[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250607005134.10488-1-casey@schaufler-ca.com>
Date: Fri, 6 Jun 2025 17:51:30 -0700
From: Casey Schaufler <casey@...aufler-ca.com>
To: casey@...aufler-ca.com,
paul@...l-moore.com,
eparis@...hat.com,
linux-security-module@...r.kernel.org,
audit@...r.kernel.org
Cc: jmorris@...ei.org,
serge@...lyn.com,
keescook@...omium.org,
john.johansen@...onical.com,
penguin-kernel@...ove.sakura.ne.jp,
stephen.smalley.work@...il.com,
linux-kernel@...r.kernel.org,
selinux@...r.kernel.org
Subject: [PATCH v4 0/4] Audit: Records for multiple security contexts
The Linux audit system includes LSM based security "context" information
in its events. Historically, only one LSM that uses security contexts can
be active on a system. One of the few obsticles to allowing multiple LSM
support is the inability to report more than one security context in an
audit event. This patchset provides a mechanism to provide supplimental
records containing more than one security context for subjects and
objects.
The mechanism for reporting multiple security contexts inspired
considerable discussion. It would have been possible to add multiple
contexts to existing records using sophisticated formatting. This would
have significant backward compatibility issues, and require additional
parsing in user space code. Adding new records for an event that contain
the contexts is more in keeping with the way audit events have been
constructed in the past.
Only audit events associated with system calls have required multiple
records prior to this. Mechanism has been added allowing any event
to be composed of multiple records. This should make it easier to
add information to existing audit events without breaking backward
compatability.
v4:
Use LSM_ID_UNDEF when checking for valid LSM IDs in
security_lsmprop_to_secctx().
Fix the object record to include only those for LSMs that use them.
Squash the two patches dealing with subject contexts.
Base the patches on Paul Moore's LSM initialization patchset.
https://lore.kernel.org/all/20250409185019.238841-31-paul@paul-moore.com/
v3:
Rework how security modules identify that they provide security
contexts to the audit system. Maintain a list within the audit
system of the security modules that provide security contexts.
Revert the separate counts of subject and object contexts.
v2:
Maintain separate counts for LSMs using subject contexts and object
contexts. AppArmor uses the former but not the latter.
Correct error handling in object record creation.
https://github.com/cschaufler/lsm-stacking#audit-6.14-rc1-v4
Casey Schaufler (4):
Audit: Create audit_stamp structure
LSM: security_lsmblob_to_secctx module selection
Audit: Add record for multiple task security contexts
Audit: Add record for multiple object contexts
include/linux/audit.h | 23 +++
include/linux/security.h | 6 +-
include/uapi/linux/audit.h | 2 +
kernel/audit.c | 274 ++++++++++++++++++++++++++++++-----
kernel/audit.h | 13 +-
kernel/auditsc.c | 65 +++------
net/netlabel/netlabel_user.c | 8 +-
security/apparmor/lsm.c | 3 +
security/lsm.h | 4 -
security/lsm_init.c | 5 -
security/security.c | 16 +-
security/selinux/hooks.c | 4 +
security/smack/smack_lsm.c | 4 +
13 files changed, 318 insertions(+), 109 deletions(-)
--
2.47.0
Powered by blists - more mailing lists