[PULL][Disco] LSM stacking
John Johansen
john.johansen at canonical.com
Thu Mar 21 01:19:30 UTC 2019
The following patch set brings 5.1 LSM stacking to the Disco kernel. The
cherry-picked patches have been refreshed to use the sha1s from upstream
5.1-rc2.
The rest of the patch series makes it so that apparmor can stack with
selinux and smack. These patches are all tagged with "UBUNTU: SAUCE:" the
bulk of this is reverting apparmor features that are currently unused in
Ubuntu and require secid support.
The following changes since commit f4dfce1da80f55c0940dfb83eb8879283e823b2f:
UBUNTU: Ubuntu-5.0.0-8.9 (2019-03-12 16:15:44 -0300)
are available in the Git repository at:
https://git.launchpad.net/~jjohansen/+git/disco-stacking disco-lsm_stacking
for you to fetch changes up to d9d34fff369f1b8bc8c076a5f7726c52a21899cd:
UBUNTU: SAUCE: update configs and annotations for LSM stacking (2019-03-20 17:02:25 -0700)
----------------------------------------------------------------
Casey Schaufler (22):
LSM: Add all exclusive LSMs to ordered initialization
procfs: add smack subdir to attrs
Smack: Abstract use of cred security blob
SELinux: Abstract use of cred security blob
SELinux: Remove cred security blob poisoning
SELinux: Remove unused selinux_is_enabled
AppArmor: Abstract use of cred security blob
TOMOYO: Abstract use of cred security blob
Infrastructure management of the cred security blob
SELinux: Abstract use of file security blob
Smack: Abstract use of file security blob
LSM: Infrastructure management of the file security
SELinux: Abstract use of inode security blob
Smack: Abstract use of inode security blob
LSM: Infrastructure management of the inode security
LSM: Infrastructure management of the task security
SELinux: Abstract use of ipc security blobs
Smack: Abstract use of ipc security blobs
LSM: Infrastructure management of the ipc security blob
UBUNTU: SAUCE: LSM: Limit calls to certain module hooks
UBUNTU: SAUCE: LSM: Special handling for secctx lsm hooks
UBUNTU: SAUCE: LSM: Specify which LSM to display with /proc/self/attr/display
Chris Coulson (1):
apparmor: delete the dentry in aafs_remove() to avoid a leak
John Johansen (21):
apparmor: fix double free when unpack of secmark rules fails
UBUNTU: SAUCE: LSM: Infrastructure management of the sock security
UBUNTU: SAUCE: Fix-up af_unix mediation for sock infrastructure management
UBUNTU: SAUCE: Revert "apparmor: Fix warning about unused function apparmor_ipv6_postroute"
UBUNTU: SAUCE: Revert "apparmor: fix checkpatch error in Parse secmark policy"
UBUNTU: SAUCE: Revert "apparmor: add #ifdef checks for secmark filtering"
UBUNTU: SAUCE: Revert "apparmor: Allow filtering based on secmark policy"
UBUNTU: SAUCE: Revert "apparmor: Parse secmark policy"
UBUNTU: SAUCE: Revert "apparmor: Add a wildcard secid"
UBUNTU: SAUCE: Revert "apparmor: fix bad debug check in apparmor_secid_to_secctx()"
UBUNTU: SAUCE: Revert "apparmor: fixup secid map conversion to using IDR"
UBUNTU: SAUCE: Revert "apparmor: Use an IDR to allocate apparmor secids"
UBUNTU: SAUCE: Revert "apparmor: Fix memory leak of rule on error exit path"
UBUNTU: SAUCE: Revert "apparmor: modify audit rule support to support profile stacks"
UBUNTU: SAUCE: Revert "apparmor: Add support for audit rule filtering"
UBUNTU: SAUCE: Revert "apparmor: add the ability to get a task's secid"
UBUNTU: SAUCE: Revert "apparmor: add support for mapping secids and using secctxes"
UBUNTU: SAUCE: apparmor: add proc subdir to attrs
UBUNTU: SAUCE: apparmor: add an apparmorfs entry to access current attrs
UBUNTU: SAUCE: apparmor: update flags to no longer be exclusive
UBUNTU: SAUCE: update configs and annotations for LSM stacking
Kees Cook (20):
LSM: Introduce LSM_FLAG_LEGACY_MAJOR
LSM: Provide separate ordered initialization
LSM: Plumb visibility into optional "enabled" state
LSM: Lift LSM selection out of individual LSMs
LSM: Build ordered list of LSMs to initialize
LSM: Introduce CONFIG_LSM
LSM: Introduce "lsm=" for boottime LSM selection
LSM: Tie enabling logic to presence in ordered list
LSM: Prepare for reorganizing "security=" logic
LSM: Refactor "security=" in terms of enable/disable
LSM: Separate idea of "major" LSM from "exclusive" LSM
apparmor: Remove SECURITY_APPARMOR_BOOTPARAM_VALUE
selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE
LSM: Split LSM preparation from initialization
LoadPin: Initialize as ordered LSM
Yama: Initialize as ordered LSM
LSM: Introduce enum lsm_order
capability: Initialize as LSM_ORDER_FIRST
TOMOYO: Update LSM flags to no longer be exclusive
LSM: Ignore "security=" when "lsm=" is specified
Micah Morton (1):
LSM: generalize flag passing to security_capable
Petr Vorel (1):
LSM: Update list of SECURITYFS users in Kconfig
Tetsuo Handa (2):
LSM: Make lsm_early_cred() and lsm_early_task() local functions.
