| Message ID | 011b92b6-5769-7943-c472-54ef05ef29ae@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | [Lunar,PULL] LSM stacking and AppArmor refresh for 6.2 kernel | expand |
On 3/16/23 5:36 PM, John Johansen wrote: > This is the current stable prompting and refreshed LSM stacking patches > based > on master-next 6.2. > > The patch sequence, has 5 sections > > 1. Revert apparmor and lsm stacking changes to get to clean 6.2 > patches 0001-0040 > > 2. Apply base apparmor changes. Some of these patches are the same as > previous, but most of them have bug fix patches folded into them to > reduce the queue size, and make it less likely to drop them by > accident. > patches 0041-0047 > > 3. The new LSM stacking patchset. This is the most recent version > except the syscall patch at the end. There is a separate queue of > 8 patches now for that, BUT Casey is making revisions to it so > I am waiting on the newest version before doing the work to > pull in its replacement. > patches 0048-0086 > > 4. The prompting patchset > patches 0087-0096 > > 5. Config changes. > patch 0097 > > > The following changes since commit > 50a70463593be2729ee123334548ada1000ed7d2: > > UBUNTU: Ubuntu-6.2.0-16.16 (2023-03-10 18:34:28 +0100) > > are available in the Git repository at: > > https://gitlab.com/jjohansen/apparmor-kernel.git lunar-prompt > > for you to fetch changes up to 9fb5679093a35bd102695963856d395a25db5ed2: > > UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS > (2023-03-16 16:12:02 -0700) > > ---------------------------------------------------------------- > Andrea Righi (1): > UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS > > Casey Schaufler (39): > UBUNTU: SAUCE: Stacking v38: LSM: Identify modules by more than name > UBUNTU: SAUCE: Stacking v38: LSM: Add an LSM identifier for > external use > UBUNTU: SAUCE: Stacking v38: LSM: Identify the process attributes > for each module > UBUNTU: SAUCE: Stacking v38: LSM: Maintain a table of LSM > attribute data > UBUNTU: SAUCE: Stacking v38: proc: Use lsmids instead of lsm > names for attrs > UBUNTU: SAUCE: Stacking v38: LSM: lsm_self_attr syscall for LSM > self attributes > UBUNTU: SAUCE: Stacking v38: integrity: disassociate > ima_filter_rule from security_audit_rule > UBUNTU: SAUCE: Stacking v38: LSM: Infrastructure management of > the sock security > UBUNTU: SAUCE: Stacking v38: LSM: Add the lsmblob data structure. > UBUNTU: SAUCE: Stacking v38: LSM: provide lsm name and id slot > mappings > UBUNTU: SAUCE: Stacking v38: IMA: avoid label collisions with > stacked LSMs > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in > security_audit_rule_match > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in > security_kernel_act_as > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in > security_secctx_to_secid > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in > security_secid_to_secctx > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in > security_ipc_getsecid > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in > security_current_getsecid > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in > security_inode_getsecid > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in > security_cred_getsecid > UBUNTU: SAUCE: Stacking v38: LSM: Specify which LSM to display > UBUNTU: SAUCE: Stacking v38: LSM: Ensure the correct LSM context > releaser > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmcontext in > security_secid_to_secctx > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmcontext in > security_inode_getsecctx > UBUNTU: SAUCE: Stacking v38: Use lsmcontext in > security_dentry_init_security > UBUNTU: SAUCE: Stacking v38: LSM: security_secid_to_secctx in > netlink netfilter > UBUNTU: SAUCE: Stacking v38: NET: Store LSM netlabel data in a > lsmblob > UBUNTU: SAUCE: Stacking v38: binder: Pass LSM identifier for > confirmation > UBUNTU: SAUCE: Stacking v38: LSM: security_secid_to_secctx module > selection > UBUNTU: SAUCE: Stacking v38: Audit: Keep multiple LSM data in > audit_names > UBUNTU: SAUCE: Stacking v38: Audit: Create audit_stamp structure > UBUNTU: SAUCE: Stacking v38: LSM: Add a function to report > multiple LSMs > UBUNTU: SAUCE: Stacking v38: Audit: Allow multiple records in an > audit_buffer > UBUNTU: SAUCE: Stacking v38: Audit: Add record for multiple task > security contexts > UBUNTU: SAUCE: Stacking v38: audit: multiple subject lsm values > for netlabel > UBUNTU: SAUCE: Stacking v38: Audit: Add record for multiple > object contexts > UBUNTU: SAUCE: Stacking v38: netlabel: Use a struct lsmblob in > audit data > UBUNTU: SAUCE: Stacking v38: LSM: Removed scaffolding function > lsmcontext_init > UBUNTU: SAUCE: Stacking v38: AppArmor: Remove the exclusive flag > UBUNTU: SAUCE: Stacking v38: LSM: Create lsm_module_list system call > > John Johansen (57): > Revert "UBUNTU: [Config] define > CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS" > Revert "UBUNTU: SAUCE: apparmor: add user namespace creation > mediation" > Revert "UBUNTU: SAUCE: apparmor: Add fine grained mediation of > posix mqueues" > Revert "UBUNTU: SAUCE: Revert "apparmor: make __aa_path_perm() > static"" > Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display (using > struct cred as input)" > Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk > parameter const" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in smk_netlbl_mls()" > Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use lsmblob" > Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to > kfree_sensitive()" > Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive flag" > Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM > context" > Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline > function declration." > Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check" > Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple > object LSM attributes" > Revert "UBUNTU: SAUCE: Audit: Add new record for multiple process > LSM attributes" > Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob" > Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in netlink > netfilter" > Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in > security_inode_getsecctx" > Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in > security_secid_to_secctx" > Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser" > Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display" > Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to use > lsmblobs" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secid_to_secctx" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secctx_to_secid" > Revert "UBUNTU: SAUCE: net: Prepare UDS for security module > stacking" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in > security_audit_rule_match" > Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob data > structure." > Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the sock > security" > Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from > SK_CTX() to aa_sock()" > Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()" > Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as part > of a secid to secctx" > Revert "UBUNTU: SAUCE: apparmor: fix use after free in > sk_peer_label" > Revert "UBUNTU: SAUCE: apparmor: af_unix mediation" > Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility > with v2.x net rules" > Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string > hex value" > UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value > UBUNTU: SAUCE: apparmor: rename SK_CTX() to aa_sock and make it > an inline fn > UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x > net rules > UBUNTU: SAUCE: apparmor: add user namespace creation mediation > UBUNTU: SAUCE: apparmor: Add sysctls for additional controls of > unpriv userns restrictions > UBUNTU: SAUCE: apparmor: af_unix mediation > UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix mqueues > UBUNTU: SAUCE: apparmor: combine common_audit_data and > apparmor_audit_data > UBUNTU: SAUCE: apparmor: setup slab cache for audit data > UBUNTU: SAUCE: apparmor: rename audit_data->label to > audit_data->subj_label > UBUNTU: SAUCE: apparmor: pass cred through to audit info. > UBUNTU: SAUCE: apparmor: Improve debug print infrastructure > UBUNTU: SAUCE: apparmor: add the ability for profiles to have a > learning cache > UBUNTU: SAUCE: apparmor: enable userspace upcall for mediation > UBUNTU: SAUCE: apparmor: cache buffers on percpu list if there is > lock contention > UBUNTU: SAUCE: apparmor: fix policy_compat permission remap with > extended permissions > UBUNTU: SAUCE: apparmor: advertise availability of exended perms > > Documentation/ABI/testing/ima_policy | 8 +- > Documentation/security/lsm.rst | 28 -- > arch/x86/entry/syscalls/syscall_64.tbl | 2 + > drivers/android/binder.c | 23 +- > drivers/android/binder_internal.h | 1 + > fs/ceph/super.h | 3 +- > fs/ceph/xattr.c | 19 +- > fs/fuse/dir.c | 35 +- > fs/nfs/dir.c | 2 +- > fs/nfs/inode.c | 17 +- > fs/nfs/internal.h | 8 +- > fs/nfs/nfs4proc.c | 24 +- > fs/nfs/nfs4xdr.c | 22 +- > fs/proc/base.c | 31 +- > fs/proc/internal.h | 2 +- > include/linux/audit.h | 34 +- > include/linux/lsm_hooks.h | 42 +-- > include/linux/nfs4.h | 8 +- > include/linux/nfs_fs.h | 2 +- > include/linux/security.h | 190 ++++++---- > include/linux/syscalls.h | 2 + > include/net/af_unix.h | 2 +- > include/net/netlabel.h | 2 +- > include/net/scm.h | 16 +- > include/net/xfrm.h | 4 +- > include/uapi/asm-generic/unistd.h | 