lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-id: <1436351110-5902-1-git-send-email-p.osmialowsk@samsung.com>
Date:	Wed, 08 Jul 2015 12:25:02 +0200
From:	Paul Osmialowski <p.osmialowsk@...sung.com>
To:	Paul Moore <pmoore@...hat.com>,
	James Morris <james.l.morris@...cle.com>,
	Casey Schaufler <casey@...aufler-ca.com>,
	"Serge E. Hallyn" <serge@...lyn.com>,
	Kees Cook <keescook@...omium.org>,
	Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
	Stephen Smalley <sds@...ho.nsa.gov>,
	Neil Brown <neilb@...e.de>,
	Mark Rustad <mark.d.rustad@...el.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Daniel Mack <daniel@...que.org>,
	David Herrmann <dh.herrmann@...glemail.com>,
	Djalal Harouni <tixxdz@...ndz.org>,
	Shuah Khan <shuahkh@....samsung.com>,
	Al Viro <viro@...iv.linux.org.uk>,
	linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org, linux-api@...r.kernel.org
Cc:	Karol Lewandowski <k.lewandowsk@...sung.com>,
	Paul Osmialowski <p.osmialowsk@...sung.com>,
	Lukasz Skalski <l.skalski@...sung.com>
Subject: [RFC 0/8] Introduce LSM to KDBUS

This patchset partially summarizes effects of collective work by
Karol Lewandowski and Paul Moore towards introduction of LSM into KDBUS.

These patches originate from following git repositories:

git://git.infradead.org/users/pcmoore/selinux (branch: working-kdbus)

https://github.com/lmctl/linux.git (branch: kdbus-lsm-v4.for-systemd-v212)

https://github.com/lmctl/kdbus.git (branch: kdbus-lsm-v4.for-systemd-v212)

Since kdbus made its way to linux-next tree, I was kindly asked by
Karol Lewandowski to fit his work into the current kdbus code existing
there.

As both kdbus and security related code changed a bit, so are my changes
quite substantial in places.

Note that SELinux kdbus access control patches are absent - only SMACK part
of original work is included.

I've also made some changes to kdbus test suite. In order to see LSM hooks
in action we need to be able to run tests from different executable
binaries holding different security labels.

Therefore I added ability to select execution of particular test by
executed binary name. This is essential for running newly added 'send' test
which should communicate with 'daemon' test running in another process.

Karol Lewandowski (1):
  lsm: make security_file_receive available for external modules

Paul Osmialowski (7):
  lsm: smack: Make ipc/kdbus includes visible so smack callbacks could
    see them
  lsm: kdbus security hooks
  lsm: smack: smack callbacks for kdbus security hooks
  kdbus: use LSM hooks in kdbus code
  kdbus: TEST_CREATE_CONN now does no depend on TEST_CREATE_BUS
  kdbus: selftests extended
  kdbus: Ability to run kdbus test by executable binary name

 include/linux/lsm_hooks.h                        |  67 +++++++++++++
 include/linux/security.h                         |  99 +++++++++++++++++++
 ipc/kdbus/bus.c                                  |  12 ++-
 ipc/kdbus/bus.h                                  |   3 +
 ipc/kdbus/connection.c                           |  54 +++++++++++
 ipc/kdbus/connection.h                           |   4 +
 ipc/kdbus/domain.c                               |   9 +-
 ipc/kdbus/domain.h                               |   2 +
 ipc/kdbus/endpoint.c                             |  11 +++
 ipc/kdbus/names.c                                |  11 +++
 ipc/kdbus/queue.c                                |  30 ++++--
 security/security.c                              | 118 +++++++++++++++++++++++
 security/smack/Makefile                          |   2 +
 security/smack/smack_lsm.c                       |  68 +++++++++++++
 tools/testing/selftests/kdbus/Makefile           |   1 +
 tools/testing/selftests/kdbus/kdbus-test.c       |  37 ++++++-
 tools/testing/selftests/kdbus/kdbus-test.h       |   1 +
 tools/testing/selftests/kdbus/kdbus-util.c       |  37 ++++---
 tools/testing/selftests/kdbus/kdbus-util.h       |   2 +-
 tools/testing/selftests/kdbus/test-activator.c   |  20 ++--
 tools/testing/selftests/kdbus/test-chat.c        |   6 +-
 tools/testing/selftests/kdbus/test-connection.c  |   8 +-
 tools/testing/selftests/kdbus/test-fd.c          |   2 +-
 tools/testing/selftests/kdbus/test-message.c     |  69 ++++++++-----
 tools/testing/selftests/kdbus/test-metadata-ns.c |  10 +-
 tools/testing/selftests/kdbus/test-monitor.c     |   9 +-
 tools/testing/selftests/kdbus/test-policy-ns.c   |   8 +-
 tools/testing/selftests/kdbus/test-policy-priv.c |  48 +++++----
 tools/testing/selftests/kdbus/test-send.c        |  84 ++++++++++++++++
 tools/testing/selftests/kdbus/test-sync.c        |   2 +-
 tools/testing/selftests/kdbus/test-timeout.c     |   2 +-
 31 files changed, 732 insertions(+), 104 deletions(-)
 create mode 100644 tools/testing/selftests/kdbus/test-send.c

-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