From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: casey@schaufler-ca.com, linux-audit@redhat.com,
keescook@chromium.org, john.johansen@canonical.com,
penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
sds@tycho.nsa.gov, linux-kernel@vger.kernel.org,
linux-integrity@vger.kernel.org
Subject: [PATCH v23 03/23] LSM: Use lsmblob in security_audit_rule_match
Date: Fri, 20 Nov 2020 12:14:47 -0800 [thread overview]
Message-ID: <20201120201507.11993-4-casey@schaufler-ca.com> (raw)
In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com>
Change the secid parameter of security_audit_rule_match
to a lsmblob structure pointer. Pass the entry from the
lsmblob structure for the approprite slot to the LSM hook.
Change the users of security_audit_rule_match to use the
lsmblob instead of a u32. The scaffolding function lsmblob_init()
fills the blob with the value of the old secid, ensuring that
it is available to the appropriate module hook. The sources of
the secid, security_task_getsecid() and security_inode_getsecid(),
will be converted to use the blob structure later in the series.
At the point the use of lsmblob_init() is dropped.
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-audit@redhat.com
Cc: linux-integrity@vger.kernel.org
To: Mimi Zohar <zohar@linux.ibm.com
---
include/linux/security.h | 7 ++++---
kernel/auditfilter.c | 6 ++++--
kernel/auditsc.c | 14 ++++++++++----
security/integrity/ima/ima.h | 4 ++--
security/integrity/ima/ima_policy.c | 7 +++++--
security/security.c | 10 ++++++++--
6 files changed, 33 insertions(+), 15 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index fdb6e95c98e8..89c538aa283e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1892,7 +1892,8 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer)
#ifdef CONFIG_SECURITY
int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
int security_audit_rule_known(struct audit_krule *krule);
-int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule);
+int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op,
+ void **lsmrule);
void security_audit_rule_free(void **lsmrule);
#else
@@ -1908,8 +1909,8 @@ static inline int security_audit_rule_known(struct audit_krule *krule)
return 0;
}
-static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
- void **lsmrule)
+static inline int security_audit_rule_match(struct lsmblob *blob, u32 field,
+ u32 op, void **lsmrule)
{
return 0;
}
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 45da229f9f1f..e27424216159 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1331,6 +1331,7 @@ int audit_filter(int msgtype, unsigned int listtype)
struct audit_field *f = &e->rule.fields[i];
pid_t pid;
u32 sid;
+ struct lsmblob blob;
switch (f->type) {
case AUDIT_PID:
@@ -1361,8 +1362,9 @@ int audit_filter(int msgtype, unsigned int listtype)
case AUDIT_SUBJ_CLR:
if (f->lsm_isset) {
security_task_getsecid(current, &sid);
- result = security_audit_rule_match(sid,
- f->type, f->op,
+ lsmblob_init(&blob, sid);
+ result = security_audit_rule_match(
+ &blob, f->type, f->op,
f->lsm_rules);
}
break;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 16e3430f7d07..7dd6b815a9eb 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -474,6 +474,7 @@ static int audit_filter_rules(struct task_struct *tsk,
const struct cred *cred;
int i, need_sid = 1;
u32 sid;
+ struct lsmblob blob;
unsigned int sessionid;
cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation);
@@ -672,7 +673,9 @@ static int audit_filter_rules(struct task_struct *tsk,
security_task_getsecid(tsk, &sid);
need_sid = 0;
}
- result = security_audit_rule_match(sid, f->type,
+ lsmblob_init(&blob, sid);
+ result = security_audit_rule_match(&blob,
+ f->type,
f->op,
f->lsm_rules);
}
@@ -687,15 +690,17 @@ static int audit_filter_rules(struct task_struct *tsk,
if (f->lsm_isset) {
/* Find files that match */
