APPLIED[L]: [Lunar][PULL] LSM stacking and AppArmor refresh for 6.2 kernel
John Johansen
john.johansen at canonical.com
Thu Mar 23 18:47:28 UTC 2023
On 3/22/23 03:56, Andrea Righi wrote:
> On Wed, Mar 22, 2023 at 08:39:23AM +0100, Andrea Righi wrote:
>> On Tue, Mar 21, 2023 at 01:20:13PM -0700, John Johansen wrote:
>>> << snip >>
>>>
>>>> John - patch 25 fails to apply. Please rebase against current tip Ubuntu-6.2.0-18.18
>>>
>>> done (below), if we want a new request email lmk
>>
>> Not needed, already applied to lunar/linux.
>>
>> Thanks!
>> -Andrea
>
> Actually there are some build issues with the new patch set on armhf and ppc64:
>
So those build failures are in the syscall patches.
fdf89b196997 UBUNTU: SAUCE: Stacking v38: LSM: Create lsm_module_list system call
aa32d2a6a088 UBUNTU: SAUCE: Stacking v38: LSM: lsm_self_attr syscall for LSM self attributes
there are newer versions available but still very much a wip, so since they
only add new functionality, and nothing in the archive is using them. I have
just dropped them.
For dev purposes I can live with adding them backin and using a ppa, and if we
decide we need the features they offer in 23.04 we can always SRU the updated
patches when we have more time to play around.
pull request with the two patches dropped, is below
The following changes since commit 7b593e8559aca572272e6cece79ddd3f9702456b:
NFS: Correct timing for assigning access cache timestamp (2023-03-17 10:02:09 +0100)
are available in the Git repository at:
https://gitlab.com/jjohansen/apparmor-kernel.git lunar-prompt
for you to fetch changes up to 54ae99f8b544a7ffe238bcb9de51b8d3ab382896:
UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS (2023-03-23 11:00:44 -0700)
----------------------------------------------------------------
Andrea Righi (1):
UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
Casey Schaufler (37):
UBUNTU: SAUCE: Stacking v38: LSM: Identify modules by more than name
UBUNTU: SAUCE: Stacking v38: LSM: Add an LSM identifier for external use
UBUNTU: SAUCE: Stacking v38: LSM: Identify the process attributes for each module
UBUNTU: SAUCE: Stacking v38: LSM: Maintain a table of LSM attribute data
UBUNTU: SAUCE: Stacking v38: proc: Use lsmids instead of lsm names for attrs
UBUNTU: SAUCE: Stacking v38: integrity: disassociate ima_filter_rule from security_audit_rule
UBUNTU: SAUCE: Stacking v38: LSM: Infrastructure management of the sock security
UBUNTU: SAUCE: Stacking v38: LSM: Add the lsmblob data structure.
UBUNTU: SAUCE: Stacking v38: LSM: provide lsm name and id slot mappings
UBUNTU: SAUCE: Stacking v38: IMA: avoid label collisions with stacked LSMs
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_audit_rule_match
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_kernel_act_as
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_secctx_to_secid
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_secid_to_secctx
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_ipc_getsecid
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_current_getsecid
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_inode_getsecid
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_cred_getsecid
UBUNTU: SAUCE: Stacking v38: LSM: Specify which LSM to display
UBUNTU: SAUCE: Stacking v38: LSM: Ensure the correct LSM context releaser
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmcontext in security_secid_to_secctx
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmcontext in security_inode_getsecctx
UBUNTU: SAUCE: Stacking v38: Use lsmcontext in security_dentry_init_security
UBUNTU: SAUCE: Stacking v38: LSM: security_secid_to_secctx in netlink netfilter
UBUNTU: SAUCE: Stacking v38: NET: Store LSM netlabel data in a lsmblob
UBUNTU: SAUCE: Stacking v38: binder: Pass LSM identifier for confirmation
UBUNTU: SAUCE: Stacking v38: LSM: security_secid_to_secctx module selection
UBUNTU: SAUCE: Stacking v38: Audit: Keep multiple LSM data in audit_names
UBUNTU: SAUCE: Stacking v38: Audit: Create audit_stamp structure
UBUNTU: SAUCE: Stacking v38: LSM: Add a function to report multiple LSMs
UBUNTU: SAUCE: Stacking v38: Audit: Allow multiple records in an audit_buffer
UBUNTU: SAUCE: Stacking v38: Audit: Add record for multiple task security contexts
UBUNTU: SAUCE: Stacking v38: audit: multiple subject lsm values for netlabel
UBUNTU: SAUCE: Stacking v38: Audit: Add record for multiple object contexts
UBUNTU: SAUCE: Stacking v38: netlabel: Use a struct lsmblob in audit data
UBUNTU: SAUCE: Stacking v38: LSM: Removed scaffolding function lsmcontext_init
UBUNTU: SAUCE: Stacking v38: AppArmor: Remove the exclusive flag
John Johansen (57):
Revert "UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS"
Revert "UBUNTU: SAUCE: apparmor: add user namespace creation mediation"
Revert "UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix mqueues"
Revert "UBUNTU: SAUCE: Revert "apparmor: make __aa_path_perm() static""
Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display (using struct cred as input)"
Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk parameter const"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in smk_netlbl_mls()"
Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use lsmblob"
Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to kfree_sensitive()"
Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive flag"
Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM context"
Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline function declration."
Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check"
Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple object LSM attributes"
Revert "UBUNTU: SAUCE: Audit: Add new record for multiple process LSM attributes"
Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob"
Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in netlink netfilter"
Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_inode_getsecctx"
Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_secid_to_secctx"
Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser"
Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display"
Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to use lsmblobs"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secid_to_secctx"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secctx_to_secid"
Revert "UBUNTU: SAUCE: net: Prepare UDS for security module stacking"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_audit_rule_match"
Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob data structure."
Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the sock security"
Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock()"
Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()"
Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as part of a secid to secctx"
Revert "UBUNTU: SAUCE: apparmor: fix use after free in sk_peer_label"
Revert "UBUNTU: SAUCE: apparmor: af_unix mediation"
Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules"
Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value"
UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value
UBUNTU: SAUCE: apparmor: rename SK_CTX() to aa_sock and make it an inline fn
UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules
UBUNTU: SAUCE: apparmor: add user namespace creation mediation
UBUNTU: SAUCE: apparmor: Add sysctls for additional controls of unpriv userns restrictions
UBUNTU: SAUCE: apparmor: af_unix mediation
UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix mqueues
UBUNTU: SAUCE: apparmor: combine common_audit_data and apparmor_audit_data
UBUNTU: SAUCE: apparmor: setup slab cache for audit data
UBUNTU: SAUCE: apparmor: rename audit_data->label to audit_data->subj_label
UBUNTU: SAUCE: apparmor: pass cred through to audit info.
UBUNTU: SAUCE: apparmor: Improve debug print infrastructure
UBUNTU: SAUCE: apparmor: add the ability for profiles to have a learning cache
UBUNTU: SAUCE: apparmor: enable userspace upcall for mediation
UBUNTU: SAUCE: apparmor: cache buffers on percpu list if there is lock contention
UBUNTU: SAUCE: apparmor: fix policy_compat permission remap with extended permissions
UBUNTU: SAUCE: apparmor: advertise availability of exended perms
Documentation/ABI/testing/ima_policy | 8 +-
Documentation/security/lsm.rst | 28 --
drivers/android/binder.c | 23 +-
drivers/android/binder_internal.h | 1 +
fs/ceph/super.h | 3 +-
fs/ceph/xattr.c | 19 +-
fs/fuse/dir.c | 35 +-
fs/nfs/dir.c | 2 +-
fs/nfs/inode.c | 17 +-
fs/nfs/internal.h | 8 +-
fs/nfs/nfs4proc.c | 24 +-
fs/nfs/nfs4xdr.c | 22 +-
fs/proc/base.c | 31 +-
fs/proc/internal.h | 2 +-
include/linux/audit.h | 34 +-
include/linux/lsm_hooks.h | 42 +--
include/linux/nfs4.h | 8 +-
include/linux/nfs_fs.h | 2 +-
include/linux/security.h | 190 ++++++----
include/net/af_unix.h | 2 +-
include/net/netlabel.h | 2 +-
include/net/scm.h | 16 +-
include/net/xfrm.h | 4 +-
include/uapi/linux/apparmor.h | 106 ++++++
include/uapi/linux/audit.h | 4 +-