8 +- > include/uapi/linux/apparmor.h | 106 ++++++ > include/uapi/linux/audit.h | 4 +- > include/uapi/linux/lsm.h | 67 ++++ > include/uapi/linux/prctl.h | 4 + > kernel/audit.c | 327 ++++++++++-------- > kernel/audit.h | 19 +- > kernel/auditfilter.c | 15 +- > kernel/auditsc.c | 205 ++++------- > kernel/sys_ni.c | 4 + > net/ipv4/cipso_ipv4.c | 3 +- > net/ipv4/ip_sockglue.c | 4 +- > net/netfilter/nf_conntrack_netlink.c | 10 +- > net/netfilter/nfnetlink_queue.c | 24 +- > net/netfilter/nft_meta.c | 12 +- > net/netfilter/xt_SECMARK.c | 2 +- > net/netlabel/netlabel_unlabeled.c | 2 +- > net/netlabel/netlabel_user.c | 5 +- > net/netlabel/netlabel_user.h | 2 +- > net/unix/af_unix.c | 6 +- > security/Makefile | 1 + > security/apparmor/Kconfig | 4 +- > security/apparmor/Makefile | 2 +- > security/apparmor/af_unix.c | 183 +++++----- > security/apparmor/apparmorfs.c | 200 ++++++++++- > security/apparmor/audit.c | 299 ++++++++++++++-- > security/apparmor/capability.c | 29 +- > security/apparmor/crypto.c | 9 +- > security/apparmor/domain.c | 134 ++++--- > security/apparmor/file.c | 354 ++++++++++++++----- > security/apparmor/include/af_unix.h | 53 +-- > security/apparmor/include/apparmor.h | 2 +- > security/apparmor/include/apparmorfs.h | 1 + > security/apparmor/include/audit.h | 86 ++++- > security/apparmor/include/capability.h | 3 +- > security/apparmor/include/file.h | 19 +- > security/apparmor/include/ipc.h | 9 +- > security/apparmor/include/label.h | 1 + > security/apparmor/include/lib.h | 42 ++- > security/apparmor/include/mount.h | 21 +- > security/apparmor/include/net.h | 19 +- > security/apparmor/include/notify.h | 95 +++++ > security/apparmor/include/perms.h | 8 +- > security/apparmor/include/policy.h | 15 +- > security/apparmor/include/policy_ns.h | 11 + > security/apparmor/include/procattr.h | 2 +- > security/apparmor/include/resource.h | 3 +- > security/apparmor/include/task.h | 6 +- > security/apparmor/ipc.c | 94 ++--- > security/apparmor/label.c | 18 +- > security/apparmor/lib.c | 143 ++++++-- > security/apparmor/lsm.c | 353 ++++++++++++++----- > security/apparmor/mount.c | 126 ++++--- > security/apparmor/net.c | 88 ++--- > security/apparmor/notify.c | 614 > +++++++++++++++++++++++++++++++++ > security/apparmor/policy.c | 74 ++-- > security/apparmor/policy_ns.c | 5 +- > security/apparmor/policy_unpack.c | 57 +-- > security/apparmor/procattr.c | 28 +- > security/apparmor/resource.c | 54 +-- > security/apparmor/secid.c | 2 - > security/apparmor/task.c | 85 +++-- > security/bpf/hooks.c | 6 +- > security/commoncap.c | 6 +- > security/integrity/ima/ima.h | 26 -- > security/integrity/ima/ima_api.c | 2 +- > security/integrity/ima/ima_appraise.c | 7 +- > security/integrity/ima/ima_main.c | 19 +- > security/integrity/ima/ima_policy.c | 118 +++++-- > security/integrity/integrity_audit.c | 2 +- > security/landlock/cred.c | 7 +- > security/landlock/fs.c | 7 +- > security/landlock/ptrace.c | 7 +- > security/landlock/setup.c | 7 + > security/landlock/setup.h | 1 + > security/loadpin/loadpin.c | 6 +- > security/lockdown/lockdown.c | 6 +- > security/lsm_syscalls.c | 206 +++++++++++ > security/safesetid/lsm.c | 6 +- > security/security.c | 468 ++++++++++++------------- > security/selinux/hooks.c | 46 ++- > security/selinux/include/classmap.h | 3 +- > security/smack/smack_access.c | 5 +- > security/smack/smack_lsm.c | 32 +- > security/smack/smack_netfilter.c | 2 +- > security/smack/smackfs.c | 3 +- > security/tomoyo/tomoyo.c | 6 +- > security/yama/yama_lsm.c | 6 +- > 113 files changed, 3997 insertions(+), 1721 deletions(-) > create mode 100644 include/uapi/linux/apparmor.h > create mode 100644 include/uapi/linux/lsm.h > create mode 100644 security/apparmor/include/notify.h > create mode 100644 security/apparmor/notify.c > create mode 100644 security/lsm_syscalls.c > John - patch 25 fails to apply. Please rebase against current tip Ubuntu-6.2.0-18.18
<< snip >>
> John - patch 25 fails to apply. Please rebase against current tip Ubuntu-6.2.0-18.18
done (below), if we want a new request email lmk
The following changes since commit 7b593e8559aca572272e6cece79ddd3f9702456b:
NFS: Correct timing for assigning access cache timestamp (2023-03-17 10:02:09 +0100)
are available in the Git repository at:
https://gitlab.com/jjohansen/apparmor-kernel.git lunar-prompt
for you to fetch changes up to 4bd64e980c466c69d411160d1ee382892d862230:
UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS (2023-03-21 12:14:45 -0700)
----------------------------------------------------------------
Andrea Righi (1):
UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS
Casey Schaufler (39):
UBUNTU: SAUCE: Stacking v38: LSM: Identify modules by more than name
UBUNTU: SAUCE: Stacking v38: LSM: Add an LSM identifier for external use
UBUNTU: SAUCE: Stacking v38: LSM: Identify the process attributes for each module
UBUNTU: SAUCE: Stacking v38: LSM: Maintain a table of LSM attribute data
UBUNTU: SAUCE: Stacking v38: proc: Use lsmids instead of lsm names for attrs
UBUNTU: SAUCE: Stacking v38: LSM: lsm_self_attr syscall for LSM self attributes
UBUNTU: SAUCE: Stacking v38: integrity: disassociate ima_filter_rule from security_audit_rule
UBUNTU: SAUCE: Stacking v38: LSM: Infrastructure management of the sock security
UBUNTU: SAUCE: Stacking v38: LSM: Add the lsmblob data structure.
UBUNTU: SAUCE: Stacking v38: LSM: provide lsm name and id slot mappings
UBUNTU: SAUCE: Stacking v38: IMA: avoid label collisions with stacked LSMs
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_audit_rule_match
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_kernel_act_as
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_secctx_to_secid
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_secid_to_secctx
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_ipc_getsecid
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_current_getsecid
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_inode_getsecid
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_cred_getsecid
UBUNTU: SAUCE: Stacking v38: LSM: Specify which LSM to display
UBUNTU: SAUCE: Stacking v38: LSM: Ensure the correct LSM context releaser
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmcontext in security_secid_to_secctx
UBUNTU: SAUCE: Stacking v38: LSM: Use lsmcontext in security_inode_getsecctx
UBUNTU: SAUCE: Stacking v38: Use lsmcontext in security_dentry_init_security
UBUNTU: SAUCE: Stacking v38: LSM: security_secid_to_secctx in netlink netfilter
UBUNTU: SAUCE: Stacking v38: NET: Store LSM netlabel data in a lsmblob
UBUNTU: SAUCE: Stacking v38: binder: Pass LSM identifier for confirmation
UBUNTU: SAUCE: Stacking v38: LSM: security_secid_to_secctx module selection
UBUNTU: SAUCE: Stacking v38: Audit: Keep multiple LSM data in audit_names
UBUNTU: SAUCE: Stacking v38: Audit: Create audit_stamp structure
UBUNTU: SAUCE: Stacking v38: LSM: Add a function to report multiple LSMs
UBUNTU: SAUCE: Stacking v38: Audit: Allow multiple records in an audit_buffer
UBUNTU: SAUCE: Stacking v38: Audit: Add record for multiple task security contexts
UBUNTU: SAUCE: Stacking v38: audit: multiple subject lsm values for netlabel
UBUNTU: SAUCE: Stacking v38: Audit: Add record for multiple object contexts
UBUNTU: SAUCE: Stacking v38: netlabel: Use a struct lsmblob in audit data
UBUNTU: SAUCE: Stacking v38: LSM: Removed scaffolding function lsmcontext_init
UBUNTU: SAUCE: Stacking v38: AppArmor: Remove the exclusive flag
UBUNTU: SAUCE: Stacking v38: LSM: Create lsm_module_list system call
John Johansen (57):
Revert "UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS"
Revert "UBUNTU: SAUCE: apparmor: add user namespace creation mediation"
Revert "UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix mqueues"
Revert "UBUNTU: SAUCE: Revert "apparmor: make __aa_path_perm() static""
Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display (using struct cred as input)"
Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk parameter const"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in smk_netlbl_mls()"
Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use lsmblob"
Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to kfree_sensitive()"
Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive flag"
Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM context"
Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline function declration."
Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check"
Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple object LSM attributes"
Revert "UBUNTU: SAUCE: Audit: Add new record for multiple process LSM attributes"
Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob"
Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in netlink netfilter"
Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_inode_getsecctx"
Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_secid_to_secctx"
Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser"
Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display"
Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to use lsmblobs"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secid_to_secctx"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secctx_to_secid"
Revert "UBUNTU: SAUCE: net: Prepare UDS for security module stacking"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as"
Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_audit_rule_match"
Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob data structure."
Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the sock security"
Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock()"
Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()"
Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as part of a secid to secctx"
Revert "UBUNTU: SAUCE: apparmor: fix use after free in sk_peer_label"
Revert "UBUNTU: SAUCE: apparmor: af_unix mediation"
Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules"
Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value"
UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value
UBUNTU: SAUCE: apparmor: rename SK_CTX() to aa_sock and make it an inline fn
UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules
UBUNTU: SAUCE: apparmor: add user namespace creation mediation
UBUNTU: SAUCE: apparmor: Add sysctls for additional controls of unpriv userns restrictions
UBUNTU: SAUCE: apparmor: af_unix mediation
UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix mqueues
UBUNTU: SAUCE: apparmor: combine common_audit_data and apparmor_audit_data
UBUNTU: SAUCE: apparmor: setup slab cache for audit data
UBUNTU: SAUCE: apparmor: rename audit_data->label to audit_data->subj_label
UBUNTU: SAUCE: apparmor: pass cred through to audit info.
UBUNTU: SAUCE: apparmor: Improve debug print infrastructure
UBUNTU: SAUCE: apparmor: add the ability for profiles to have a learning cache
UBUNTU: SAUCE: apparmor: enable userspace upcall for mediation
UBUNTU: SAUCE: apparmor: cache buffers on percpu list if there is lock contention
UBUNTU: SAUCE: apparmor: fix policy_compat permission remap with extended permissions
UBUNTU: SAUCE: apparmor: advertise availability of exended perms
Documentation/ABI/testing/ima_policy | 8 +-
Documentation/security/lsm.rst | 28 --
arch/x86/entry/syscalls/syscall_64.tbl | 2 +
drivers/android/binder.c | 23 +-
drivers/android/binder_internal.h | 1 +
fs/ceph/super.h | 3 +-
fs/ceph/xattr.c | 19 +-
fs/fuse/dir.c | 35 +-
fs/nfs/dir.c | 2 +-
fs/nfs/inode.c | 17 +-
fs/nfs/internal.h | 8 +-
fs/nfs/nfs4proc.c | 24 +-
fs/nfs/nfs4xdr.c | 22 +-
fs/proc/base.c | 31 +-
fs/proc/internal.h | 2 +-
include/linux/audit.h | 34 +-
include/linux/lsm_hooks.h | 42 +--
include/linux/nfs4.h | 8 +-
include/linux/nfs_fs.h | 2 +-
include/linux/security.h | 190 ++++++----
include/linux/syscalls.h | 2 +
include/net/af_unix.h | 2 +-
include/net/netlabel.h | 2 +-
include/net/scm.h | 16 +-
include/net/xfrm.h | 4 +-
include/uapi/asm-generic/unistd.h | 8 +-
include/uapi/linux/apparmor.h | 106 ++++++
include/uapi/linux/audit.h | 4 +-
include/uapi/linux/lsm.h | 67 ++++
include/uapi/linux/prctl.h | 4 +
kernel/audit.c | 327 ++++++++++--------
kernel/audit.h | 19 +-
kernel/auditfilter.c | 15 +-
kernel/auditsc.c | 205 ++++-------
kernel/sys_ni.c | 4 +
net/ipv4/cipso_ipv4.c | 3 +-
net/ipv4/ip_sockglue.c | 4 +-
net/netfilter/nf_conntrack_netlink.c | 10 +-
net/netfilter/nfnetlink_queue.c | 24 +-
net/netfilter/nft_meta.c | 12 +-
net/netfilter/xt_SECMARK.c | 2 +-
net/netlabel/netlabel_unlabeled.c | 2 +-
net/netlabel/netlabel_user.c | 5 +-
net/netlabel/netlabel_user.h | 2 +-
net/unix/af_unix.c | 6 +-
security/Makefile | 1 +
security/apparmor/Kconfig | 4 +-
security/apparmor/Makefile | 2 +-
security/apparmor/af_unix.c | 183 +++++-----
security/apparmor/apparmorfs.c | 200 ++++++++++-
security/apparmor/audit.c | 299 ++++++++++++++--
security/apparmor/capability.c | 29 +-
security/apparmor/crypto.c | 9 +-
security/apparmor/domain.c | 134 ++++---
security/apparmor/file.c | 354 ++++++++++++++-----
security/apparmor/include/af_unix.h | 53 +--
security/apparmor/include/apparmor.h | 2 +-
security/apparmor/include/apparmorfs.h | 1 +
security/apparmor/include/audit.h | 86 ++++-
security/apparmor/include/capability.h | 3 +-
security/apparmor/include/file.h | 19 +-
security/apparmor/include/ipc.h | 9 +-
security/apparmor/include/label.h | 1 +
security/apparmor/include/lib.h | 42 ++-
security/apparmor/include/mount.h | 21 +-
security/apparmor/include/net.h | 19 +-
security/apparmor/include/notify.h | 95 +++++
security/apparmor/include/perms.h | 8 +-
security/apparmor/include/policy.h | 15 +-
security/apparmor/include/policy_ns.h | 11 +
security/apparmor/include/procattr.h | 2 +-
security/apparmor/include/resource.h | 3 +-
security/apparmor/include/task.h | 6 +-
security/apparmor/ipc.c | 94 ++---
security/apparmor/label.c | 18 +-
security/apparmor/lib.c | 143 ++++++--
security/apparmor/lsm.c | 353 ++++++++++++++-----
security/apparmor/mount.c | 126 ++++---
security/apparmor/net.c | 88 ++---
security/apparmor/notify.c | 614 +++++++++++++++++++++++++++++++++
security/apparmor/policy.c | 74 ++--
security/apparmor/policy_ns.c | 5 +-
security/apparmor/policy_unpack.c | 57 +--
security/apparmor/procattr.c | 28 +-
security/apparmor/resource.c | 54 +--
security/apparmor/secid.c | 2 -
security/apparmor/task.c | 85 +++--
security/bpf/hooks.c | 6 +-
security/commoncap.c | 6 +-
security/integrity/ima/ima.h | 26 --
security/integrity/ima/ima_api.c | 2 +-
security/integrity/ima/ima_appraise.c | 7 +-
security/integrity/ima/ima_main.c | 19 +-
security/integrity/ima/ima_policy.c | 118 +++++--
security/integrity/integrity_audit.c | 2 +-
security/landlock/cred.c | 7 +-
security/landlock/fs.c | 7 +-
security/landlock/ptrace.c | 7 +-
security/landlock/setup.c | 7 +
security/landlock/setup.h | 1 +
security/loadpin/loadpin.c | 6 +-
security/lockdown/lockdown.c | 6 +-
security/lsm_syscalls.c | 206 +++++++++++
security/safesetid/lsm.c | 6 +-
security/security.c | 468 ++++++++++++-------------
security/selinux/hooks.c | 46 ++-
security/selinux/include/classmap.h | 3 +-
security/smack/smack_access.c | 5 +-
security/smack/smack_lsm.c | 32 +-
security/smack/smack_netfilter.c | 2 +-
security/smack/smackfs.c | 3 +-
security/tomoyo/tomoyo.c | 6 +-
security/yama/yama_lsm.c | 6 +-
113 files changed, 3997 insertions(+), 1721 deletions(-)
create mode 100644 include/uapi/linux/apparmor.h
create mode 100644 include/uapi/linux/lsm.h
create mode 100644 security/apparmor/include/notify.h
create mode 100644 security/apparmor/notify.c
create mode 100644 security/lsm_syscalls.c
On Tue, Mar 21, 2023 at 01:20:13PM -0700, John Johansen wrote: > << snip >> > > > John - patch 25 fails to apply. Please rebase against current tip Ubuntu-6.2.0-18.18 > > done (below), if we want a new request email lmk Not needed, already applied to lunar/linux. Thanks! -Andrea > > > > The following changes since commit 7b593e8559aca572272e6cece79ddd3f9702456b: > > NFS: Correct timing for assigning access cache timestamp (2023-03-17 10:02:09 +0100) > > are available in the Git repository at: > > https://gitlab.com/jjohansen/apparmor-kernel.git lunar-prompt > > for you to fetch changes up to 4bd64e980c466c69d411160d1ee382892d862230: > > UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS (2023-03-21 12:14:45 -0700) > > ---------------------------------------------------------------- > Andrea Righi (1): > UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS > > Casey Schaufler (39): > UBUNTU: SAUCE: Stacking v38: LSM: Identify modules by more than name > UBUNTU: SAUCE: Stacking v38: LSM: Add an LSM identifier for external use > UBUNTU: SAUCE: Stacking v38: LSM: Identify the process attributes for each module > UBUNTU: SAUCE: Stacking v38: LSM: Maintain a table of LSM attribute data > UBUNTU: SAUCE: Stacking v38: proc: Use lsmids instead of lsm names for attrs > UBUNTU: SAUCE: Stacking v38: LSM: lsm_self_attr syscall for LSM self attributes > UBUNTU: SAUCE: Stacking v38: integrity: disassociate ima_filter_rule from security_audit_rule > UBUNTU: SAUCE: Stacking v38: LSM: Infrastructure management of the sock security > UBUNTU: SAUCE: Stacking v38: LSM: Add the lsmblob data structure. > UBUNTU: SAUCE: Stacking v38: LSM: provide lsm name and id slot mappings > UBUNTU: SAUCE: Stacking v38: IMA: avoid label collisions with stacked LSMs > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_audit_rule_match > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_kernel_act_as > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_secctx_to_secid > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_secid_to_secctx > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_ipc_getsecid > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_current_getsecid > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_inode_getsecid > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_cred_getsecid > UBUNTU: SAUCE: Stacking v38: LSM: Specify which LSM to display > UBUNTU: SAUCE: Stacking v38: LSM: Ensure the correct LSM context releaser > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmcontext in security_secid_to_secctx > UBUNTU: SAUCE: Stacking v38: LSM: Use lsmcontext in security_inode_getsecctx > UBUNTU: SAUCE: Stacking v38: Use lsmcontext in security_dentry_init_security > UBUNTU: SAUCE: Stacking v38: LSM: security_secid_to_secctx in netlink netfilter > UBUNTU: SAUCE: Stacking v38: NET: Store LSM netlabel data in a lsmblob > UBUNTU: SAUCE: Stacking v38: binder: Pass LSM identifier for confirmation > UBUNTU: SAUCE: Stacking v38: LSM: security_secid_to_secctx module selection > UBUNTU: SAUCE: Stacking v38: Audit: Keep multiple LSM data in audit_names > UBUNTU: SAUCE: Stacking v38: Audit: Create audit_stamp structure > UBUNTU: SAUCE: Stacking v38: LSM: Add a function to report multiple LSMs > UBUNTU: SAUCE: Stacking v38: Audit: Allow multiple records in an audit_buffer > UBUNTU: SAUCE: Stacking v38: Audit: Add record for multiple task security contexts > UBUNTU: SAUCE: Stacking v38: audit: multiple subject lsm values for netlabel > UBUNTU: SAUCE: Stacking v38: Audit: Add record for multiple object contexts > UBUNTU: SAUCE: Stacking v38: netlabel: Use a struct lsmblob in audit data > UBUNTU: SAUCE: Stacking v38: LSM: Removed scaffolding function lsmcontext_init > UBUNTU: SAUCE: Stacking v38: AppArmor: Remove the exclusive flag > UBUNTU: SAUCE: Stacking v38: LSM: Create lsm_module_list system call > > John Johansen (57): > Revert "UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS" > Revert "UBUNTU: SAUCE: apparmor: add user namespace creation mediation" > Revert "UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix mqueues" > Revert "UBUNTU: SAUCE: Revert "apparmor: make __aa_path_perm() static"" > Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display (using struct cred as input)" > Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk parameter const" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in smk_netlbl_mls()" > Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use lsmblob" > Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to kfree_sensitive()" > Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive flag" > Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM context" > Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline function declration." > Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check" > Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple object LSM attributes" > Revert "UBUNTU: SAUCE: Audit: Add new record for multiple process LSM attributes" > Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob" > Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in netlink netfilter" > Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_inode_getsecctx" > Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_secid_to_secctx" > Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser" > Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display" > Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to use lsmblobs" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secid_to_secctx" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secctx_to_secid" > Revert "UBUNTU: SAUCE: net: Prepare UDS for security module stacking" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as" > Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_audit_rule_match" > Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob data structure." > Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the sock security" > Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock()" > Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()" > Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as part of a secid to secctx" > Revert "UBUNTU: SAUCE: apparmor: fix use after free in sk_peer_label" > Revert "UBUNTU: SAUCE: apparmor: af_unix mediation" > Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules" > Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value" > UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value > UBUNTU: SAUCE: apparmor: rename SK_CTX() to aa_sock and make it an inline fn > UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules > UBUNTU: SAUCE: apparmor: add user namespace creation mediation > UBUNTU: SAUCE: apparmor: Add sysctls for additional controls of unpriv userns restrictions > UBUNTU: SAUCE: apparmor: af_unix mediation > UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix mqueues > UBUNTU: SAUCE: apparmor: combine common_audit_data and apparmor_audit_data > UBUNTU: SAUCE: apparmor: setup slab cache for audit data > UBUNTU: SAUCE: apparmor: rename audit_data->label to audit_data->subj_label > UBUNTU: SAUCE: apparmor: pass cred through to audit info. > UBUNTU: SAUCE: apparmor: Improve debug print infrastructure > UBUNTU: SAUCE: apparmor: add the ability for profiles to have a learning cache > UBUNTU: SAUCE: apparmor: enable userspace upcall for mediation > UBUNTU: SAUCE: apparmor: cache buffers on percpu list if there is lock contention > UBUNTU: SAUCE: apparmor: fix policy_compat permission remap with extended permissions > UBUNTU: SAUCE: apparmor: advertise availability of exended perms > > Documentation/ABI/testing/ima_policy | 8 +- > Documentation/security/lsm.rst | 28 -- > arch/x86/entry/syscalls/syscall_64.tbl | 2 + > drivers/android/binder.c | 23 +- > drivers/android/binder_internal.h | 1 + > fs/ceph/super.h | 3 +- > fs/ceph/xattr.c | 19 +- > fs/fuse/dir.c | 35 +- > fs/nfs/dir.c | 2 +- > fs/nfs/inode.c | 17 +- > fs/nfs/internal.h | 8 +- > fs/nfs/nfs4proc.c | 24 +- > fs/nfs/nfs4xdr.c | 22 +- > fs/proc/base.c | 31 +- > fs/proc/internal.h | 2 +- > include/linux/audit.h | 34 +- > include/linux/lsm_hooks.h | 42 +-- > include/linux/nfs4.h | 8 +- > include/linux/nfs_fs.h | 2 +- > include/linux/security.h | 190 ++++++---- > include/linux/syscalls.h | 2 + > include/net/af_unix.h | 2 +- > include/net/netlabel.h | 2 +- > include/net/scm.h | 16 +- > include/net/xfrm.h | 4 +- > include/uapi/asm-generic/unistd.h | 8 +- > include/uapi/linux/apparmor.h | 106 ++++++ > include/uapi/linux/audit.h | 4 +- > include/uapi/linux/lsm.h | 67 ++++ > include/uapi/linux/prctl.h | 4 + > kernel/audit.c | 327 ++++++++++-------- > kernel/audit.h | 19 +- > kernel/auditfilter.c | 15 +- > kernel/auditsc.c | 205 ++++------- > kernel/sys_ni.c | 4 + > net/ipv4/cipso_ipv4.c | 3 +- > net/ipv4/ip_sockglue.c | 4 +- > net/netfilter/nf_conntrack_netlink.c | 10 +- > net/netfilter/nfnetlink_queue.c | 24 +- > net/netfilter/nft_meta.c | 12 +- > net/netfilter/xt_SECMARK.c | 2 +- > net/netlabel/netlabel_unlabeled.c | 2 +- > net/netlabel/netlabel_user.c | 5 +- > net/netlabel/netlabel_user.h | 2 +- > net/unix/af_unix.c | 6 +- > security/Makefile | 1 + > security/apparmor/Kconfig | 4 +- > security/apparmor/Makefile | 2 +- > security/apparmor/af_unix.c | 183 +++++----- > security/apparmor/apparmorfs.c | 200 ++++++++++- > security/apparmor/audit.c | 299 ++++++++++++++-- > security/apparmor/capability.c | 29 +- > security/apparmor/crypto.c | 9 +- > security/apparmor/domain.c | 134 ++++--- > security/apparmor/file.c | 354 ++++++++++++++----- > security/apparmor/include/af_unix.h | 53 +-- > security/apparmor/include/apparmor.h | 2 +- > security/apparmor/include/apparmorfs.h | 1 + > security/apparmor/include/audit.h | 86 ++++- > security/apparmor/include/capability.h | 3 +- > security/apparmor/include/file.h | 19 +- > security/apparmor/include/ipc.h | 9 +- > security/apparmor/include/label.h | 1 + > security/apparmor/include/lib.h | 42 ++- > security/apparmor/include/mount.h | 21 +- > security/apparmor/include/net.h | 19 +- > security/apparmor/include/notify.h | 95 +++++ > security/apparmor/include/perms.h | 8 +- > security/apparmor/include/policy.h | 15 +- > security/apparmor/include/policy_ns.h | 11 + > security/apparmor/include/procattr.h | 2 +- > security/apparmor/include/resource.h | 3 +- > security/apparmor/include/task.h | 6 +- > security/apparmor/ipc.c | 94 ++--- > security/apparmor/label.c | 18 +- > security/apparmor/lib.c | 143 ++++++-- > security/apparmor/lsm.c | 353 ++++++++++++++----- > security/apparmor/mount.c | 126 ++++--- > security/apparmor/net.c | 88 ++--- > security/apparmor/notify.c | 614 +++++++++++++++++++++++++++++++++ > security/apparmor/policy.c | 74 ++-- > security/apparmor/policy_ns.c | 5 +- > security/apparmor/policy_unpack.c | 57 +-- > security/apparmor/procattr.c | 28 +- > security/apparmor/resource.c | 54 +-- > security/apparmor/secid.c | 2 - > security/apparmor/task.c | 85 +++-- > security/bpf/hooks.c | 6 +- > security/commoncap.c | 6 +- > security/integrity/ima/ima.h | 26 -- > security/integrity/ima/ima_api.c | 2 +- > security/integrity/ima/ima_appraise.c | 7 +- > security/integrity/ima/ima_main.c | 19 +- > security/integrity/ima/ima_policy.c | 118 +++++-- > security/integrity/integrity_audit.c | 2 +- > security/landlock/cred.c | 7 +- > security/landlock/fs.c | 7 +- > security/landlock/ptrace.c | 7 +- > security/landlock/setup.c | 7 + > security/landlock/setup.h | 1 + > security/loadpin/loadpin.c | 6 +- > security/lockdown/lockdown.c | 6 +- > security/lsm_syscalls.c | 206 +++++++++++ > security/safesetid/lsm.c | 6 +- > security/security.c | 468 ++++++++++++------------- > security/selinux/hooks.c | 46 ++- > security/selinux/include/classmap.h | 3 +- > security/smack/smack_access.c | 5 +- > security/smack/smack_lsm.c | 32 +- > security/smack/smack_netfilter.c | 2 +- > security/smack/smackfs.c | 3 +- > security/tomoyo/tomoyo.c | 6 +- > security/yama/yama_lsm.c | 6 +- > 113 files changed, 3997 insertions(+), 1721 deletions(-) > create mode 100644 include/uapi/linux/apparmor.h > create mode 100644 include/uapi/linux/lsm.h > create mode 100644 security/apparmor/include/notify.h > create mode 100644 security/apparmor/notify.c > create mode 100644 security/lsm_syscalls.c > > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
On Wed, Mar 22, 2023 at 08:39:23AM +0100, Andrea Righi wrote: > On Tue, Mar 21, 2023 at 01:20:13PM -0700, John Johansen wrote: > > << snip >> > > > > > John - patch 25 fails to apply. Please rebase against current tip Ubuntu-6.2.0-18.18 > > > > done (below), if we want a new request email lmk > > Not needed, already applied to lunar/linux. > > Thanks! > -Andrea Actually there are some build issues with the new patch set on armhf and ppc64: - armhf: /build/lunar/include/linux/syscalls.h:242:25: error: conflicting types for 'sys_lsm_self_attr'; have 'long int(struct lsm_ctx *, size_t *, int)' {aka 'long int(struct lsm_ctx *, unsigned int *, int)'} 242 | asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) \ | ^~~ /build/lunar/include/linux/syscalls.h:228:9: note: in expansion of macro '__SYSCALL_DEFINEx' 228 | __SYSCALL_DEFINEx(x, sname, __VA_ARGS__) | ^~~~~~~~~~~~~~~~~ /build/lunar/include/linux/syscalls.h:219:36: note: in expansion of macro 'SYSCALL_DEFINEx' 219 | #define SYSCALL_DEFINE3(name, ...) SYSCALL_DEFINEx(3, _##name, __VA_ARGS__) | ^~~~~~~~~~~~~~~ /build/lunar/security/lsm_syscalls.c:47:1: note: in expansion of macro 'SYSCALL_DEFINE3' 47 | SYSCALL_DEFINE3(lsm_self_attr, | ^~~~~~~~~~~~~~~ /build/lunar/include/linux/syscalls.h:1061:17: note: previous declaration of 'sys_lsm_self_attr' with type 'long int(struct lsm_ctx *, size_t *, int)' {aka 'long int(struct lsm_ctx *, unsigned int *, int)'} 1061 | asmlinkage long sys_lsm_self_attr(struct lsm_ctx *ctx, size_t *size, int flags); | ^~~~~~~~~~~~~~~~~ - ppc64el: /build/lunar/include/linux/syscalls.h:242:25: error: conflicting types for 'sys_lsm_self_attr'; have 'long int(struct lsm_ctx *, size_t *, int)' {aka 'long int(struct lsm_ctx *, long unsigned int *, int)'} 242 | asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) \ | ^~~ /build/lunar/include/linux/syscalls.h:228:9: note: in expansion of macro '__SYSCALL_DEFINEx' 228 | __SYSCALL_DEFINEx(x, sname, __VA_ARGS__) | ^~~~~~~~~~~~~~~~~ /build/lunar/include/linux/syscalls.h:219:36: note: in expansion of macro 'SYSCALL_DEFINEx' 219 | #define SYSCALL_DEFINE3(name, ...) SYSCALL_DEFINEx(3, _##name, __VA_ARGS__) | ^~~~~~~~~~~~~~~ /build/lunar/security/lsm_syscalls.c:47:1: note: in expansion of macro 'SYSCALL_DEFINE3' 47 | SYSCALL_DEFINE3(lsm_self_attr, | ^~~~~~~~~~~~~~~ /build/lunar/include/linux/syscalls.h:1061:17: note: previous declaration of 'sys_lsm_self_attr' with type 'long int(struct lsm_ctx *, size_t *, int)' {aka 'long int(struct lsm_ctx *, long unsigned int *, int)'} 1061 | asmlinkage long sys_lsm_self_attr(struct lsm_ctx *ctx, size_t *size, int flags); | ^~~~~~~~~~~~~~~~~ In file included from /build/lunar/arch/powerpc/kernel/ptrace/ptrace.c:22: /build/lunar/include/linux/syscalls.h:1061:42: error: 'struct lsm_ctx' declared inside parameter list will not be visible outside of this definition or declaration [-Werror] 1061 | asmlinkage long sys_lsm_self_attr(struct lsm_ctx *ctx, size_t *size, int flags); | ^~~~~~~ -Andrea
On 3/22/23 03:56, Andrea Righi wrote: > On Wed, Mar 22, 2023 at 08:39:23AM +0100, Andrea Righi wrote: >> On Tue, Mar 21, 2023 at 01:20:13PM -0700, John Johansen wrote: >>> << snip >> >>> >>>> John - patch 25 fails to apply. Please rebase against current tip Ubuntu-6.2.0-18.18 >>> >>> done (below), if we want a new request email lmk >> >> Not needed, already applied to lunar/linux. >> >> Thanks! >> -Andrea > > Actually there are some build issues with the new patch set on armhf and ppc64: > ack investigating > - armhf: > > /build/lunar/include/linux/syscalls.h:242:25: error: conflicting types for 'sys_lsm_self_attr'; have 'long int(struct lsm_ctx *, size_t *, int)' {aka 'long int(struct lsm_ctx *, unsigned int *, int)'} > 242 | asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) \ > | ^~~ > /build/lunar/include/linux/syscalls.h:228:9: note: in expansion of macro '__SYSCALL_DEFINEx' > 228 | __SYSCALL_DEFINEx(x, sname, __VA_ARGS__) > | ^~~~~~~~~~~~~~~~~ > /build/lunar/include/linux/syscalls.h:219:36: note: in expansion of macro 'SYSCALL_DEFINEx' > 219 | #define SYSCALL_DEFINE3(name, ...) SYSCALL_DEFINEx(3, _##name, __VA_ARGS__) > | ^~~~~~~~~~~~~~~ > /build/lunar/security/lsm_syscalls.c:47:1: note: in expansion of macro 'SYSCALL_DEFINE3' > 47 | SYSCALL_DEFINE3(lsm_self_attr, > | ^~~~~~~~~~~~~~~ > /build/lunar/include/linux/syscalls.h:1061:17: note: previous declaration of 'sys_lsm_self_attr' with type 'long int(struct lsm_ctx *, size_t *, int)' {aka 'long int(struct lsm_ctx *, unsigned int *, int)'} > 1061 | asmlinkage long sys_lsm_self_attr(struct lsm_ctx *ctx, size_t *size, int flags); > | ^~~~~~~~~~~~~~~~~ > > - ppc64el: > > /build/lunar/include/linux/syscalls.h:242:25: error: conflicting types for 'sys_lsm_self_attr'; have 'long int(struct lsm_ctx *, size_t *, int)' {aka 'long int(struct lsm_ctx *, long unsigned int *, int)'} > 242 | asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) \ > | ^~~ > /build/lunar/include/linux/syscalls.h:228:9: note: in expansion of macro '__SYSCALL_DEFINEx' > 228 | __SYSCALL_DEFINEx(x, sname, __VA_ARGS__) > | ^~~~~~~~~~~~~~~~~ > /build/lunar/include/linux/syscalls.h:219:36: note: in expansion of macro 'SYSCALL_DEFINEx' > 219 | #define SYSCALL_DEFINE3(name, ...) SYSCALL_DEFINEx(3, _##name, __VA_ARGS__) > | ^~~~~~~~~~~~~~~ > /build/lunar/security/lsm_syscalls.c:47:1: note: in expansion of macro 'SYSCALL_DEFINE3' > 47 | SYSCALL_DEFINE3(lsm_self_attr, > | ^~~~~~~~~~~~~~~ > /build/lunar/include/linux/syscalls.h:1061:17: note: previous declaration of 'sys_lsm_self_attr' with type 'long int(struct lsm_ctx *, size_t *, int)' {aka 'long int(struct lsm_ctx *, long unsigned int *, int)'} > 1061 | asmlinkage long sys_lsm_self_attr(struct lsm_ctx *ctx, size_t *size, int flags); > | ^~~~~~~~~~~~~~~~~ > > In file included from /build/lunar/arch/powerpc/kernel/ptrace/ptrace.c:22: > /build/lunar/include/linux/syscalls.h:1061:42: error: 'struct lsm_ctx' declared inside parameter list will not be visible outside of this definition or declaration [-Werror] > 1061 | asmlinkage long sys_lsm_self_attr(struct lsm_ctx *ctx, size_t *size, int flags); > | ^~~~~~~ > > -Andrea
