM: Remove lsmblob scaffolding Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=63b777bb7b200f26f06211d62e2be8e5e571666d.camel@canonical.com \
--to=georgia.garcia@canonical.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=serge@hallyn.com \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).