if (name) {
+ lsmblob_init(&blob, name->osid);
result = security_audit_rule_match(
- name->osid,
+ &blob,
f->type,
f->op,
f->lsm_rules);
} else if (ctx) {
list_for_each_entry(n, &ctx->names_list, list) {
+ lsmblob_init(&blob, name->osid);
if (security_audit_rule_match(
- n->osid,
+ &blob,
f->type,
f->op,
f->lsm_rules)) {
@@ -707,7 +712,8 @@ static int audit_filter_rules(struct task_struct *tsk,
/* Find ipc objects that match */
if (!ctx || ctx->type != AUDIT_IPC)
break;
- if (security_audit_rule_match(ctx->ipc.osid,
+ lsmblob_init(&blob, ctx->ipc.osid);
+ if (security_audit_rule_match(&blob,
f->type, f->op,
f->lsm_rules))
++result;
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 6ebefec616e4..6bae2ee9b251 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -429,8 +429,8 @@ static inline void ima_filter_rule_free(void *lsmrule)
{
}
-static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op,
- void *lsmrule)
+static inline int ima_filter_rule_match(struct lsmblob *blob, u32 field,
+ u32 op, void *lsmrule)
{
return -EINVAL;
}
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index cd393aaa17d5..3e47cc9b7400 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -562,6 +562,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode,
for (i = 0; i < MAX_LSM_RULES; i++) {
int rc = 0;
u32 osid;
+ struct lsmblob lsmdata;
if (!ima_lsm_isset(rule->lsm[i].rules)) {
if (!rule->lsm[i].args_p)
@@ -574,14 +575,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode,
case LSM_OBJ_ROLE:
case LSM_OBJ_TYPE:
security_inode_getsecid(inode, &osid);
- rc = ima_filter_rule_match(osid, rule->lsm[i].type,
+ lsmblob_init(&lsmdata, osid);
+ rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type,
Audit_equal,
rule->lsm[i].rules);
break;
case LSM_SUBJ_USER:
case LSM_SUBJ_ROLE:
case LSM_SUBJ_TYPE:
- rc = ima_filter_rule_match(secid, rule->lsm[i].type,
+ lsmblob_init(&lsmdata, secid);
+ rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type,
Audit_equal,
rule->lsm[i].rules);
default:
diff --git a/security/security.c b/security/security.c
index d01363cb0082..4ecbef074809 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2558,11 +2558,14 @@ void security_audit_rule_free(void **lsmrule)
hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) {
if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
continue;
+ if (lsmrule[hp->lsmid->slot] == NULL)
+ continue;
hp->hook.audit_rule_free(lsmrule[hp->lsmid->slot]);
}
}
-int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule)
+int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op,
+ void **lsmrule)
{
struct security_hook_list *hp;
int rc;
@@ -2570,7 +2573,10 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule)
hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) {
if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
continue;
- rc = hp->hook.audit_rule_match(secid, field, op,
+ if (lsmrule[hp->lsmid->slot] == NULL)
+ continue;
+ rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot],
+ field, op,
&lsmrule[hp->lsmid->slot]);
if (rc)
return rc;
--
2.24.1
WARNING: multiple messages have this Message-ID (diff)
From: Casey Schaufler <casey@schaufler-ca.com>
To: casey.schaufler@intel.com, jmorris@namei.org,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: john.johansen@canonical.com, linux-kernel@vger.kernel.org,
linux-audit@redhat.com, linux-integrity@vger.kernel.org,
sds@tycho.nsa.gov
Subject: [PATCH v23 03/23] LSM: Use lsmblob in security_audit_rule_match
Date: Fri, 20 Nov 2020 12:14:47 -0800 [thread overview]
Message-ID: <20201120201507.11993-4-casey@schaufler-ca.com> (raw)
In-Reply-To: <20201120201507.11993-1-casey@schaufler-ca.com>
Change the secid parameter of security_audit_rule_match
to a lsmblob structure pointer. Pass the entry from the
lsmblob structure for the approprite slot to the LSM hook.