apparmor: Adjust offset when accessing task blob.
Wei Yongjun (1):
LSM: Make some functions static
Documentation/admin-guide/LSM/index.rst | 13 +-
Documentation/admin-guide/kernel-parameters.txt | 12 +-
debian.master/config/annotations | 12 +-
debian.master/config/config.common.ubuntu | 8 +-
fs/proc/base.c | 78 ++-
fs/proc/internal.h | 1 +
include/linux/cred.h | 1 -
include/linux/lsm_hooks.h | 56 +-
include/linux/security.h | 43 +-
include/linux/selinux.h | 35 -
kernel/capability.c | 22 +-
kernel/cred.c | 13 -
kernel/seccomp.c | 4 +-
security/Kconfig | 44 +-
security/apparmor/Kconfig | 16 -
security/apparmor/af_unix.c | 14 +-
security/apparmor/apparmorfs.c | 67 ++
security/apparmor/audit.c | 90 +--
security/apparmor/capability.c | 14 +-
security/apparmor/domain.c | 2 +-
security/apparmor/include/apparmorfs.h | 3 +
security/apparmor/include/audit.h | 6 -
security/apparmor/include/capability.h | 2 +-
security/apparmor/include/cred.h | 16 +-
security/apparmor/include/file.h | 5 +-
security/apparmor/include/label.h | 2 +-
security/apparmor/include/lib.h | 4 +
security/apparmor/include/net.h | 16 +-
security/apparmor/include/policy.h | 3 -
security/apparmor/include/secid.h | 20 +-
security/apparmor/include/task.h | 18 +-
security/apparmor/ipc.c | 3 +-
security/apparmor/label.c | 7 +-
security/apparmor/lsm.c | 257 ++-----
security/apparmor/net.c | 68 --
security/apparmor/policy.c | 5 +-
security/apparmor/policy_unpack.c | 61 --
security/apparmor/resource.c | 2 +-
security/apparmor/secid.c | 149 +----
security/apparmor/task.c | 6 +-
security/commoncap.c | 26 +-
security/loadpin/loadpin.c | 8 +-
security/security.c | 850 ++++++++++++++++++++++--
security/selinux/Kconfig | 15 -
security/selinux/Makefile | 2 +-
security/selinux/exports.c | 23 -
security/selinux/hooks.c | 440 ++++--------
security/selinux/include/audit.h | 3 -
security/selinux/include/objsec.h | 43 +-
security/selinux/netlabel.c | 23 +-
security/selinux/selinuxfs.c | 4 +-
security/selinux/ss/services.c | 1 -
security/selinux/xfrm.c | 4 +-
security/smack/smack.h | 49 +-
security/smack/smack_access.c | 6 +-
security/smack/smack_lsm.c | 378 ++++-------
security/smack/smack_netfilter.c | 8 +-
security/smack/smackfs.c | 18 +-
security/tomoyo/common.h | 22 +-
security/tomoyo/domain.c | 4 +-
security/tomoyo/securityfs_if.c | 15 +-
security/tomoyo/tomoyo.c | 48 +-
security/yama/yama_lsm.c | 8 +-
63 files changed, 1642 insertions(+), 1554 deletions(-)
delete mode 100644 include/linux/selinux.h
delete mode 100644 security/selinux/exports.c
More information about the kernel-team
mailing list