lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4b4eb40c-b65a-46e2-9e23-5412a9cdcad0@canonical.com>
Date:   Sun, 29 Oct 2023 14:09:47 -0700
From:   John Johansen <john.johansen@...onical.com>
To:     Paul Moore <paul@...l-moore.com>,
        Stephen Rothwell <sfr@...b.auug.org.au>
Cc:     Casey Schaufler <casey@...aufler-ca.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Linux Next Mailing List <linux-next@...r.kernel.org>,
        linux-security-module@...r.kernel.org
Subject: Re: linux-next: manual merge of the apparmor tree with the security
 tree

On 10/28/23 08:32, Paul Moore wrote:
> On Thu, Oct 26, 2023 at 10:03 PM Stephen Rothwell <sfr@...b.auug.org.au> wrote:
>>
>> Hi all,
>>
>> Today's linux-next merge of the apparmor tree got a conflict in:
>>
>>    security/apparmor/lsm.c
>>
>> between commit:
>>
>>    3c3bda37ca1d ("AppArmor: Add selfattr hooks")
>>
>> from the security tree and commits:
>>
>>    bd7bd201ca46 ("apparmor: combine common_audit_data and apparmor_audit_data")
>>    d20f5a1a6e79 ("apparmor: rename audit_data->label to audit_data->subj_label")
>>
>> from the apparmor tree.
>>
>> I fixed it up (see below) and can carry the fix as necessary. This
>> is now fixed as far as linux-next is concerned, but any non trivial
>> conflicts should be mentioned to your upstream maintainer when your tree
>> is submitted for merging.  You may also want to consider cooperating
>> with the maintainer of the conflicting tree to minimise any particularly
>> complex conflicts.
> 
> Thanks Stephen.
> 
> John, can you take a look and make sure this is correct (it looks okay to me)?
> 
yes its good, thanks Stephan.

Acked-by: John Johansen <john.johansen@...onical.com>

Paul just to double check, to make sure we get ordering on this right
    3c3bda37ca1d ("AppArmor: Add selfattr hooks")

is part of the Three basic syscalls series, the plan is still to have that
series bake in next for a full cycle?

Regardless, I will wait until security-ext gets merged to send my pull
request, and handle the conflict if its present.

>> diff --cc security/apparmor/lsm.c
>> index 5e16c03936b9,4d34180e9799..000000000000
>> --- a/security/apparmor/lsm.c
>> +++ b/security/apparmor/lsm.c
>> @@@ -771,16 -868,11 +917,16 @@@ out
>>          return error;
>>
>>    fail:
>> -       aad(&sa)->label = begin_current_label_crit_section();
>> +       ad.subj_label = begin_current_label_crit_section();
>>   -      ad.info = name;
>>   +      if (attr == LSM_ATTR_CURRENT)
>> -               aad(&sa)->info = "current";
>> ++              ad.info = "current";
>>   +      else if (attr == LSM_ATTR_EXEC)
>> -               aad(&sa)->info = "exec";
>> ++              ad.info = "exec";
>>   +      else
>> -               aad(&sa)->info = "invalid";
>> -       aad(&sa)->error = error = -EINVAL;
>> -       aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL);
>> -       end_current_label_crit_section(aad(&sa)->label);
>> ++              ad.info = "invalid";
>> +       ad.error = error = -EINVAL;
>> +       aa_audit_msg(AUDIT_APPARMOR_DENIED, &ad, NULL);
>> +       end_current_label_crit_section(ad.subj_label);
>>          goto out;
>>    }
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