lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <8d0c22fd-330e-4c13-b9e3-32a927697667@canonical.com>
Date: Mon, 4 Aug 2025 05:11:50 -0700
From: John Johansen <john.johansen@...onical.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: LKLM <linux-kernel@...r.kernel.org>,
 "open list:SECURITY SUBSYSTEM" <linux-security-module@...r.kernel.org>
Subject: [GIT PULL] AppArmor updates for 6.17-rc1

Hi Linus,

There are a few patches at the top of this PR for issues fixes that
came in while I was out (I know poor timing) that I pulled in last
week after I returned. I have waited a few days for feedback and
verification on those patches beyond my own testing.

These patches have all been merge, build, and regression tested
against your tree as of yesterday. The majority of the code has had
months of testing, both in linux-next and the Ubuntu kernels, and
everything else, except the fixes I pulled in last week, has had weeks
of testing.

This PR has one major feature, it pulls in a cleaned up version of
af_unix mediation that Ubuntu has been carrying for years. It is
placed behind a new abi to ensure that it does cause policy
regressions. With pulling in the af_unix mediation there have been
cleanups and some refactoring of network socket mediation. This
accounts for the majority of the changes in the diff.

In addition there are a few improvements providing minor code
optimizations. several code cleanups, and bug fixes.

There is one Revert in the patchset for code that Eric decided he
would rather take through the crypto tree.


thanks
- john



The following changes since commit 40384c840ea1944d7c5a392e8975ed088ecf0b37:

   Linux 6.13-rc1 (2024-12-01 14:28:56 -0800)

are available in the Git repository at:

   git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor tags/apparmor-pr-2025-08-04

for you to fetch changes up to 5f49c2d1f422c660c726ac5e0499c66c901633c2:

   apparmor: fix: oops when trying to free null ruleset (2025-08-04 01:14:56 -0700)

----------------------------------------------------------------
+ Features
   - improve debug printing
   - carry mediation check on label (optimization)
   - improve ability for compiler to optimize __begin_current_label_crit_section
   - transition for a linked list of rulesets to a vector of rulesets
   - don't hardcode profile signal, allow it to be set by policy
   - ability to mediate caps via the state machine instead of lut
   - Add Ubuntu af_unix mediation, put it behind new v9 abi

+ Cleanups
   - fix typos and spelling errors
   - cleanup kernel doc and code inconsistencies
   - remove redundant checks/code
   - remove unused variables
   - Use str_yes_no() helper function
   - mark tables static where appropriate
   - make all generated string array headers const char *const
   - refactor to doc semantics of file_perm checks
   - replace macro calls to network/socket fns with explicit calls
   - refactor/cleanup socket mediation code preparing for finer grained
     mediation of different network families
   - several updates to kernel doc comments

+ Bug fixes
   - apparmor: Fix incorrect profile->signal range check
   - idmap mount fixes
   - policy unpack unaligned access fixes
   - kfree_sensitive() where appropriate
   - fix oops when freeing policy
   - fix conflicting attachment resolution
   - fix exec table look-ups when stacking isn't first
   - fix exec auditing
   - mitigate userspace generating overly large xtables

----------------------------------------------------------------
Colin Ian King (1):
       apparmor: Fix incorrect profile->signal range check

Eric Biggers (1):
       apparmor: use SHA-256 library API instead of crypto_shash API

Gabriel Totev (2):
       apparmor: shift ouid when mediating hard links in userns
       apparmor: shift uid when mediating af_unix in userns

Helge Deller (2):
       apparmor: Fix 8-byte alignment for initial dfa blob streams
       apparmor: Fix unaligned memory accesses in KUnit test

Jiapeng Chong (3):
       apparmor: Modify mismatched function name
       apparmor: Modify mismatched function name
       apparmor: Remove the unused variable rules