Change the users of security_audit_rule_match to use the
lsmblob instead of a u32. The scaffolding function lsmblob_init()
fills the blob with the value of the old secid, ensuring that
it is available to the appropriate module hook. The sources of
the secid, security_task_getsecid() and security_inode_getsecid(),
will be converted to use the blob structure later in the series.
At the point the use of lsmblob_init() is dropped.
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: linux-audit@redhat.com
Cc: linux-integrity@vger.kernel.org
To: Mimi Zohar <zohar@linux.ibm.com
---
include/linux/security.h | 7 ++++---
kernel/auditfilter.c | 6 ++++--
kernel/auditsc.c | 14 ++++++++++----
security/integrity/ima/ima.h | 4 ++--
security/integrity/ima/ima_policy.c | 7 +++++--
security/security.c | 10 ++++++++--
6 files changed, 33 insertions(+), 15 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index fdb6e95c98e8..89c538aa283e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1892,7 +1892,8 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer)
#ifdef CONFIG_SECURITY
int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
int security_audit_rule_known(struct audit_krule *krule);
-int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule);
+int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op,
+ void **lsmrule);
void security_audit_rule_free(void **lsmrule);
#else
@@ -1908,8 +1909,8 @@ static inline int security_audit_rule_known(struct audit_krule *krule)
return 0;
}
-static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
- void **lsmrule)
+static inline int security_audit_rule_match(struct lsmblob *blob, u32 field,
+ u32 op, void **lsmrule)
{
return 0;
}
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 45da229f9f1f..e27424216159 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1331,6 +1331,7 @@ int audit_filter(int msgtype, unsigned int listtype)
struct audit_field *f = &e->rule.fields[i];
pid_t pid;
u32 sid;
+ struct lsmblob blob;
switch (f->type) {
case AUDIT_PID:
@@ -1361,8 +1362,9 @@ int audit_filter(int msgtype, unsigned int listtype)
case AUDIT_SUBJ_CLR:
if (f->lsm_isset) {
security_task_getsecid(current, &sid);
- result = security_audit_rule_match(sid,
- f->type, f->op,
+ lsmblob_init(&blob, sid);
+ result = security_audit_rule_match(
+ &blob, f->type, f->op,
f->lsm_rules);
}
break;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 16e3430f7d07..7dd6b815a9eb 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -474,6 +474,7 @@ static int audit_filter_rules(struct task_struct *tsk,
const struct cred *cred;
int i, need_sid = 1;
u32 sid;
+ struct lsmblob blob;
unsigned int sessionid;
cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation);
@@ -672,7 +673,9 @@ static int audit_filter_rules(struct task_struct *tsk,
security_task_getsecid(tsk, &sid);
need_sid = 0;
}
- result = security_audit_rule_match(sid, f->type,
+ lsmblob_init(&blob, sid);
+ result = security_audit_rule_match(&blob,
+ f->type,
f->op,
f->lsm_rules);
}
@@ -687,15 +690,17 @@ static int audit_filter_rules(struct task_struct *tsk,
if (f->lsm_isset) {
/* Find files that match */
if (name) {
+ lsmblob_init(&blob, name->osid);
result = security_audit_rule_match(
- name->osid,
+ &blob,
f->type,
f->op,
f->lsm_rules);
} else if (ctx) {