include/uapi/linux/lsm.h | 46 +++
include/uapi/linux/prctl.h | 4 +
kernel/audit.c | 327 ++++++++++--------
kernel/audit.h | 19 +-
kernel/auditfilter.c | 15 +-
kernel/auditsc.c | 205 ++++-------
net/ipv4/cipso_ipv4.c | 3 +-
net/ipv4/ip_sockglue.c | 4 +-
net/netfilter/nf_conntrack_netlink.c | 10 +-
net/netfilter/nfnetlink_queue.c | 24 +-
net/netfilter/nft_meta.c | 12 +-
net/netfilter/xt_SECMARK.c | 2 +-
net/netlabel/netlabel_unlabeled.c | 2 +-
net/netlabel/netlabel_user.c | 5 +-
net/netlabel/netlabel_user.h | 2 +-
net/unix/af_unix.c | 6 +-
security/apparmor/Kconfig | 4 +-
security/apparmor/Makefile | 2 +-
security/apparmor/af_unix.c | 183 +++++-----
security/apparmor/apparmorfs.c | 200 ++++++++++-
security/apparmor/audit.c | 299 ++++++++++++++--
security/apparmor/capability.c | 29 +-
security/apparmor/crypto.c | 9 +-
security/apparmor/domain.c | 134 ++++---
security/apparmor/file.c | 354 ++++++++++++++-----
security/apparmor/include/af_unix.h | 53 +--
security/apparmor/include/apparmor.h | 2 +-
security/apparmor/include/apparmorfs.h | 1 +
security/apparmor/include/audit.h | 86 ++++-
security/apparmor/include/capability.h | 3 +-
security/apparmor/include/file.h | 19 +-
security/apparmor/include/ipc.h | 9 +-
security/apparmor/include/label.h | 1 +
security/apparmor/include/lib.h | 42 ++-
security/apparmor/include/mount.h | 21 +-
security/apparmor/include/net.h | 19 +-
security/apparmor/include/notify.h | 95 +++++
security/apparmor/include/perms.h | 8 +-
security/apparmor/include/policy.h | 15 +-
security/apparmor/include/policy_ns.h | 11 +
security/apparmor/include/procattr.h | 2 +-
security/apparmor/include/resource.h | 3 +-
security/apparmor/include/task.h | 6 +-
security/apparmor/ipc.c | 94 ++---
security/apparmor/label.c | 18 +-
security/apparmor/lib.c | 143 ++++++--
security/apparmor/lsm.c | 353 ++++++++++++++-----
security/apparmor/mount.c | 126 ++++---
security/apparmor/net.c | 88 ++---
security/apparmor/notify.c | 614 +++++++++++++++++++++++++++++++++
security/apparmor/policy.c | 74 ++--
security/apparmor/policy_ns.c | 5 +-
security/apparmor/policy_unpack.c | 57 +--
security/apparmor/procattr.c | 28 +-
security/apparmor/resource.c | 54 +--
security/apparmor/secid.c | 2 -
security/apparmor/task.c | 85 +++--
security/bpf/hooks.c | 6 +-
security/commoncap.c | 6 +-
security/integrity/ima/ima.h | 26 --
security/integrity/ima/ima_api.c | 2 +-
security/integrity/ima/ima_appraise.c | 7 +-
security/integrity/ima/ima_main.c | 19 +-
security/integrity/ima/ima_policy.c | 118 +++++--
security/integrity/integrity_audit.c | 2 +-
security/landlock/cred.c | 7 +-
security/landlock/fs.c | 7 +-
security/landlock/ptrace.c | 7 +-
security/landlock/setup.c | 7 +
security/landlock/setup.h | 1 +
security/loadpin/loadpin.c | 6 +-
security/lockdown/lockdown.c | 6 +-
security/safesetid/lsm.c | 6 +-
security/security.c | 468 ++++++++++++-------------
security/selinux/hooks.c | 46 ++-
security/selinux/include/classmap.h | 3 +-
security/smack/smack_access.c | 5 +-
security/smack/smack_lsm.c | 32 +-
security/smack/smack_netfilter.c | 2 +-
security/smack/smackfs.c | 3 +-
security/tomoyo/tomoyo.c | 6 +-
security/yama/yama_lsm.c | 6 +-
107 files changed, 3754 insertions(+), 1720 deletions(-)
create mode 100644 include/uapi/linux/apparmor.h
create mode 100644 include/uapi/linux/lsm.h
create mode 100644 security/apparmor/include/notify.h
create mode 100644 security/apparmor/notify.c
More information about the kernel-team
mailing list