On 3/22/23 03:56, Andrea Righi wrote: > On Wed, Mar 22, 2023 at 08:39:23AM +0100, Andrea Righi wrote: >> On Tue, Mar 21, 2023 at 01:20:13PM -0700, John Johansen wrote: >>> << snip >> >>> >>>> John - patch 25 fails to apply. Please rebase against current tip Ubuntu-6.2.0-18.18 >>> >>> done (below), if we want a new request email lmk >> >> Not needed, already applied to lunar/linux. >> >> Thanks! >> -Andrea > > Actually there are some build issues with the new patch set on armhf and ppc64: > So those build failures are in the syscall patches. fdf89b196997 UBUNTU: SAUCE: Stacking v38: LSM: Create lsm_module_list system call aa32d2a6a088 UBUNTU: SAUCE: Stacking v38: LSM: lsm_self_attr syscall for LSM self attributes there are newer versions available but still very much a wip, so since they only add new functionality, and nothing in the archive is using them. I have just dropped them. For dev purposes I can live with adding them backin and using a ppa, and if we decide we need the features they offer in 23.04 we can always SRU the updated patches when we have more time to play around. pull request with the two patches dropped, is below The following changes since commit 7b593e8559aca572272e6cece79ddd3f9702456b: NFS: Correct timing for assigning access cache timestamp (2023-03-17 10:02:09 +0100) are available in the Git repository at: https://gitlab.com/jjohansen/apparmor-kernel.git lunar-prompt for you to fetch changes up to 54ae99f8b544a7ffe238bcb9de51b8d3ab382896: UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS (2023-03-23 11:00:44 -0700) ---------------------------------------------------------------- Andrea Righi (1): UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS Casey Schaufler (37): UBUNTU: SAUCE: Stacking v38: LSM: Identify modules by more than name UBUNTU: SAUCE: Stacking v38: LSM: Add an LSM identifier for external use UBUNTU: SAUCE: Stacking v38: LSM: Identify the process attributes for each module UBUNTU: SAUCE: Stacking v38: LSM: Maintain a table of LSM attribute data UBUNTU: SAUCE: Stacking v38: proc: Use lsmids instead of lsm names for attrs UBUNTU: SAUCE: Stacking v38: integrity: disassociate ima_filter_rule from security_audit_rule UBUNTU: SAUCE: Stacking v38: LSM: Infrastructure management of the sock security UBUNTU: SAUCE: Stacking v38: LSM: Add the lsmblob data structure. UBUNTU: SAUCE: Stacking v38: LSM: provide lsm name and id slot mappings UBUNTU: SAUCE: Stacking v38: IMA: avoid label collisions with stacked LSMs UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_audit_rule_match UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_kernel_act_as UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_secctx_to_secid UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_secid_to_secctx UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_ipc_getsecid UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_current_getsecid UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_inode_getsecid UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_cred_getsecid UBUNTU: SAUCE: Stacking v38: LSM: Specify which LSM to display UBUNTU: SAUCE: Stacking v38: LSM: Ensure the correct LSM context releaser UBUNTU: SAUCE: Stacking v38: LSM: Use lsmcontext in security_secid_to_secctx UBUNTU: SAUCE: Stacking v38: LSM: Use lsmcontext in security_inode_getsecctx UBUNTU: SAUCE: Stacking v38: Use lsmcontext in security_dentry_init_security UBUNTU: SAUCE: Stacking v38: LSM: security_secid_to_secctx in netlink netfilter UBUNTU: SAUCE: Stacking v38: NET: Store LSM netlabel data in a lsmblob UBUNTU: SAUCE: Stacking v38: binder: Pass LSM identifier for confirmation UBUNTU: SAUCE: Stacking v38: LSM: security_secid_to_secctx module selection UBUNTU: SAUCE: Stacking v38: Audit: Keep multiple LSM data in audit_names UBUNTU: SAUCE: Stacking v38: Audit: Create audit_stamp structure UBUNTU: SAUCE: Stacking v38: LSM: Add a function to report multiple LSMs UBUNTU: SAUCE: Stacking v38: Audit: Allow multiple records in an audit_buffer UBUNTU: SAUCE: Stacking v38: Audit: Add record for multiple task security contexts UBUNTU: SAUCE: Stacking v38: audit: multiple subject lsm values for netlabel UBUNTU: SAUCE: Stacking v38: Audit: Add record for multiple object contexts UBUNTU: SAUCE: Stacking v38: netlabel: Use a struct lsmblob in audit data UBUNTU: SAUCE: Stacking v38: LSM: Removed scaffolding function lsmcontext_init UBUNTU: SAUCE: Stacking v38: AppArmor: Remove the exclusive flag John Johansen (57): Revert "UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS" Revert "UBUNTU: SAUCE: apparmor: add user namespace creation mediation" Revert "UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix mqueues" Revert "UBUNTU: SAUCE: Revert "apparmor: make __aa_path_perm() static"" Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display (using struct cred as input)" Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk parameter const" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in smk_netlbl_mls()" Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use lsmblob" Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to kfree_sensitive()" Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive flag" Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM context" Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline function declration." Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check" Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple object LSM attributes" Revert "UBUNTU: SAUCE: Audit: Add new record for multiple process LSM attributes" Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob" Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in netlink netfilter" Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_inode_getsecctx" Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_secid_to_secctx" Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser" Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display" Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to use lsmblobs" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secid_to_secctx" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secctx_to_secid" Revert "UBUNTU: SAUCE: net: Prepare UDS for security module stacking" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_audit_rule_match" Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob data structure." Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the sock security" Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock()" Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()" Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as part of a secid to secctx" Revert "UBUNTU: SAUCE: apparmor: fix use after free in sk_peer_label" Revert "UBUNTU: SAUCE: apparmor: af_unix mediation" Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules" Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value" UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value UBUNTU: SAUCE: apparmor: rename SK_CTX() to aa_sock and make it an inline fn UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules UBUNTU: SAUCE: apparmor: add user namespace creation mediation UBUNTU: SAUCE: apparmor: Add sysctls for additional controls of unpriv userns restrictions UBUNTU: SAUCE: apparmor: af_unix mediation UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix mqueues UBUNTU: SAUCE: apparmor: combine common_audit_data and apparmor_audit_data UBUNTU: SAUCE: apparmor: setup slab cache for audit data UBUNTU: SAUCE: apparmor: rename audit_data->label to audit_data->subj_label UBUNTU: SAUCE: apparmor: pass cred through to audit info. UBUNTU: SAUCE: apparmor: Improve debug print infrastructure UBUNTU: SAUCE: apparmor: add the ability for profiles to have a learning cache UBUNTU: SAUCE: apparmor: enable userspace upcall for mediation UBUNTU: SAUCE: apparmor: cache buffers on percpu list if there is lock contention UBUNTU: SAUCE: apparmor: fix policy_compat permission remap with extended permissions UBUNTU: SAUCE: apparmor: advertise availability of exended perms Documentation/ABI/testing/ima_policy | 8 +- Documentation/security/lsm.rst | 28 -- drivers/android/binder.c | 23 +- drivers/android/binder_internal.h | 1 + fs/ceph/super.h | 3 +- fs/ceph/xattr.c | 19 +- fs/fuse/dir.c | 35 +- fs/nfs/dir.c | 2 +- fs/nfs/inode.c | 17 +- fs/nfs/internal.h | 8 +- fs/nfs/nfs4proc.c | 24 +- fs/nfs/nfs4xdr.c | 22 +- fs/proc/base.c | 31 +- fs/proc/internal.h | 2 +- include/linux/audit.h | 34 +- include/linux/lsm_hooks.h | 42 +-- include/linux/nfs4.h | 8 +- include/linux/nfs_fs.h | 2 +- include/linux/security.h | 190 ++++++---- include/net/af_unix.h | 2 +- include/net/netlabel.h | 2 +- include/net/scm.h | 16 +- include/net/xfrm.h | 4 +- include/uapi/linux/apparmor.h | 106 ++++++ include/uapi/linux/audit.h | 4 +- include/uapi/linux/lsm.h | 46 +++ include/uapi/linux/prctl.h | 4 + kernel/audit.c | 327 ++++++++++-------- kernel/audit.h | 19 +- kernel/auditfilter.c | 15 +- kernel/auditsc.c | 205 ++++------- net/ipv4/cipso_ipv4.c | 3 +- net/ipv4/ip_sockglue.c | 4 +- net/netfilter/nf_conntrack_netlink.c | 10 +- net/netfilter/nfnetlink_queue.c | 24 +- net/netfilter/nft_meta.c | 12 +- net/netfilter/xt_SECMARK.c | 2 +- net/netlabel/netlabel_unlabeled.c | 2 +- net/netlabel/netlabel_user.c | 5 +- net/netlabel/netlabel_user.h | 2 +- net/unix/af_unix.c | 6 +- security/apparmor/Kconfig | 4 +- security/apparmor/Makefile | 2 +- security/apparmor/af_unix.c | 183 +++++----- security/apparmor/apparmorfs.c | 200 ++++++++++- security/apparmor/audit.c | 299 ++++++++++++++-- security/apparmor/capability.c | 29 +- security/apparmor/crypto.c | 9 +- security/apparmor/domain.c | 134 ++++--- security/apparmor/file.c | 354 ++++++++++++++----- security/apparmor/include/af_unix.h | 53 +-- security/apparmor/include/apparmor.h | 2 +- security/apparmor/include/apparmorfs.h | 1 + security/apparmor/include/audit.h | 86 ++++- security/apparmor/include/capability.h | 3 +- security/apparmor/include/file.h | 19 +- security/apparmor/include/ipc.h | 9 +- security/apparmor/include/label.h | 1 + security/apparmor/include/lib.h | 42 ++- security/apparmor/include/mount.h | 21 +- security/apparmor/include/net.h | 19 +- security/apparmor/include/notify.h | 95 +++++ security/apparmor/include/perms.h | 8 +- security/apparmor/include/policy.h | 15 +- security/apparmor/include/policy_ns.h | 11 + security/apparmor/include/procattr.h | 2 +- security/apparmor/include/resource.h | 3 +- security/apparmor/include/task.h | 6 +- security/apparmor/ipc.c | 94 ++--- security/apparmor/label.c | 18 +- security/apparmor/lib.c | 143 ++++++-- security/apparmor/lsm.c | 353 ++++++++++++++----- security/apparmor/mount.c | 126 ++++--- security/apparmor/net.c | 88 ++--- security/apparmor/notify.c | 614 +++++++++++++++++++++++++++++++++ security/apparmor/policy.c | 74 ++-- security/apparmor/policy_ns.c | 5 +- security/apparmor/policy_unpack.c | 57 +-- security/apparmor/procattr.c | 28 +- security/apparmor/resource.c | 54 +-- security/apparmor/secid.c | 2 - security/apparmor/task.c | 85 +++-- security/bpf/hooks.c | 6 +- security/commoncap.c | 6 +- security/integrity/ima/ima.h | 26 -- security/integrity/ima/ima_api.c | 2 +- security/integrity/ima/ima_appraise.c | 7 +- security/integrity/ima/ima_main.c | 19 +- security/integrity/ima/ima_policy.c | 118 +++++-- security/integrity/integrity_audit.c | 2 +- security/landlock/cred.c | 7 +- security/landlock/fs.c | 7 +- security/landlock/ptrace.c | 7 +- security/landlock/setup.c | 7 + security/landlock/setup.h | 1 + security/loadpin/loadpin.c | 6 +- security/lockdown/lockdown.c | 6 +- security/safesetid/lsm.c | 6 +- security/security.c | 468 ++++++++++++------------- security/selinux/hooks.c | 46 ++- security/selinux/include/classmap.h | 3 +- security/smack/smack_access.c | 5 +- security/smack/smack_lsm.c | 32 +- security/smack/smack_netfilter.c | 2 +- security/smack/smackfs.c | 3 +- security/tomoyo/tomoyo.c | 6 +- security/yama/yama_lsm.c | 6 +- 107 files changed, 3754 insertions(+), 1720 deletions(-) create mode 100644 include/uapi/linux/apparmor.h create mode 100644 include/uapi/linux/lsm.h create mode 100644 security/apparmor/include/notify.h create mode 100644 security/apparmor/notify.c
On Thu, Mar 23, 2023 at 11:47:28AM -0700, John Johansen wrote: > On 3/22/23 03:56, Andrea Righi wrote: > > On Wed, Mar 22, 2023 at 08:39:23AM +0100, Andrea Righi wrote: > > > On Tue, Mar 21, 2023 at 01:20:13PM -0700, John Johansen wrote: > > > > << snip >> > > > > > > > > > John - patch 25 fails to apply. Please rebase against current tip Ubuntu-6.2.0-18.18 > > > > > > > > done (below), if we want a new request email lmk > > > > > > Not needed, already applied to lunar/linux. > > > > > > Thanks! > > > -Andrea > > > > Actually there are some build issues with the new patch set on armhf and ppc64: > > > > So those build failures are in the syscall patches. > > fdf89b196997 UBUNTU: SAUCE: Stacking v38: LSM: Create lsm_module_list system call > aa32d2a6a088 UBUNTU: SAUCE: Stacking v38: LSM: lsm_self_attr syscall for LSM self attributes > > there are newer versions available but still very much a wip, so since they > only add new functionality, and nothing in the archive is using them. I have > just dropped them. > > For dev purposes I can live with adding them backin and using a ppa, and if we > decide we need the features they offer in 23.04 we can always SRU the updated > patches when we have more time to play around. > > pull request with the two patches dropped, is below This one applies and builds fine across all the architectures. Thank you so much John for the quick response and action on this. -Andrea
This is the current stable prompting and refreshed LSM stacking patches based on master-next 6.2. The patch sequence, has 5 sections 1. Revert apparmor and lsm stacking changes to get to clean 6.2 patches 0001-0040 2. Apply base apparmor changes. Some of these patches are the same as previous, but most of them have bug fix patches folded into them to reduce the queue size, and make it less likely to drop them by accident. patches 0041-0047 3. The new LSM stacking patchset. This is the most recent version except the syscall patch at the end. There is a separate queue of 8 patches now for that, BUT Casey is making revisions to it so I am waiting on the newest version before doing the work to pull in its replacement. patches 0048-0086 4. The prompting patchset patches 0087-0096 5. Config changes. patch 0097 The following changes since commit 50a70463593be2729ee123334548ada1000ed7d2: UBUNTU: Ubuntu-6.2.0-16.16 (2023-03-10 18:34:28 +0100) are available in the Git repository at: https://gitlab.com/jjohansen/apparmor-kernel.git lunar-prompt for you to fetch changes up to 9fb5679093a35bd102695963856d395a25db5ed2: UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS (2023-03-16 16:12:02 -0700) ---------------------------------------------------------------- Andrea Righi (1): UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS Casey Schaufler (39): UBUNTU: SAUCE: Stacking v38: LSM: Identify modules by more than name UBUNTU: SAUCE: Stacking v38: LSM: Add an LSM identifier for external use UBUNTU: SAUCE: Stacking v38: LSM: Identify the process attributes for each module UBUNTU: SAUCE: Stacking v38: LSM: Maintain a table of LSM attribute data UBUNTU: SAUCE: Stacking v38: proc: Use lsmids instead of lsm names for attrs UBUNTU: SAUCE: Stacking v38: LSM: lsm_self_attr syscall for LSM self attributes UBUNTU: SAUCE: Stacking v38: integrity: disassociate ima_filter_rule from security_audit_rule UBUNTU: SAUCE: Stacking v38: LSM: Infrastructure management of the sock security UBUNTU: SAUCE: Stacking v38: LSM: Add the lsmblob data structure. UBUNTU: SAUCE: Stacking v38: LSM: provide lsm name and id slot mappings UBUNTU: SAUCE: Stacking v38: IMA: avoid label collisions with stacked LSMs UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_audit_rule_match UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_kernel_act_as UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_secctx_to_secid UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_secid_to_secctx UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_ipc_getsecid UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_current_getsecid UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_inode_getsecid UBUNTU: SAUCE: Stacking v38: LSM: Use lsmblob in security_cred_getsecid UBUNTU: SAUCE: Stacking v38: LSM: Specify which LSM to display UBUNTU: SAUCE: Stacking v38: LSM: Ensure the correct LSM context releaser UBUNTU: SAUCE: Stacking v38: LSM: Use lsmcontext in security_secid_to_secctx UBUNTU: SAUCE: Stacking v38: LSM: Use lsmcontext in security_inode_getsecctx UBUNTU: SAUCE: Stacking v38: Use lsmcontext in security_dentry_init_security UBUNTU: SAUCE: Stacking v38: LSM: security_secid_to_secctx in netlink netfilter UBUNTU: SAUCE: Stacking v38: NET: Store LSM netlabel data in a lsmblob UBUNTU: SAUCE: Stacking v38: binder: Pass LSM identifier for confirmation UBUNTU: SAUCE: Stacking v38: LSM: security_secid_to_secctx module selection UBUNTU: SAUCE: Stacking v38: Audit: Keep multiple LSM data in audit_names UBUNTU: SAUCE: Stacking v38: Audit: Create audit_stamp structure UBUNTU: SAUCE: Stacking v38: LSM: Add a function to report multiple LSMs UBUNTU: SAUCE: Stacking v38: Audit: Allow multiple records in an audit_buffer UBUNTU: SAUCE: Stacking v38: Audit: Add record for multiple task security contexts UBUNTU: SAUCE: Stacking v38: audit: multiple subject lsm values for netlabel UBUNTU: SAUCE: Stacking v38: Audit: Add record for multiple object contexts UBUNTU: SAUCE: Stacking v38: netlabel: Use a struct lsmblob in audit data UBUNTU: SAUCE: Stacking v38: LSM: Removed scaffolding function lsmcontext_init UBUNTU: SAUCE: Stacking v38: AppArmor: Remove the exclusive flag UBUNTU: SAUCE: Stacking v38: LSM: Create lsm_module_list system call John Johansen (57): Revert "UBUNTU: [Config] define CONFIG_SECURITY_APPARMOR_RESTRICT_USERNS" Revert "UBUNTU: SAUCE: apparmor: add user namespace creation mediation" Revert "UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix mqueues" Revert "UBUNTU: SAUCE: Revert "apparmor: make __aa_path_perm() static"" Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display (using struct cred as input)" Revert "UBUNTU: SAUCE: apparmor: Fix build error, make sk parameter const" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in smk_netlbl_mls()" Revert "UBUNTU: SAUCE: LSM: change ima_read_file() to use lsmblob" Revert "UBUNTU: SAUCE: apparmor: rename kzfree() to kfree_sensitive()" Revert "UBUNTU: SAUCE: AppArmor: Remove the exclusive flag" Revert "UBUNTU: SAUCE: LSM: Add /proc attr entry for full LSM context" Revert "UBUNTU: SAUCE: Audit: Fix incorrect static inline function declration." Revert "UBUNTU: SAUCE: Audit: Fix for missing NULL check" Revert "UBUNTU: SAUCE: Audit: Add a new record for multiple object LSM attributes" Revert "UBUNTU: SAUCE: Audit: Add new record for multiple process LSM attributes" Revert "UBUNTU: SAUCE: NET: Store LSM netlabel data in a lsmblob" Revert "UBUNTU: SAUCE: LSM: security_secid_to_secctx in netlink netfilter" Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_inode_getsecctx" Revert "UBUNTU: SAUCE: LSM: Use lsmcontext in security_secid_to_secctx" Revert "UBUNTU: SAUCE: LSM: Ensure the correct LSM context releaser" Revert "UBUNTU: SAUCE: LSM: Specify which LSM to display" Revert "UBUNTU: SAUCE: IMA: Change internal interfaces to use lsmblobs" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_cred_getsecid" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_inode_getsecid" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_task_getsecid" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_ipc_getsecid" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secid_to_secctx" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_secctx_to_secid" Revert "UBUNTU: SAUCE: net: Prepare UDS for security module stacking" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_kernel_act_as" Revert "UBUNTU: SAUCE: LSM: Use lsmblob in security_audit_rule_match" Revert "UBUNTU: SAUCE: LSM: Create and manage the lsmblob data structure." Revert "UBUNTU: SAUCE: LSM: Infrastructure management of the sock security" Revert "UBUNTU: SAUCE: apparmor: LSM stacking: switch from SK_CTX() to aa_sock()" Revert "UBUNTU: SAUCE: apparmor: rename aa_sock() to aa_unix_sk()" Revert "UBUNTU: SAUCE: apparmor: disable showing the mode as part of a secid to secctx" Revert "UBUNTU: SAUCE: apparmor: fix use after free in sk_peer_label" Revert "UBUNTU: SAUCE: apparmor: af_unix mediation" Revert "UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules" Revert "UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value" UBUNTU: SAUCE: apparmor: add/use fns to print hash string hex value UBUNTU: SAUCE: apparmor: rename SK_CTX() to aa_sock and make it an inline fn UBUNTU: SAUCE: apparmor: patch to provide compatibility with v2.x net rules UBUNTU: SAUCE: apparmor: add user namespace creation mediation UBUNTU: SAUCE: apparmor: Add sysctls for additional controls of unpriv userns restrictions UBUNTU: SAUCE: apparmor: af_unix mediation UBUNTU: SAUCE: apparmor: Add fine grained mediation of posix mqueues UBUNTU: SAUCE: apparmor: combine common_audit_data and apparmor_audit_data UBUNTU: SAUCE: apparmor: setup slab cache for audit data UBUNTU: SAUCE: apparmor: rename audit_data->label to audit_data->subj_label UBUNTU: SAUCE: apparmor: pass cred through to audit info. UBUNTU: SAUCE: apparmor: Improve debug print infrastructure UBUNTU: SAUCE: apparmor: add the ability for profiles to have a learning cache UBUNTU: SAUCE: apparmor: enable userspace upcall for mediation UBUNTU: SAUCE: apparmor: cache buffers on percpu list if there is lock contention UBUNTU: SAUCE: apparmor: fix policy_compat permission remap with extended permissions UBUNTU: SAUCE: apparmor: advertise availability of exended perms Documentation/ABI/testing/ima_policy | 8 +- Documentation/security/lsm.rst | 28 -- arch/x86/entry/syscalls/syscall_64.tbl | 2 + drivers/android/binder.c | 23 +- drivers/android/binder_internal.h | 1 + fs/ceph/super.h | 3 +- fs/ceph/xattr.c | 19 +- fs/fuse/dir.c | 35 +- fs/nfs/dir.c | 2 +- fs/nfs/inode.c | 17 +- fs/nfs/internal.h | 8 +- fs/nfs/nfs4proc.c | 24 +- fs/nfs/nfs4xdr.c | 22 +- fs/proc/base.c | 31 +- fs/proc/internal.h | 2 +- include/linux/audit.h | 34 +- include/linux/lsm_hooks.h | 42 +-- include/linux/nfs4.h | 8 +- include/linux/nfs_fs.h | 2 +- include/linux/security.h | 190 ++++++---- include/linux/syscalls.h | 2 + include/net/af_unix.h | 2 +- include/net/netlabel.h | 2 +- include/net/scm.h | 16 +- include/net/xfrm.h | 4 +- include/uapi/asm-generic/unistd.h | 8 +- include/uapi/linux/apparmor.h | 106 ++++++ include/uapi/linux/audit.h | 4 +- include/uapi/linux/lsm.h | 67 ++++ include/uapi/linux/prctl.h | 4 + kernel/audit.c | 327 ++++++++++-------- kernel/audit.h | 19 +- kernel/auditfilter.c | 15 +- kernel/auditsc.c | 205 ++++------- kernel/sys_ni.c | 4 + net/ipv4/cipso_ipv4.c | 3 +- net/ipv4/ip_sockglue.c | 4 +- net/netfilter/nf_conntrack_netlink.c | 10 +- net/netfilter/nfnetlink_queue.c | 24 +- net/netfilter/nft_meta.c | 12 +- net/netfilter/xt_SECMARK.c | 2 +- net/netlabel/netlabel_unlabeled.c | 2 +- net/netlabel/netlabel_user.c | 5 +- net/netlabel/netlabel_user.h | 2 +- net/unix/af_unix.c | 6 +- security/Makefile | 1 + security/apparmor/Kconfig | 4 +- security/apparmor/Makefile | 2 +- security/apparmor/af_unix.c | 183 +++++----- security/apparmor/apparmorfs.c | 200 ++++++++++- security/apparmor/audit.c | 299 ++++++++++++++-- security/apparmor/capability.c | 29 +- security/apparmor/crypto.c | 9 +- security/apparmor/domain.c | 134 ++++--- security/apparmor/file.c | 354 ++++++++++++++----- security/apparmor/include/af_unix.h | 53 +-- security/apparmor/include/apparmor.h | 2 +- security/apparmor/include/apparmorfs.h | 1 + security/apparmor/include/audit.h | 86 ++++- security/apparmor/include/capability.h | 3 +- security/apparmor/include/file.h | 19 +- security/apparmor/include/ipc.h | 9 +- security/apparmor/include/label.h | 1 + security/apparmor/include/lib.h | 42 ++- security/apparmor/include/mount.h | 21 +- security/apparmor/include/net.h | 19 +- security/apparmor/include/notify.h | 95 +++++ security/apparmor/include/perms.h | 8 +- security/apparmor/include/policy.h | 15 +- security/apparmor/include/policy_ns.h | 11 + security/apparmor/include/procattr.h | 2 +- security/apparmor/include/resource.h | 3 +- security/apparmor/include/task.h | 6 +- security/apparmor/ipc.c | 94 ++--- security/apparmor/label.c | 18 +- security/apparmor/lib.c | 143 ++++++-- security/apparmor/lsm.c | 353 ++++++++++++++----- security/apparmor/mount.c | 126 ++++--- security/apparmor/net.c | 88 ++--- security/apparmor/notify.c | 614 +++++++++++++++++++++++++++++++++ security/apparmor/policy.c | 74 ++-- security/apparmor/policy_ns.c | 5 +- security/apparmor/policy_unpack.c | 57 +-- security/apparmor/procattr.c | 28 +- security/apparmor/resource.c | 54 +-- security/apparmor/secid.c | 2 - security/apparmor/task.c | 85 +++-- security/bpf/hooks.c | 6 +- security/commoncap.c | 6 +- security/integrity/ima/ima.h | 26 -- security/integrity/ima/ima_api.c | 2 +- security/integrity/ima/ima_appraise.c | 7 +- security/integrity/ima/ima_main.c | 19 +- security/integrity/ima/ima_policy.c | 118 +++++-- security/integrity/integrity_audit.c | 2 +- security/landlock/cred.c | 7 +- security/landlock/fs.c | 7 +- security/landlock/ptrace.c | 7 +- security/landlock/setup.c | 7 + security/landlock/setup.h | 1 + security/loadpin/loadpin.c | 6 +- security/lockdown/lockdown.c | 6 +- security/lsm_syscalls.c | 206 +++++++++++ security/safesetid/lsm.c | 6 +- security/security.c | 468 ++++++++++++------------- security/selinux/hooks.c | 46 ++- security/selinux/include/classmap.h | 3 +- security/smack/smack_access.c | 5 +- security/smack/smack_lsm.c | 32 +- security/smack/smack_netfilter.c | 2 +- security/smack/smackfs.c | 3 +- security/tomoyo/tomoyo.c | 6 +- security/yama/yama_lsm.c | 6 +- 113 files changed, 3997 insertions(+), 1721 deletions(-) create mode 100644 include/uapi/linux/apparmor.h create mode 100644 include/uapi/linux/lsm.h create mode 100644 security/apparmor/include/notify.h create mode 100644 security/apparmor/notify.c create mode 100644 security/lsm_syscalls.c