list_for_each_entry(n, &ctx->names_list, list) {
+ lsmblob_init(&blob, name->osid);
if (security_audit_rule_match(
- n->osid,
+ &blob,
f->type,
f->op,
f->lsm_rules)) {
@@ -707,7 +712,8 @@ static int audit_filter_rules(struct task_struct *tsk,
/* Find ipc objects that match */
if (!ctx || ctx->type != AUDIT_IPC)
break;
- if (security_audit_rule_match(ctx->ipc.osid,
+ lsmblob_init(&blob, ctx->ipc.osid);
+ if (security_audit_rule_match(&blob,
f->type, f->op,
f->lsm_rules))
++result;
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 6ebefec616e4..6bae2ee9b251 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -429,8 +429,8 @@ static inline void ima_filter_rule_free(void *lsmrule)
{
}
-static inline int ima_filter_rule_match(u32 secid, u32 field, u32 op,
- void *lsmrule)
+static inline int ima_filter_rule_match(struct lsmblob *blob, u32 field,
+ u32 op, void *lsmrule)
{
return -EINVAL;
}
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index cd393aaa17d5..3e47cc9b7400 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -562,6 +562,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode,
for (i = 0; i < MAX_LSM_RULES; i++) {
int rc = 0;
u32 osid;
+ struct lsmblob lsmdata;
if (!ima_lsm_isset(rule->lsm[i].rules)) {
if (!rule->lsm[i].args_p)
@@ -574,14 +575,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode,
case LSM_OBJ_ROLE:
case LSM_OBJ_TYPE:
security_inode_getsecid(inode, &osid);
- rc = ima_filter_rule_match(osid, rule->lsm[i].type,
+ lsmblob_init(&lsmdata, osid);
+ rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type,
Audit_equal,
rule->lsm[i].rules);
break;
case LSM_SUBJ_USER:
case LSM_SUBJ_ROLE:
case LSM_SUBJ_TYPE:
- rc = ima_filter_rule_match(secid, rule->lsm[i].type,
+ lsmblob_init(&lsmdata, secid);
+ rc = ima_filter_rule_match(&lsmdata, rule->lsm[i].type,
Audit_equal,
rule->lsm[i].rules);
default:
diff --git a/security/security.c b/security/security.c
index d01363cb0082..4ecbef074809 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2558,11 +2558,14 @@ void security_audit_rule_free(void **lsmrule)
hlist_for_each_entry(hp, &security_hook_heads.audit_rule_free, list) {
if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
continue;
+ if (lsmrule[hp->lsmid->slot] == NULL)
+ continue;
hp->hook.audit_rule_free(lsmrule[hp->lsmid->slot]);
}
}
-int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule)
+int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op,
+ void **lsmrule)
{
struct security_hook_list *hp;
int rc;
@@ -2570,7 +2573,10 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void **lsmrule)
hlist_for_each_entry(hp, &security_hook_heads.audit_rule_match, list) {
if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot))
continue;
- rc = hp->hook.audit_rule_match(secid, field, op,
+ if (lsmrule[hp->lsmid->slot] == NULL)
+ continue;
+ rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot],
+ field, op,
&lsmrule[hp->lsmid->slot]);
if (rc)
return rc;
--
2.24.1
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
next prev parent reply other threads:[~2020-11-20 20:18 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20201120201507.11993-1-casey.ref@schaufler-ca.com>
2020-11-20 20:14 ` [PATCH v22 00/23] LSM: Module stacking for AppArmor Casey Schaufler
2020-11-20 20:14 ` Casey Schaufler
