| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250621171851.5869-1-casey@schaufler-ca.com> Date: Sat, 21 Jun 2025 10:18:35 -0700 From: Casey Schaufler <casey@...aufler-ca.com> To: casey@...aufler-ca.com, paul@...l-moore.com, eparis@...hat.com, linux-security-module@...r.kernel.org, audit@...r.kernel.org Cc: jmorris@...ei.org, serge@...lyn.com, keescook@...omium.org, john.johansen@...onical.com, penguin-kernel@...ove.sakura.ne.jp, stephen.smalley.work@...il.com, linux-kernel@...r.kernel.org, selinux@...r.kernel.org Subject: [RFC PATCH 00/15] LSM: No exclusive LSMs Remove all constraints that require Linux Security Modules to be marked as "exclusive". This RFC includes variants of two other patch sets: https://github.com/cschaufler/lsm-stacking#audit-6.14-rc1-v4 https://github.com/cschaufler/lsm-stacking#mount-opts-6.16-rc1 Based on patches Paul Moore's LSM initialization patchset. https://lore.kernel.org/all/20250409185019.238841-31-paul@paul-moore.com/v3 There are three components to this change. Patches 01-04 implement a mechanism to provide auxiliary audit records and uses it to supply new records for multiple subject and object security contexts. Patches 09-11 allow mount options to be supported by multiple LSMs. The remaining patches address mechanisms that cannot be used safely by more than one LSM. Testing has been done using SELinux, Smack and AppArmor on Fedora and using AppArmor and Smack on Ubuntu. Using SELinux and Smack on Fedora requires a systemd change. Casey Schaufler (15): Audit: Create audit_stamp structure LSM: security_lsmblob_to_secctx module selection Audit: Add record for multiple task security contexts Audit: Add record for multiple object contexts LSM: Single calls in secid hooks LSM: Exclusive secmark usage Audit: Call only the first of the audit rule hooks AppArmor: Remove the exclusive flag LSM: Add mount opts blob size tracking LSM: allocate mnt_opts blobs instead of module specific data LSM: Infrastructure management of the mnt_opts security blob LSM: Allow reservation of netlabel LSM: restrict security_cred_getsecid() to a single LSM Smack: Remove LSM_FLAG_EXCLUSIVE LSM: Remove exclusive LSM flag include/linux/audit.h | 23 +++ include/linux/lsm_hooks.h | 5 +- include/linux/security.h | 6 +- include/uapi/linux/audit.h | 2 + kernel/audit.c | 274 ++++++++++++++++++++++++---- kernel/audit.h | 13 +- kernel/auditsc.c | 65 ++----- net/netlabel/netlabel_user.c | 8 +- security/apparmor/include/net.h | 5 + security/apparmor/lsm.c | 12 +- security/lsm.h | 4 - security/lsm_init.c | 36 ++-- security/security.c | 103 ++++++++--- security/selinux/hooks.c | 82 ++++++--- security/selinux/include/netlabel.h | 5 + security/selinux/netlabel.c | 4 +- security/smack/smack.h | 10 + security/smack/smack_lsm.c | 107 ++++++++--- security/smack/smack_netfilter.c | 10 +- security/smack/smackfs.c | 20 +- 20 files changed, 585 insertions(+), 209 deletions(-) -- 2.47.0
Powered by blists - more mailing lists