lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 27 Jan 2020 17:26:18 -0500
From:   Paul Moore <paul@...l-moore.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     selinux@...r.kernel.org, linux-security-module@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: [GIT PULL] SELinux patches for v5.6

Hi Linus,

This is one of the bigger SELinux pull requests in recent years with
28 patches.  Everything is passing our test suite and the highlights
are listed below, please merge them for v5.6.

- Mark CONFIG_SECURITY_SELINUX_DISABLE as deprecated.  We're some time
away from actually attempting to remove this in the kernel, but the
only distro we know that still uses it (Fedora) is working on moving
away from this so we want to at least let people know we are planning
to remove it.

- Reorder the SELinux hooks to help prevent bad things when SELinux is
disabled at runtime.  The proper fix is to remove the
CONFIG_SECURITY_SELINUX_DISABLE functionality (see above) and just
take care of it at boot time (e.g. "selinux=0").

- Add SELinux controls for the kernel lockdown functionality,
introducing a new SELinux class/permissions: "lockdown { integrity
confidentiality }".

- Add a SELinux control for move_mount(2) that reuses the "file {
mounton }" permission.

- Improvements to the SELinux security label data store lookup
functions to speed up translations between our internal label
representations and the visible string labels (both directions).

- Revisit a previous fix related to SELinux inode auditing and
permission caching and do it correctly this time.

- Fix the SELinux access decision cache to cleanup properly on error.
In some extreme cases this could limit the cache size and result in a
decrease in performance.

- Enable SELinux per-file labeling for binderfs.

- The SELinux initialized and disabled flags were wrapped with
accessors to ensure they are accessed correctly.

- Mark several key SELinux structures with __randomize_layout.

- Changes to the LSM build configuration to only build
security/lsm_audit.c when needed.

- Changes to the SELinux build configuration to only build the IB
object cache when CONFIG_SECURITY_INFINIBAND is enabled.

- Move a number of single-caller functions into their callers.

- Documentation fixes (/selinux -> /sys/fs/selinux).

- A handful of cleanup patches that aren't worth mentioning on their
own, the individual descriptions have plenty of detail.

Thanks,
-Paul

--
The following changes since commit e42617b825f8073569da76dc4510bfa019b1c35a:

 Linux 5.5-rc1 (2019-12-08 14:57:55 -0800)

are available in the Git repository at:

 git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
   tags/selinux-pr-20200127

for you to fetch changes up to 98aa00345de54b8340dc2ddcd87f446d33387b5e:

 selinux: fix regression introduced by move_mount(2) syscall
   (2020-01-20 07:42:37 -0500)

----------------------------------------------------------------
selinux/stable-5.6 PR 20200127

----------------------------------------------------------------
Hridya Valsaraju (1):
     selinux: allow per-file labelling for binderfs

Huaisheng Ye (2):
     selinux: remove redundant msg_msg_alloc_security
     selinux: remove redundant selinux_nlmsg_perm

Jaihind Yadav (1):
     selinux: ensure we cleanup the internal AVC counters on error in
              avc_update()

Jeff Vander Stoep (1):
     selinux: sidtab reverse lookup hash table

Ondrej Mosnacek (5):
     selinux: cache the SID -> context string translation
     selinux: treat atomic flags more carefully
     selinux: reorder hooks to make runtime disable less broken
     selinux: fix wrong buffer types in policydb.c
     selinux: do not allocate ancillary buffer on first load

Paul Moore (4):
     selinux: ensure we cleanup the internal AVC counters on error in
              avc_insert()
     selinux: ensure the policy has been loaded before reading the sidtab stats
     selinux: deprecate disabling SELinux and runtime
     selinux: remove redundant allocation and helper functions

Ravi Kumar Siddojigari (1):
     selinux: move ibpkeys code under CONFIG_SECURITY_INFINIBAND.

Stephen Smalley (10):
     security,lockdown,selinux: implement SELinux lockdown
     selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link"
     selinux: fall back to ref-walk if audit is required
     selinux: clean up selinux_inode_permission MAY_NOT_BLOCK tests
     security: only build lsm_audit if CONFIG_SECURITY=y
     selinux: clean up selinux_enabled/disabled/enforcing_boot
     selinux: randomize layout of key structures
     Documentation,selinux: fix references to old selinuxfs mount point
     selinux: make default_noexec read-only after init
     selinux: fix regression introduced by move_mount(2) syscall

Yang Guo (1):
     selinux: remove unnecessary selinux cred request

YueHaibing (1):
     selinux: remove set but not used variable 'sidtab'

liuyang34 (1):
     selinuxfs: use scnprintf to get real length for inode

Documentation/ABI/obsolete/sysfs-selinux-disable |  26 ++
Documentation/admin-guide/kernel-parameters.txt  |   9 +-
MAINTAINERS                                      |   1 +
include/linux/lsm_audit.h                        |   2 +
include/linux/security.h                         |   2 +
security/Makefile                                |   2 +-
security/lockdown/lockdown.c                     |  27 --
security/lsm_audit.c                             |   5 +
security/security.c                              |  33 ++
security/selinux/Kconfig                         |  33 +-
security/selinux/Makefile                        |   4 +-
security/selinux/avc.c                           |  95 +++---
security/selinux/hooks.c                         | 388 ++++++++++--------
security/selinux/ibpkey.c                        |   2 +-
security/selinux/include/avc.h                   |  13 +-
security/selinux/include/classmap.h              |   2 +
security/selinux/include/ibpkey.h                |  13 +-
security/selinux/include/objsec.h                |   2 +-
security/selinux/include/security.h              |  40 ++-
security/selinux/netif.c                         |   2 +-
security/selinux/netnode.c                       |   2 +-
security/selinux/netport.c                       |   2 +-
security/selinux/selinuxfs.c                     |  87 ++++-
security/selinux/ss/context.h                    |  11 +-
security/selinux/ss/policydb.c                   |   9 +-
security/selinux/ss/policydb.h                   |   2 +-
security/selinux/ss/services.c                   | 312 +++++++++++-------
security/selinux/ss/services.h                   |   6 +-
security/selinux/ss/sidtab.c                     | 402 ++++++++++++-------
security/selinux/ss/sidtab.h                     |  70 +++-
30 files changed, 1045 insertions(+), 559 deletions(-)
create mode 100644 Documentation/ABI/obsolete/sysfs-selinux-disable

-- 
paul moore
www.paul-moore.com

Powered by blists - more mailing lists