NAK: [Lunar][PULL] LSM stacking and AppArmor refresh for 6.2 kernel
Tim Gardner
tim.gardner at canonical.com
Tue Mar 21 18:09:29 UTC 2023
On 3/16/23 5:36 PM, John Johansen wrote:
> This is the current stable prompting and refreshed LSM stacking patches
> based
> on master-next 6.2.
>
> The patch sequence, has 5 sections
>
> 1. Revert apparmor and lsm stacking changes to get to clean 6.2
> patches 0001-0040
>
> 2. Apply base apparmor changes. Some of these patches are the same as
> previous, but most of them have bug fix patches folded into them to
> reduce the queue size, and make it less likely to drop them by
> accident.
> patches 0041-0047
>
> 3. The new LSM stacking patchset. This is the most recent version
> except the syscall patch at the end. There is a separate queue of
> 8 patches now for that, BUT Casey is making revisions to it so
> I am waiting on the newest version before doing the work to
> pull in its replacement.
> patches 0048-0086
>
> 4. The prompting patchset
> patches 0087-0096
>
> 5. Config changes.
> patch 0097
>
>
> The following changes since commit
> 50a70463593be2729ee123334548ada1000ed7d2:
>
> UBUNTU: Ubuntu-6.2.0-16.16 (2023-03-10 18:34:28 +0100)
>
> are available in the Git repository at:
>
> https://gitlab.com/jjohansen/apparmor-kernel.git lunar-prompt
>
> for you to fetch changes up to 9fb5679093a35bd102695963856d395a25db5ed2:
>
> UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
> (2023-03-16 16:12:02 -0700)
>
> ----------------------------------------------------------------
> Andrea Righi (1):
> UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
>
> Casey Schaufler (39):
> UBUNTU: SAUCE: Stacking v38: LSM: Identify modules by more than name
> UBUNTU: SAUCE: Stacking v38: LSM: Add an LSM identifier for
> external use
> UBUNTU: SAUCE: Stacking v38: LSM: Identify the process attributes
> for each module
> UBUNTU: SAUCE: Stacking v38: LSM: Maintain a table of LSM
> attribute data
> UBUNTU: SAUCE: Stacking v38: proc: Use lsmids instead of lsm
> names for attrs
> UBUNTU: SAUCE: Stacking v38: LSM: lsm_self_attr syscall for LSM
> self attributes
> UBUNTU: SAUCE: Stacking v38: integrity: disassociate
> ima_filter_rule from security_audit_rule
> UBUNTU: SAUCE: Stacking v38: LSM: Infrastructure management of
> the sock security
> UBUNTU: SAUCE: Stacking v38: LSM: Add the lsmblob data structure.
> UBUNTU: SAUCE: Stacking v38: LSM: provide lsm name and id slot
> mappings
> UBUNTU: SAUCE: Stacking v38: IMA: avoid label collisions with
> stacked LSMs
> UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in
> security_audit_rule_match
> UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in
> security_kernel_act_as
> UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in
> security_secctx_to_secid
> UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in
> security_secid_to_secctx
> UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in
> security_ipc_getsecid
> UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in
> security_current_getsecid
> UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in
> security_inode_getsecid
> UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in
> security_cred_getsecid
> UBUNTU: SAUCE: Stacking v38: LSM: Specify which LSM to display
> UBUNTU: SAUCE: Stacking v38: LSM: Ensure the correct LSM context
> releaser
> UBUNTU: SAUCE: Stacking v38: LSM: Use lsmcontext in
> security_secid_to_secctx
> UBUNTU: SAUCE: Stacking v38: LSM: Use lsmcontext in
> security_inode_getsecctx
> UBUNTU: SAUCE: Stacking v38: Use lsmcontext in
> security_dentry_init_security
> UBUNTU: SAUCE: Stacking v38: LSM: security_secid_to_secctx in
> netlink netfilter
> UBUNTU: SAUCE: Stacking v38: NET: Store LSM netlabel data in a
> lsmblob
> UBUNTU: SAUCE: Stacking v38: binder: Pass LSM identifier for
> confirmation
> UBUNTU: SAUCE: Stacking v38: LSM: security_secid_to_secctx module
> selection
> UBUNTU: SAUCE: Stacking v38: Audit: Keep multiple LSM data in
> audit_names
> UBUNTU: SAUCE: Stacking v38: Audit: Create audit_stamp structure
> UBUNTU: SAUCE: Stacking v38: LSM: Add a function to report
> multiple LSMs
> UBUNTU: SAUCE: Stacking v38: Audit: Allow multiple records in an
> audit_buffer
> UBUNTU: SAUCE: Stacking v38: Audit: Add record for multiple task
> security contexts
> UBUNTU: SAUCE: Stacking v38: audit: multiple subject lsm values
> for netlabel
> UBUNTU: SAUCE: Stacking v38: Audit: Add record for multiple
> object contexts
> UBUNTU: SAUCE: Stacking v38: netlabel: Use a struct lsmblob in
> audit data
> UBUNTU: SAUCE: Stacking v38: LSM: Removed scaffolding function
> lsmcontext_init
> UBUNTU: SAUCE: Stacking v38: AppArmor: Remove the exclusive flag
> UBUNTU: SAUCE: Stacking v38: LSM: Create lsm_module_list system call
>
> John Johansen (57):
> Revert "UBUNTU: [Config] define
> CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS"
> Revert "UBUNTU: SAUCE: apparmor: add user namespace creation
> mediation"
> Revert "UBUNTU: SAUCE: apparmor: Add fine grained mediation of
> posix mqueues"
> Revert "UBUNTU: SAUCE: Revert "apparmor: make __aa_path_perm()
> static""
> Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display (using
> struct cred as input)"
> Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk
> parameter const"
> Revert "UBUNTU: SAUCE: LSM: Use lsmblob in smk_netlbl_mls()"
> Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use lsmblob"
> Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to
> kfree_sensitive()"
> Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive flag"
> Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM
> context"
> Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline
> function declration."
> Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check"
> Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple
> object LSM attributes"
> Revert "UBUNTU: SAUCE: Audit: Add new record for multiple process
> LSM attributes"
> Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob"
> Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in netlink
> netfilter"
> Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in
> security_inode_getsecctx"
> Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in
> security_secid_to_secctx"
> Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser"
> Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display"
> Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to use
> lsmblobs"
> Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid"
> Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid"
> Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid"
> Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid"
> Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secid_to_secctx"
> Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secctx_to_secid"
> Revert "UBUNTU: SAUCE: net: Prepare UDS for security module
> stacking"
> Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as"
> Revert "UBUNTU: SAUCE: LSM: Use lsmblob in
> security_audit_rule_match"
> Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob data
> structure."
> Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the sock
> security"
> Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from
> SK_CTX() to aa_sock()"
> Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()"
> Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as part
> of a secid to secctx"
> Revert "UBUNTU: SAUCE: apparmor: fix use after free in
> sk_peer_label"
> Revert "UBUNTU: SAUCE: apparmor: af_unix mediation"
> Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility
> with v2.x net rules"
> Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string
> hex value"
> UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value
> UBUNTU: SAUCE: apparmor: rename SK_CTX() to aa_sock and make it
> an inline fn
> UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x
> net rules
> UBUNTU: SAUCE: apparmor: add user namespace creation mediation
> UBUNTU: SAUCE: apparmor: Add sysctls for additional controls of
> unpriv userns restrictions
> UBUNTU: SAUCE: apparmor: af_unix mediation
> UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix mqueues
> UBUNTU: SAUCE: apparmor: combine common_audit_data and
> apparmor_audit_data
> UBUNTU: SAUCE: apparmor: setup slab cache for audit data
> UBUNTU: SAUCE: apparmor: rename audit_data->label to
> audit_data->subj_label
> UBUNTU: SAUCE: apparmor: pass cred through to audit info.
> UBUNTU: SAUCE: apparmor: Improve debug print infrastructure
> UBUNTU: SAUCE: apparmor: add the ability for profiles to have a
> learning cache
> UBUNTU: SAUCE: apparmor: enable userspace upcall for mediation
> UBUNTU: SAUCE: apparmor: cache buffers on percpu list if there is
> lock contention
> UBUNTU: SAUCE: apparmor: fix policy_compat permission remap with
> extended permissions
> UBUNTU: SAUCE: apparmor: advertise availability of exended perms
>
> Documentation/ABI/testing/ima_policy | 8 +-
> Documentation/security/lsm.rst | 28 --
> arch/x86/entry/syscalls/syscall_64.tbl | 2 +
> drivers/android/binder.c | 23 +-
> drivers/android/binder_internal.h | 1 +
> fs/ceph/super.h | 3 +-
> fs/ceph/xattr.c | 19 +-
> fs/fuse/dir.c | 35 +-
> fs/nfs/dir.c | 2 +-
> fs/nfs/inode.c | 17 +-
> fs/nfs/internal.h | 8 +-
> fs/nfs/nfs4proc.c | 24 +-
> fs/nfs/nfs4xdr.c | 22 +-
> fs/proc/base.c | 31 +-
> fs/proc/internal.h | 2 +-
> include/linux/audit.h | 34 +-
> include/linux/lsm_hooks.h | 42 +--
> include/linux/nfs4.h | 8 +-
> include/linux/nfs_fs.h | 2 +-
> include/linux/security.h | 190 ++++++----
> include/linux/syscalls.h | 2 +
> include/net/af_unix.h | 2 +-
> include/net/netlabel.h | 2 +-
> include/net/scm.h | 16 +-
> include/net/xfrm.h | 4 +-
