| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250607005134.10488-1-casey@schaufler-ca.com> Date: Fri, 6 Jun 2025 17:51:30 -0700 From: Casey Schaufler <casey@...aufler-ca.com> To: casey@...aufler-ca.com, paul@...l-moore.com, eparis@...hat.com, linux-security-module@...r.kernel.org, audit@...r.kernel.org Cc: jmorris@...ei.org, serge@...lyn.com, keescook@...omium.org, john.johansen@...onical.com, penguin-kernel@...ove.sakura.ne.jp, stephen.smalley.work@...il.com, linux-kernel@...r.kernel.org, selinux@...r.kernel.org Subject: [PATCH v4 0/4] Audit: Records for multiple security contexts The Linux audit system includes LSM based security "context" information in its events. Historically, only one LSM that uses security contexts can be active on a system. One of the few obsticles to allowing multiple LSM support is the inability to report more than one security context in an audit event. This patchset provides a mechanism to provide supplimental records containing more than one security context for subjects and objects. The mechanism for reporting multiple security contexts inspired considerable discussion. It would have been possible to add multiple contexts to existing records using sophisticated formatting. This would have significant backward compatibility issues, and require additional parsing in user space code. Adding new records for an event that contain the contexts is more in keeping with the way audit events have been constructed in the past. Only audit events associated with system calls have required multiple records prior to this. Mechanism has been added allowing any event to be composed of multiple records. This should make it easier to add information to existing audit events without breaking backward compatability. v4: Use LSM_ID_UNDEF when checking for valid LSM IDs in security_lsmprop_to_secctx(). Fix the object record to include only those for LSMs that use them. Squash the two patches dealing with subject contexts. Base the patches on Paul Moore's LSM initialization patchset. https://lore.kernel.org/all/20250409185019.238841-31-paul@paul-moore.com/ v3: Rework how security modules identify that they provide security contexts to the audit system. Maintain a list within the audit system of the security modules that provide security contexts. Revert the separate counts of subject and object contexts. v2: Maintain separate counts for LSMs using subject contexts and object contexts. AppArmor uses the former but not the latter. Correct error handling in object record creation. https://github.com/cschaufler/lsm-stacking#audit-6.14-rc1-v4 Casey Schaufler (4): Audit: Create audit_stamp structure LSM: security_lsmblob_to_secctx module selection Audit: Add record for multiple task security contexts Audit: Add record for multiple object contexts include/linux/audit.h | 23 +++ include/linux/security.h | 6 +- include/uapi/linux/audit.h | 2 + kernel/audit.c | 274 ++++++++++++++++++++++++++++++----- kernel/audit.h | 13 +- kernel/auditsc.c | 65 +++------ net/netlabel/netlabel_user.c | 8 +- security/apparmor/lsm.c | 3 + security/lsm.h | 4 - security/lsm_init.c | 5 - security/security.c | 16 +- security/selinux/hooks.c | 4 + security/smack/smack_lsm.c | 4 + 13 files changed, 318 insertions(+), 109 deletions(-) -- 2.47.0
Powered by blists - more mailing lists