From: Casey Schaufler <casey@schaufler-ca.com>
To: Kees Cook <keescook@chromium.org>
Cc: LKLM <linux-kernel@vger.kernel.org>,
LSM <linux-security-module@vger.kernel.org>,
SE Linux <selinux@tycho.nsa.gov>,
James Morris <jmorris@namei.org>,
John Johansen <john.johansen@canonical.com>,
Eric Paris <eparis@redhat.com>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH v14 1/6] LSM: Security blob abstraction
Date: Mon, 29 Jul 2013 18:49:41 -0700 [thread overview]
Message-ID: <51F71BB5.2050101@schaufler-ca.com> (raw)
In-Reply-To: <CAGXu5jJUiwjtEuCUB89NG9EQpxNytaaPT9PdPyHN_qUhwa+YUw@mail.gmail.com>
On 7/29/2013 2:15 PM, Kees Cook wrote:
> On Thu, Jul 25, 2013 at 11:32 AM, Casey Schaufler
> <casey@schaufler-ca.com> wrote:
>> Subject: [PATCH v14 1/6] LSM: Security blob abstraction
>>
>> Create an abstracted interface for security blobs.
>> Instead of directly accessing security blob pointers
>> Use lsm_get and lsm_set functions that hide the actual
>> mechanism used to maintain the security blobs. This
>> affects most uses of inode->i_security, file->f_security,
>> cred->security and similar fields in keys, sockets,
>> superblocks, ipc and keys.
>>
>> The use of a single 32 bit integer to refer to a security blob
>> does not scale to the case where there may be more than one
>> relevant security blob. Where it is possible to do so the use
>> of secids (u32) has been replaced with a struct secids, which
>> provides for multiple u32 values. There are components where
>> u32 secids remain at the request of the maintainer of that
>> component.
> If I boot with "security=apparmor", lsm_set_blob ends up with a NULL
> "bp" and Oopses the kernel. Still happens with
> "security=yama,apparmor". As soon as I add smack anywhere in the list,
> everything is fine. It seems like the AppArmor init needs to be
> changed to:
>
> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> index 78b271a..512f430 100644
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -875,9 +875,9 @@ static int __init set_init_cxt(void)
> return -ENOMEM;
>
> cxt->profile = aa_get_profile(root_ns->unconfined);
> - lsm_set_cred(cred, cxt, &apparmor_ops);
> -
> - return 0;
> + printk(KERN_INFO "AA: cred:%p cxt:%p &apparmor_ops:%p\n",
> + cred, cxt, &apparmor_ops);
> + return lsm_set_init_cred(cred, cxt, &apparmor_ops);
I've incorporated this fix (without the printk) and she looks good.
> }
>
> static int __init apparmor_init(void)
>
> Or maybe it still needs lsm_set_cred, but an earlier
> lsm_set_init_cred? It's not clear to me yet.
>
> -Kees
>
next prev parent reply other threads:[~2013-07-30 1:49 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-25 18:22 [PATCH v14 0/6] LSM: Multiple concurrent LSMs Casey Schaufler
2013-07-25 18:32 ` [PATCH v14 1/6] LSM: Security blob abstraction Casey Schaufler
2013-07-29 21:15 ` Kees Cook
2013-07-30 1:49 ` Casey Schaufler [this message]
2013-07-25 18:32 ` [PATCH v14 2/6] LSM: Move the capability LSM into the hook handlers Casey Schaufler
2013-07-25 18:32 ` [PATCH v14 3/6] LSM: Explicit individual LSM associations Casey Schaufler
2013-07-29 20:51 ` Kees Cook
2013-07-30 1:48 ` Casey Schaufler
2013-07-30 22:08 ` Paul Moore
2013-07-31 16:22 ` Casey Schaufler
2013-07-31 19:39 ` Paul Moore
2013-07-31 21:21 ` Casey Schaufler
2013-08-01 18:35 ` Paul Moore
2013-08-01 18:52 ` Casey Schaufler
2013-08-01 21:30 ` Paul Moore
2013-08-01 22:15 ` Casey Schaufler
2013-08-01 22:18 ` Paul Moore
2013-07-25 18:32 ` [PATCH v14 4/6] LSM: List based multiple LSM hooks Casey Schaufler
2013-07-25 18:32 ` [PATCH v14 5/6] LSM: SO_PEERSEC configuration options Casey Schaufler
2013-07-30 21:47 ` Paul Moore
2013-07-31 15:45 ` Casey Schaufler
2013-07-31 17:56 ` Paul Moore
2013-07-25 18:32 ` [PATCH v14 6/6] LSM: Multiple LSM Documentation and cleanup Casey Schaufler
2013-07-26 23:17 ` Randy Dunlap
2013-07-28 18:46 ` Casey Schaufler
2013-08-01 2:48 ` [PATCH v14 0/6] LSM: Multiple concurrent LSMs Balbir Singh
2013-08-01 17:21 ` Casey Schaufler
2013-08-06 3:28 ` Balbir Singh
2013-08-06 6:30 ` Kees Cook
2013-08-06 22:25 ` Casey Schaufler
2013-08-06 22:36 ` Kees Cook
2013-08-27 2:29 ` Casey Schaufler
2013-08-28 15:55 ` Kees Cook
2013-09-05 18:48 ` Kees Cook
2013-09-06 6:44 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51F71BB5.2050101@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=eparis@redhat.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox