| Message ID | 6735099f-bc8e-c633-b9ed-6dc9d01f2e06@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | [PULL,Disco] LSM stacking | expand |
On Wed, Mar 20, 2019 at 06:19:30PM -0700, John Johansen wrote: > The following patch set brings 5.1 LSM stacking to the Disco kernel. The > cherry-picked patches have been refreshed to use the sha1s from upstream > 5.1-rc2. > > The rest of the patch series makes it so that apparmor can stack with > selinux and smack. These patches are all tagged with "UBUNTU: SAUCE:" the > bulk of this is reverting apparmor features that are currently unused in > Ubuntu and require secid support. > > > The following changes since commit f4dfce1da80f55c0940dfb83eb8879283e823b2f: > > UBUNTU: Ubuntu-5.0.0-8.9 (2019-03-12 16:15:44 -0300) > > are available in the Git repository at: > > https://git.launchpad.net/~jjohansen/+git/disco-stacking disco-lsm_stacking > > for you to fetch changes up to d9d34fff369f1b8bc8c076a5f7726c52a21899cd: > > UBUNTU: SAUCE: update configs and annotations for LSM stacking (2019-03-20 17:02:25 -0700) It's a lot of changes, but most are upstream, and the rest fall under your domain of expertise. Can you tell me what kind of testing you've done on the patches? Some of the SAUCE patches still have cherry-picked lines which imply they came from upstream. Did they come from some other repo? If so I can update the messages to indicate where they came from. I also found that a config option removed from the configs, CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE, was still in the ubuntu configs, so I've amended the last commit to also remove that one. I'm going to do a little smoke testing on these. If that turns out good then I'm okay with applying these, once I have answers to the questions above. Thanks, Seth
On 3/22/19 7:44 AM, Seth Forshee wrote: > On Wed, Mar 20, 2019 at 06:19:30PM -0700, John Johansen wrote: >> The following patch set brings 5.1 LSM stacking to the Disco kernel. The >> cherry-picked patches have been refreshed to use the sha1s from upstream >> 5.1-rc2. >> >> The rest of the patch series makes it so that apparmor can stack with >> selinux and smack. These patches are all tagged with "UBUNTU: SAUCE:" the >> bulk of this is reverting apparmor features that are currently unused in >> Ubuntu and require secid support. >> >> >> The following changes since commit f4dfce1da80f55c0940dfb83eb8879283e823b2f: >> >> UBUNTU: Ubuntu-5.0.0-8.9 (2019-03-12 16:15:44 -0300) >> >> are available in the Git repository at: >> >> https://git.launchpad.net/~jjohansen/+git/disco-stacking disco-lsm_stacking >> >> for you to fetch changes up to d9d34fff369f1b8bc8c076a5f7726c52a21899cd: >> >> UBUNTU: SAUCE: update configs and annotations for LSM stacking (2019-03-20 17:02:25 -0700) > > It's a lot of changes, but most are upstream, and the rest fall under > your domain of expertise. Can you tell me what kind of testing you've > done on the patches? > Sure, I have booted these with the default config (just apparmor as a major LSM). Run the apparmor regression tests. Did some basic desktop smoke testing, which is good for catching breakage in af_unix and dbus mediation. Booted with with different LSM combinations, eg. apparmor,selinux and apparmor,smack etc. And did the above testing again. Ported to fedora, yes this means not exactly the same kernel, and booted and tested a fully enforcing selinux policy in combination with apparmor. > Some of the SAUCE patches still have cherry-picked lines which imply > they came from upstream. Did they come from some other repo? If so I can > update the messages to indicate where they came from. > yep, there are a couple queued for 5.2 that I picked out of the apparmor tree, and couple new ones that I am going to push into the apparmor tree. I'll update all of these to have the appropriate reference, and resend > I also found that a config option removed from the configs, > CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE, was still in the ubuntu > configs, so I've amended the last commit to also remove that one. > hrmmm sorry I missed that > I'm going to do a little smoke testing on these. If that turns out good > then I'm okay with applying these, once I have answers to the questions > above. > > Thanks, > Seth >
On Fri, Mar 22, 2019 at 01:07:46PM -0700, John Johansen wrote: > On 3/22/19 7:44 AM, Seth Forshee wrote: > > On Wed, Mar 20, 2019 at 06:19:30PM -0700, John Johansen wrote: > >> The following patch set brings 5.1 LSM stacking to the Disco kernel. The > >> cherry-picked patches have been refreshed to use the sha1s from upstream > >> 5.1-rc2. > >> > >> The rest of the patch series makes it so that apparmor can stack with > >> selinux and smack. These patches are all tagged with "UBUNTU: SAUCE:" the > >> bulk of this is reverting apparmor features that are currently unused in > >> Ubuntu and require secid support. > >> > >> > >> The following changes since commit f4dfce1da80f55c0940dfb83eb8879283e823b2f: > >> > >> UBUNTU: Ubuntu-5.0.0-8.9 (2019-03-12 16:15:44 -0300) > >> > >> are available in the Git repository at: > >> > >> https://git.launchpad.net/~jjohansen/+git/disco-stacking disco-lsm_stacking > >> > >> for you to fetch changes up to d9d34fff369f1b8bc8c076a5f7726c52a21899cd: > >> > >> UBUNTU: SAUCE: update configs and annotations for LSM stacking (2019-03-20 17:02:25 -0700) > > > > It's a lot of changes, but most are upstream, and the rest fall under > > your domain of expertise. Can you tell me what kind of testing you've > > done on the patches? > > > Sure, > > I have booted these with the default config (just apparmor as a major LSM). > Run the apparmor regression tests. Did some basic desktop smoke testing, > which is good for catching breakage in af_unix and dbus mediation. > > Booted with with different LSM combinations, eg. apparmor,selinux and > apparmor,smack etc. And did the above testing again. > > Ported to fedora, yes this means not exactly the same kernel, and booted > and tested a fully enforcing selinux policy in combination with apparmor. Thanks. > > Some of the SAUCE patches still have cherry-picked lines which imply > > they came from upstream. Did they come from some other repo? If so I can > > update the messages to indicate where they came from. > > > > yep, there are a couple queued for 5.2 that I picked out of the apparmor tree, > and couple new ones that I am going to push into the apparmor tree. I'll > update all of these to have the appropriate reference, and resend No need. Actually we don't even need the cherry-picked line for sauce patches, and it was only a few anyway, so I just went ahead and removed it from those commits. > > I also found that a config option removed from the configs, > > CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE, was still in the ubuntu > > configs, so I've amended the last commit to also remove that one. > > > > hrmmm sorry I missed that No problem. Applied to disco/master-next, thanks! Seth
The following patch set brings 5.1 LSM stacking to the Disco kernel. The cherry-picked patches have been refreshed to use the sha1s from upstream 5.1-rc2. The rest of the patch series makes it so that apparmor can stack with selinux and smack. These patches are all tagged with "UBUNTU: SAUCE:" the bulk of this is reverting apparmor features that are currently unused in Ubuntu and require secid support. The following changes since commit f4dfce1da80f55c0940dfb83eb8879283e823b2f: UBUNTU: Ubuntu-5.0.0-8.9 (2019-03-12 16:15:44 -0300) are available in the Git repository at: https://git.launchpad.net/~jjohansen/+git/disco-stacking disco-lsm_stacking for you to fetch changes up to d9d34fff369f1b8bc8c076a5f7726c52a21899cd: UBUNTU: SAUCE: update configs and annotations for LSM stacking (2019-03-20 17:02:25 -0700) ---------------------------------------------------------------- Casey Schaufler (22): LSM: Add all exclusive LSMs to ordered initialization procfs: add smack subdir to attrs Smack: Abstract use of cred security blob SELinux: Abstract use of cred security blob SELinux: Remove cred security blob poisoning SELinux: Remove unused selinux_is_enabled AppArmor: Abstract use of cred security blob TOMOYO: Abstract use of cred security blob Infrastructure management of the cred security blob SELinux: Abstract use of file security blob Smack: Abstract use of file security blob LSM: Infrastructure management of the file security SELinux: Abstract use of inode security blob Smack: Abstract use of inode security blob LSM: Infrastructure management of the inode security LSM: Infrastructure management of the task security SELinux: Abstract use of ipc security blobs Smack: Abstract use of ipc security blobs LSM: Infrastructure management of the ipc security blob UBUNTU: SAUCE: LSM: Limit calls to certain module hooks UBUNTU: SAUCE: LSM: Special handling for secctx lsm hooks UBUNTU: SAUCE: LSM: Specify which LSM to display with /proc/self/attr/display Chris Coulson (1): apparmor: delete the dentry in aafs_remove() to avoid a leak John Johansen (21): apparmor: fix double free when unpack of secmark rules fails UBUNTU: SAUCE: LSM: Infrastructure management of the sock security UBUNTU: SAUCE: Fix-up af_unix mediation for sock infrastructure management UBUNTU: SAUCE: Revert "apparmor: Fix warning about unused function apparmor_ipv6_postroute" UBUNTU: SAUCE: Revert "apparmor: fix checkpatch error in Parse secmark policy" UBUNTU: SAUCE: Revert "apparmor: add #ifdef checks