| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <99ee372d-ca63-4dae-bf53-567a5dc69be4@schaufler-ca.com> Date: Sat, 16 Aug 2025 10:27:51 -0700 From: Casey Schaufler <casey@...aufler-ca.com> To: paul@...l-moore.com, eparis@...hat.com, linux-security-module@...r.kernel.org, audit@...r.kernel.org Cc: jmorris@...ei.org, serge@...lyn.com, keescook@...omium.org, john.johansen@...onical.com, penguin-kernel@...ove.sakura.ne.jp, stephen.smalley.work@...il.com, linux-kernel@...r.kernel.org, selinux@...r.kernel.org Subject: Re: [PATCH v5 0/5] Audit: Records for multiple security contexts Opps. script error. Please disregard. On 8/16/2025 9:41 AM, Casey Schaufler wrote: > The Linux audit system includes LSM based security "context" information > in its events. Historically, only one LSM that uses security contexts can > be active on a system. One of the few obsticles to allowing multiple LSM > support is the inability to report more than one security context in an > audit event. This patchset provides a mechanism to provide supplimental > records containing more than one security context for subjects and > objects. > > The mechanism for reporting multiple security contexts inspired > considerable discussion. It would have been possible to add multiple > contexts to existing records using sophisticated formatting. This would > have significant backward compatibility issues, and require additional > parsing in user space code. Adding new records for an event that contain > the contexts is more in keeping with the way audit events have been > constructed in the past. > > Only audit events associated with system calls have required multiple > records prior to this. Mechanism has been added allowing any event > to be composed of multiple records. This should make it easier to > add information to existing audit events without breaking backward > compatability. > > v5: > Comment on the LSM_ID_UNDEF behavior in security_secid_to_secctx(). > Change some names to better reflect their purpose. > Move alignment changes into a separate patch. > v4: > Use LSM_ID_UNDEF when checking for valid LSM IDs in > security_lsmprop_to_secctx(). > Fix the object record to include only those for LSMs that use them. > Squash the two patches dealing with subject contexts. > Base the patches on Paul Moore's LSM initialization patchset. > https://lore.kernel.org/all/20250409185019.238841-31-paul@paul-moore.com/ > v3: > Rework how security modules identify that they provide security > contexts to the audit system. Maintain a list within the audit > system of the security modules that provide security contexts. > Revert the separate counts of subject and object contexts. > v2: > Maintain separate counts for LSMs using subject contexts and object > contexts. AppArmor uses the former but not the latter. > Correct error handling in object record creation. > > https://github.com/cschaufler/lsm-stacking#audit-6.16-rc4-v5 > > Casey Schaufler (5): > Audit: Create audit_stamp structure > LSM: security_lsmblob_to_secctx module selection > Audit: Add record for multiple task security contexts > Audit: Fix indentation in audit_log_exit > Audit: Add record for multiple object contexts > > include/linux/audit.h | 23 +++ > include/linux/security.h | 6 +- > include/uapi/linux/audit.h | 2 + > kernel/audit.c | 274 ++++++++++++++++++++++++++++++----- > kernel/audit.h | 13 +- > kernel/auditsc.c | 65 +++------ > net/netlabel/netlabel_user.c | 8 +- > security/apparmor/lsm.c | 3 + > security/lsm.h | 4 - > security/lsm_init.c | 5 - > security/security.c | 21 ++- > security/selinux/hooks.c | 5 + > security/smack/smack_lsm.c | 5 + > 13 files changed, 325 insertions(+), 109 deletions(-) >
Powered by blists - more mailing lists