[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <8d0c22fd-330e-4c13-b9e3-32a927697667@canonical.com>
Date: Mon, 4 Aug 2025 05:11:50 -0700
From: John Johansen <john.johansen@...onical.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: LKLM <linux-kernel@...r.kernel.org>,
"open list:SECURITY SUBSYSTEM" <linux-security-module@...r.kernel.org>
Subject: [GIT PULL] AppArmor updates for 6.17-rc1
Hi Linus,
There are a few patches at the top of this PR for issues fixes that
came in while I was out (I know poor timing) that I pulled in last
week after I returned. I have waited a few days for feedback and
verification on those patches beyond my own testing.
These patches have all been merge, build, and regression tested
against your tree as of yesterday. The majority of the code has had
months of testing, both in linux-next and the Ubuntu kernels, and
everything else, except the fixes I pulled in last week, has had weeks
of testing.
This PR has one major feature, it pulls in a cleaned up version of
af_unix mediation that Ubuntu has been carrying for years. It is
placed behind a new abi to ensure that it does cause policy
regressions. With pulling in the af_unix mediation there have been
cleanups and some refactoring of network socket mediation. This
accounts for the majority of the changes in the diff.
In addition there are a few improvements providing minor code
optimizations. several code cleanups, and bug fixes.
There is one Revert in the patchset for code that Eric decided he
would rather take through the crypto tree.
thanks
- john
The following changes since commit 40384c840ea1944d7c5a392e8975ed088ecf0b37:
Linux 6.13-rc1 (2024-12-01 14:28:56 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor tags/apparmor-pr-2025-08-04
for you to fetch changes up to 5f49c2d1f422c660c726ac5e0499c66c901633c2:
apparmor: fix: oops when trying to free null ruleset (2025-08-04 01:14:56 -0700)
----------------------------------------------------------------
+ Features
- improve debug printing
- carry mediation check on label (optimization)
- improve ability for compiler to optimize __begin_current_label_crit_section
- transition for a linked list of rulesets to a vector of rulesets
- don't hardcode profile signal, allow it to be set by policy
- ability to mediate caps via the state machine instead of lut
- Add Ubuntu af_unix mediation, put it behind new v9 abi
+ Cleanups
- fix typos and spelling errors
- cleanup kernel doc and code inconsistencies
- remove redundant checks/code
- remove unused variables
- Use str_yes_no() helper function
- mark tables static where appropriate
- make all generated string array headers const char *const
- refactor to doc semantics of file_perm checks
- replace macro calls to network/socket fns with explicit calls
- refactor/cleanup socket mediation code preparing for finer grained
mediation of different network families
- several updates to kernel doc comments
+ Bug fixes
- apparmor: Fix incorrect profile->signal range check
- idmap mount fixes
- policy unpack unaligned access fixes
- kfree_sensitive() where appropriate
- fix oops when freeing policy
- fix conflicting attachment resolution
- fix exec table look-ups when stacking isn't first
- fix exec auditing
- mitigate userspace generating overly large xtables
----------------------------------------------------------------
Colin Ian King (1):
apparmor: Fix incorrect profile->signal range check
Eric Biggers (1):
apparmor: use SHA-256 library API instead of crypto_shash API
Gabriel Totev (2):
apparmor: shift ouid when mediating hard links in userns
apparmor: shift uid when mediating af_unix in userns
Helge Deller (2):
apparmor: Fix 8-byte alignment for initial dfa blob streams
apparmor: Fix unaligned memory accesses in KUnit test
Jiapeng Chong (3):
apparmor: Modify mismatched function name
apparmor: Modify mismatched function name
apparmor: Remove the unused variable rules
John Johansen (34):
apparmor: Improve debug print infrastructure
apparmor: cleanup: attachment perm lookup to use lookup_perms()
apparmor: remove redundant unconfined check.
apparmor: switch signal mediation to use RULE_MEDIATES
apparmor: ensure labels with more than one entry have correct flags
apparmor: remove explicit restriction that unconfined cannot use change_hat
apparmor: cleanup: refactor file_perm() to doc semantics of some checks
apparmor: carry mediation check on label
apparmor: add additional flags to extended permission.
apparmor: add support for profiles to define the kill signal
apparmor: fix x_table_lookup when stacking is not the first entry
apparmor: add ability to mediate caps with policy state machine
apparmor: remove af_select macro
apparmor: lift kernel socket check out of critical section
apparmor: in preparation for finer networking rules rework match_prot
apparmor: add fine grained af_unix mediation
apparmor: gate make fine grained unix mediation behind v9 abi
apparmor: fix dbus permission queries to v9 ABI
apparmor: make debug_values_table static
apparmor: Document that label must be last member in struct aa_profile
apparmor: mitigate parser generating large xtables
Revert "apparmor: use SHA-256 library API instead of crypto_shash API"
apparmor: update kernel doc comments for xxx_label_crit_section
apparmor: Remove use of the double lock
apparmor: fix af_unix auditing to include all address information
apparmor: fix AA_DEBUG_LABEL()
apparmor: fix regression in fs based unix sockets when using old abi
apparmor: make sure unix socket labeling is correctly updated.
apparmor: fix kernel doc warnings for kernel test robot
apparmor: transition from a list of rules to a vector of rules
apparmor: fix: accept2 being specifie even when permission table is presnt
apparmor: fix test error: WARNING in apparmor_unix_stream_connect
apparmor: fix Regression on linux-next (next-20250721)
apparmor: fix: oops when trying to free null ruleset
Mateusz Guzik (2):
apparmor: use the condition in AA_BUG_FMT even with debug disabled
apparmor: make __begin_current_label_crit_section() indicate whether put is needed
Nathan Chancellor (2):
apparmor: Fix checking address of an array in accum_label_info()
apparmor: Remove unused variable 'sock' in __file_sock_perm()
Peng Jiang (1):
apparmor: fix documentation mismatches in val_mask_to_str and socket functions
Randy Dunlap (1):
apparmor: fix some kernel-doc issues in header files
Ryan Lee (8):
apparmor: ensure WB_HISTORY_SIZE value is a power of 2
apparmor: fix loop detection used in conflicting attachment resolution
apparmor: make all generated string array headers const char *const
apparmor: force audit on unconfined exec if info is set by find_attach
apparmor: move the "conflicting profile attachments" infostr to a const declaration
apparmor: include conflicting attachment info for confined ix/ux fallback
apparmor: force auditing of conflicting attachment execs from confined
apparmor: remove redundant perms.allow MAY_EXEC bitflag set
Tanya Agarwal (1):
apparmor: fix typos and spelling errors
Thorsten Blum (1):
apparmor: Use str_yes_no() helper function
Zilin Guan (1):
security/apparmor: use kfree_sensitive() in unpack_secmark()
security/apparmor/Makefile | 6 +-
security/apparmor/af_unix.c | 799 +++++++++++++++++++++++++++++++++
security/apparmor/apparmorfs.c | 39 +-
security/apparmor/audit.c | 2 +-
security/apparmor/capability.c | 61 ++-
security/apparmor/domain.c | 203 ++++++---
security/apparmor/file.c | 92 ++--
security/apparmor/include/af_unix.h | 55 +++
security/apparmor/include/apparmor.h | 4 +-
security/apparmor/include/audit.h | 5 +-
security/apparmor/include/capability.h | 1 +
security/apparmor/include/cred.h | 31 +-
security/apparmor/include/file.h | 11 +-
security/apparmor/include/ipc.h | 3 +
security/apparmor/include/label.h | 51 ++-
security/apparmor/include/lib.h | 46 +-
security/apparmor/include/match.h | 10 +-
security/apparmor/include/net.h | 38 +-
security/apparmor/include/path.h | 1 +
security/apparmor/include/perms.h | 8 +-
security/apparmor/include/policy.h | 59 ++-
security/apparmor/include/sig_names.h | 6 +-
security/apparmor/include/signal.h | 19 +
security/apparmor/ipc.c | 13 +-
security/apparmor/label.c | 37 +-
security/apparmor/lib.c | 114 +++++
security/apparmor/lsm.c | 468 +++++++++++++++----
security/apparmor/match.c | 23 +-
security/apparmor/mount.c | 12 +-
security/apparmor/net.c | 189 ++++++--
security/apparmor/policy.c | 93 ++--
security/apparmor/policy_compat.c | 6 +-
security/apparmor/policy_ns.c | 2 +-
security/apparmor/policy_unpack.c | 67 ++-
security/apparmor/policy_unpack_test.c | 6 +-
security/apparmor/procattr.c | 6 +-
security/apparmor/resource.c | 11 +-
security/apparmor/task.c | 11 +-
38 files changed, 2178 insertions(+), 430 deletions(-)
create mode 100644 security/apparmor/af_unix.c
create mode 100644 security/apparmor/include/af_unix.h
create mode 100644 security/apparmor/include/signal.h
Powered by blists - more mailing lists