> include/uapi/asm-generic/unistd.h | 8 +-
> include/uapi/linux/apparmor.h | 106 ++++++
> include/uapi/linux/audit.h | 4 +-
> include/uapi/linux/lsm.h | 67 ++++
> include/uapi/linux/prctl.h | 4 +
> kernel/audit.c | 327 ++++++++++--------
> kernel/audit.h | 19 +-
> kernel/auditfilter.c | 15 +-
> kernel/auditsc.c | 205 ++++-------
> kernel/sys_ni.c | 4 +
> net/ipv4/cipso_ipv4.c | 3 +-
> net/ipv4/ip_sockglue.c | 4 +-
> net/netfilter/nf_conntrack_netlink.c | 10 +-
> net/netfilter/nfnetlink_queue.c | 24 +-
> net/netfilter/nft_meta.c | 12 +-
> net/netfilter/xt_SECMARK.c | 2 +-
> net/netlabel/netlabel_unlabeled.c | 2 +-
> net/netlabel/netlabel_user.c | 5 +-
> net/netlabel/netlabel_user.h | 2 +-
> net/unix/af_unix.c | 6 +-
> security/Makefile | 1 +
> security/apparmor/Kconfig | 4 +-
> security/apparmor/Makefile | 2 +-
> security/apparmor/af_unix.c | 183 +++++-----
> security/apparmor/apparmorfs.c | 200 ++++++++++-
> security/apparmor/audit.c | 299 ++++++++++++++--
> security/apparmor/capability.c | 29 +-
> security/apparmor/crypto.c | 9 +-
> security/apparmor/domain.c | 134 ++++---
> security/apparmor/file.c | 354 ++++++++++++++-----
> security/apparmor/include/af_unix.h | 53 +--
> security/apparmor/include/apparmor.h | 2 +-
> security/apparmor/include/apparmorfs.h | 1 +
> security/apparmor/include/audit.h | 86 ++++-
> security/apparmor/include/capability.h | 3 +-
> security/apparmor/include/file.h | 19 +-
> security/apparmor/include/ipc.h | 9 +-
> security/apparmor/include/label.h | 1 +
> security/apparmor/include/lib.h | 42 ++-
> security/apparmor/include/mount.h | 21 +-
> security/apparmor/include/net.h | 19 +-
> security/apparmor/include/notify.h | 95 +++++
> security/apparmor/include/perms.h | 8 +-
> security/apparmor/include/policy.h | 15 +-
> security/apparmor/include/policy_ns.h | 11 +
> security/apparmor/include/procattr.h | 2 +-
> security/apparmor/include/resource.h | 3 +-
> security/apparmor/include/task.h | 6 +-
> security/apparmor/ipc.c | 94 ++---
> security/apparmor/label.c | 18 +-
> security/apparmor/lib.c | 143 ++++++--
> security/apparmor/lsm.c | 353 ++++++++++++++-----
> security/apparmor/mount.c | 126 ++++---
> security/apparmor/net.c | 88 ++---
> security/apparmor/notify.c | 614
> +++++++++++++++++++++++++++++++++
> security/apparmor/policy.c | 74 ++--
> security/apparmor/policy_ns.c | 5 +-
> security/apparmor/policy_unpack.c | 57 +--
> security/apparmor/procattr.c | 28 +-
> security/apparmor/resource.c | 54 +--
> security/apparmor/secid.c | 2 -
> security/apparmor/task.c | 85 +++--
> security/bpf/hooks.c | 6 +-
> security/commoncap.c | 6 +-
> security/integrity/ima/ima.h | 26 --
> security/integrity/ima/ima_api.c | 2 +-
> security/integrity/ima/ima_appraise.c | 7 +-
> security/integrity/ima/ima_main.c | 19 +-
> security/integrity/ima/ima_policy.c | 118 +++++--
> security/integrity/integrity_audit.c | 2 +-
> security/landlock/cred.c | 7 +-
> security/landlock/fs.c | 7 +-
> security/landlock/ptrace.c | 7 +-
> security/landlock/setup.c | 7 +
> security/landlock/setup.h | 1 +
> security/loadpin/loadpin.c | 6 +-
> security/lockdown/lockdown.c | 6 +-
> security/lsm_syscalls.c | 206 +++++++++++
> security/safesetid/lsm.c | 6 +-
> security/security.c | 468 ++++++++++++-------------
> security/selinux/hooks.c | 46 ++-
> security/selinux/include/classmap.h | 3 +-
> security/smack/smack_access.c | 5 +-
> security/smack/smack_lsm.c | 32 +-
> security/smack/smack_netfilter.c | 2 +-
> security/smack/smackfs.c | 3 +-
> security/tomoyo/tomoyo.c | 6 +-
> security/yama/yama_lsm.c | 6 +-
> 113 files changed, 3997 insertions(+), 1721 deletions(-)
> create mode 100644 include/uapi/linux/apparmor.h
> create mode 100644 include/uapi/linux/lsm.h
> create mode 100644 security/apparmor/include/notify.h
> create mode 100644 security/apparmor/notify.c
> create mode 100644 security/lsm_syscalls.c
>
John - patch 25 fails to apply. Please rebase against current tip
Ubuntu-6.2.0-18.18
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list