John Johansen (34):
       apparmor: Improve debug print infrastructure
       apparmor: cleanup: attachment perm lookup to use lookup_perms()
       apparmor: remove redundant unconfined check.
       apparmor: switch signal mediation to use RULE_MEDIATES
       apparmor: ensure labels with more than one entry have correct flags
       apparmor: remove explicit restriction that unconfined cannot use change_hat
       apparmor: cleanup: refactor file_perm() to doc semantics of some checks
       apparmor: carry mediation check on label
       apparmor: add additional flags to extended permission.
       apparmor: add support for profiles to define the kill signal
       apparmor: fix x_table_lookup when stacking is not the first entry
       apparmor: add ability to mediate caps with policy state machine
       apparmor: remove af_select macro
       apparmor: lift kernel socket check out of critical section
       apparmor: in preparation for finer networking rules rework match_prot
       apparmor: add fine grained af_unix mediation
       apparmor: gate make fine grained unix mediation behind v9 abi
       apparmor: fix dbus permission queries to v9 ABI
       apparmor: make debug_values_table static
       apparmor: Document that label must be last member in struct aa_profile
       apparmor: mitigate parser generating large xtables
       Revert "apparmor: use SHA-256 library API instead of crypto_shash API"
       apparmor: update kernel doc comments for xxx_label_crit_section
       apparmor: Remove use of the double lock
       apparmor: fix af_unix auditing to include all address information
       apparmor: fix AA_DEBUG_LABEL()
       apparmor: fix regression in fs based unix sockets when using old abi
       apparmor: make sure unix socket labeling is correctly updated.
       apparmor: fix kernel doc warnings for kernel test robot
       apparmor: transition from a list of rules to a vector of rules
       apparmor: fix: accept2 being specifie even when permission table is presnt
       apparmor: fix test error: WARNING in apparmor_unix_stream_connect
       apparmor: fix Regression on linux-next (next-20250721)
       apparmor: fix: oops when trying to free null ruleset

Mateusz Guzik (2):
       apparmor: use the condition in AA_BUG_FMT even with debug disabled
       apparmor: make __begin_current_label_crit_section() indicate whether put is needed

Nathan Chancellor (2):
       apparmor: Fix checking address of an array in accum_label_info()
       apparmor: Remove unused variable 'sock' in __file_sock_perm()

Peng Jiang (1):
       apparmor: fix documentation mismatches in val_mask_to_str and socket functions

Randy Dunlap (1):
       apparmor: fix some kernel-doc issues in header files

Ryan Lee (8):
       apparmor: ensure WB_HISTORY_SIZE value is a power of 2
       apparmor: fix loop detection used in conflicting attachment resolution
       apparmor: make all generated string array headers const char *const
       apparmor: force audit on unconfined exec if info is set by find_attach
       apparmor: move the "conflicting profile attachments" infostr to a const declaration
       apparmor: include conflicting attachment info for confined ix/ux fallback
       apparmor: force auditing of conflicting attachment execs from confined
       apparmor: remove redundant perms.allow MAY_EXEC bitflag set

Tanya Agarwal (1):
       apparmor: fix typos and spelling errors

Thorsten Blum (1):
       apparmor: Use str_yes_no() helper function

Zilin Guan (1):
       security/apparmor: use kfree_sensitive() in unpack_secmark()

  security/apparmor/Makefile             |   6 +-
  security/apparmor/af_unix.c            | 799 +++++++++++++++++++++++++++++++++
  security/apparmor/apparmorfs.c         |  39 +-
  security/apparmor/audit.c              |   2 +-
  security/apparmor/capability.c         |  61 ++-
  security/apparmor/domain.c             | 203 ++++++---
  security/apparmor/file.c               |  92 ++--
  security/apparmor/include/af_unix.h    |  55 +++
  security/apparmor/include/apparmor.h   |   4 +-
  security/apparmor/include/audit.h      |   5 +-
  security/apparmor/include/capability.h |   1 +
  security/apparmor/include/cred.h       |  31 +-
  security/apparmor/include/file.h       |  11 +-
  security/apparmor/include/ipc.h        |   3 +
  security/apparmor/include/label.h      |  51 ++-
  security/apparmor/include/lib.h        |  46 +-
  security/apparmor/include/match.h      |  10 +-
  security/apparmor/include/net.h        |  38 +-
  security/apparmor/include/path.h       |   1 +
  security/apparmor/include/perms.h      |   8 +-
  security/apparmor/include/policy.h     |  59 ++-
  security/apparmor/include/sig_names.h  |   6 +-
  security/apparmor/include/signal.h     |  19 +
  security/apparmor/ipc.c                |  13 +-
  security/apparmor/label.c              |  37 +-
  security/apparmor/lib.c                | 114 +++++
  security/apparmor/lsm.c                | 468 +++++++++++++++----
  security/apparmor/match.c              |  23 +-
  security/apparmor/mount.c              |  12 +-
  security/apparmor/net.c                | 189 ++++++--
  security/apparmor/policy.c             |  93 ++--
  security/apparmor/policy_compat.c      |   6 +-
  security/apparmor/policy_ns.c          |   2 +-
  security/apparmor/policy_unpack.c      |  67 ++-
  security/apparmor/policy_unpack_test.c |   6 +-
  security/apparmor/procattr.c           |   6 +-
  security/apparmor/resource.c           |  11 +-
  security/apparmor/task.c               |  11 +-
  38 files changed, 2178 insertions(+), 430 deletions(-)
  create mode 100644 security/apparmor/af_unix.c
  create mode 100644 security/apparmor/include/af_unix.h
  create mode 100644 security/apparmor/include/signal.h


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