for secmark filtering" UBUNTU: SAUCE: Revert "apparmor: Allow filtering based on secmark policy" UBUNTU: SAUCE: Revert "apparmor: Parse secmark policy" UBUNTU: SAUCE: Revert "apparmor: Add a wildcard secid" UBUNTU: SAUCE: Revert "apparmor: fix bad debug check in apparmor_secid_to_secctx()" UBUNTU: SAUCE: Revert "apparmor: fixup secid map conversion to using IDR" UBUNTU: SAUCE: Revert "apparmor: Use an IDR to allocate apparmor secids" UBUNTU: SAUCE: Revert "apparmor: Fix memory leak of rule on error exit path" UBUNTU: SAUCE: Revert "apparmor: modify audit rule support to support profile stacks" UBUNTU: SAUCE: Revert "apparmor: Add support for audit rule filtering" UBUNTU: SAUCE: Revert "apparmor: add the ability to get a task's secid" UBUNTU: SAUCE: Revert "apparmor: add support for mapping secids and using secctxes" UBUNTU: SAUCE: apparmor: add proc subdir to attrs UBUNTU: SAUCE: apparmor: add an apparmorfs entry to access current attrs UBUNTU: SAUCE: apparmor: update flags to no longer be exclusive UBUNTU: SAUCE: update configs and annotations for LSM stacking Kees Cook (20): LSM: Introduce LSM_FLAG_LEGACY_MAJOR LSM: Provide separate ordered initialization LSM: Plumb visibility into optional "enabled" state LSM: Lift LSM selection out of individual LSMs LSM: Build ordered list of LSMs to initialize LSM: Introduce CONFIG_LSM LSM: Introduce "lsm=" for boottime LSM selection LSM: Tie enabling logic to presence in ordered list LSM: Prepare for reorganizing "security=" logic LSM: Refactor "security=" in terms of enable/disable LSM: Separate idea of "major" LSM from "exclusive" LSM apparmor: Remove SECURITY_APPARMOR_BOOTPARAM_VALUE selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE LSM: Split LSM preparation from initialization LoadPin: Initialize as ordered LSM Yama: Initialize as ordered LSM LSM: Introduce enum lsm_order capability: Initialize as LSM_ORDER_FIRST TOMOYO: Update LSM flags to no longer be exclusive LSM: Ignore "security=" when "lsm=" is specified Micah Morton (1): LSM: generalize flag passing to security_capable Petr Vorel (1): LSM: Update list of SECURITYFS users in Kconfig Tetsuo Handa (2): LSM: Make lsm_early_cred() and lsm_early_task() local functions. apparmor: Adjust offset when accessing task blob. Wei Yongjun (1): LSM: Make some functions static Documentation/admin-guide/LSM/index.rst | 13 +- Documentation/admin-guide/kernel-parameters.txt | 12 +- debian.master/config/annotations | 12 +- debian.master/config/config.common.ubuntu | 8 +- fs/proc/base.c | 78 ++- fs/proc/internal.h | 1 + include/linux/cred.h | 1 - include/linux/lsm_hooks.h | 56 +- include/linux/security.h | 43 +- include/linux/selinux.h | 35 - kernel/capability.c | 22 +- kernel/cred.c | 13 - kernel/seccomp.c | 4 +- security/Kconfig | 44 +- security/apparmor/Kconfig | 16 - security/apparmor/af_unix.c | 14 +- security/apparmor/apparmorfs.c | 67 ++ security/apparmor/audit.c | 90 +-- security/apparmor/capability.c | 14 +- security/apparmor/domain.c | 2 +- security/apparmor/include/apparmorfs.h | 3 + security/apparmor/include/audit.h | 6 - security/apparmor/include/capability.h | 2 +- security/apparmor/include/cred.h | 16 +- security/apparmor/include/file.h | 5 +- security/apparmor/include/label.h | 2 +- security/apparmor/include/lib.h | 4 + security/apparmor/include/net.h | 16 +- security/apparmor/include/policy.h | 3 - security/apparmor/include/secid.h | 20 +- security/apparmor/include/task.h | 18 +- security/apparmor/ipc.c | 3 +- security/apparmor/label.c | 7 +- security/apparmor/lsm.c | 257 ++----- security/apparmor/net.c | 68 -- security/apparmor/policy.c | 5 +- security/apparmor/policy_unpack.c | 61 -- security/apparmor/resource.c | 2 +- security/apparmor/secid.c | 149 +---- security/apparmor/task.c | 6 +- security/commoncap.c | 26 +- security/loadpin/loadpin.c | 8 +- security/security.c | 850 ++++++++++++++++++++++-- security/selinux/Kconfig | 15 - security/selinux/Makefile | 2 +- security/selinux/exports.c | 23 - security/selinux/hooks.c | 440 ++++-------- security/selinux/include/audit.h | 3 - security/selinux/include/objsec.h | 43 +- security/selinux/netlabel.c | 23 +- security/selinux/selinuxfs.c | 4 +- security/selinux/ss/services.c | 1 - security/selinux/xfrm.c | 4 +- security/smack/smack.h | 49 +- security/smack/smack_access.c | 6 +- security/smack/smack_lsm.c | 378 ++++------- security/smack/smack_netfilter.c | 8 +- security/smack/smackfs.c | 18 +- security/tomoyo/common.h | 22 +- security/tomoyo/domain.c | 4 +- security/tomoyo/securityfs_if.c | 15 +- security/tomoyo/tomoyo.c | 48 +- security/yama/yama_lsm.c | 8 +- 63 files changed, 1642 insertions(+), 1554 deletions(-) delete mode 100644 include/linux/selinux.h delete mode 100644 security/selinux/exports.c