2020-11-20 20:14 ` [PATCH v23 01/23] LSM: Infrastructure management of the sock security Casey Schaufler
2020-11-20 20:14 ` Casey Schaufler
2020-11-20 20:14 ` [PATCH v23 02/23] LSM: Create and manage the lsmblob data structure Casey Schaufler
2020-11-20 20:14 ` Casey Schaufler
2020-12-28 17:54 ` Mimi Zohar
2020-12-28 17:54 ` Mimi Zohar
2020-12-28 19:22 ` Casey Schaufler
2020-12-28 19:22 ` Casey Schaufler
2020-12-28 19:43 ` Mimi Zohar
2020-12-28 19:43 ` Mimi Zohar
2020-12-28 19:24 ` Mimi Zohar
2020-12-28 19:24 ` Mimi Zohar
2020-12-28 20:06 ` Casey Schaufler
2020-12-28 20:06 ` Casey Schaufler
2020-12-28 22:14 ` Mimi Zohar
2020-12-28 22:14 ` Mimi Zohar
2020-12-28 23:20 ` Casey Schaufler
2020-12-28 23:20 ` Casey Schaufler
2020-12-29 1:53 ` Mimi Zohar
2020-12-29 1:53 ` Mimi Zohar
2020-12-29 13:53 ` Mimi Zohar
2020-12-29 13:53 ` Mimi Zohar
2020-12-29 18:46 ` Casey Schaufler
2020-12-29 18:46 ` Casey Schaufler
2020-12-29 19:16 ` Mimi Zohar
2020-12-29 19:16 ` Mimi Zohar
2020-11-20 20:14 ` Casey Schaufler [this message]
2020-11-20 20:14 ` [PATCH v23 03/23] LSM: Use lsmblob in security_audit_rule_match Casey Schaufler
2020-11-20 20:14 ` [PATCH v23 04/23] LSM: Use lsmblob in security_kernel_act_as Casey Schaufler
2020-11-20 20:14 ` Casey Schaufler
2020-11-20 20:14 ` [PATCH v23 05/23] LSM: Use lsmblob in security_secctx_to_secid Casey Schaufler
2020-11-20 20:14 ` Casey Schaufler
2020-11-20 20:14 ` [PATCH v23 06/23] LSM: Use lsmblob in security_secid_to_secctx Casey Schaufler
2020-11-20 20:14 ` Casey Schaufler
2020-11-20 20:14 ` [PATCH v23 07/23] LSM: Use lsmblob in security_ipc_getsecid Casey Schaufler
2020-11-20 20:14 ` Casey Schaufler
2020-11-20 20:14 ` [PATCH v23 08/23] LSM: Use lsmblob in security_task_getsecid Casey Schaufler
2020-11-20 20:14 ` Casey Schaufler
2020-11-20 20:14 ` [PATCH v23 09/23] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler
2020-11-20 20:14 ` Casey Schaufler
2020-11-20 20:14 ` [PATCH v23 10/23] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
2020-11-20 20:14 ` Casey Schaufler
2020-11-20 20:14 ` [PATCH v23 11/23] IMA: Change internal interfaces to use lsmblobs Casey Schaufler
2020-11-20 20:14 ` Casey Schaufler
2020-11-20 20:14 ` [PATCH v23 12/23] LSM: Specify which LSM to display Casey Schaufler
2020-11-20 20:14 ` Casey Schaufler
2020-11-20 20:14 ` [PATCH v23 13/23] LSM: Ensure the correct LSM context releaser Casey Schaufler
2020-11-20 20:14 ` Casey Schaufler
2020-11-20 20:14 ` [PATCH v23 14/23] LSM: Use lsmcontext in security_secid_to_secctx Casey Schaufler
2020-11-20 20:14 ` Casey Schaufler
2020-11-20 20:14 ` [PATCH v23 15/23] LSM: Use lsmcontext in security_inode_getsecctx Casey Schaufler
2020-11-20 20:14 ` Casey Schaufler
2020-11-20 20:15 ` [PATCH v23 16/23] LSM: security_secid_to_secctx in netlink netfilter Casey Schaufler
2020-11-20 20:15 ` Casey Schaufler
2020-11-20 20:15 ` [PATCH v23 17/23] NET: Store LSM netlabel data in a lsmblob Casey Schaufler
2020-11-20 20:15 ` Casey Schaufler
2020-11-20 20:15 ` [PATCH v23 18/23] LSM: Verify LSM display sanity in binder Casey Schaufler
2020-11-20 20:15 ` Casey Schaufler
2020-11-20 20:15 ` [PATCH v23 19/23] audit: add support for non-syscall auxiliary records Casey Schaufler
2020-11-20 20:15 ` Casey Schaufler
2020-11-20 23:06 ` kernel test robot
2020-11-20 23:06 ` kernel test robot
2020-11-20 23:06 ` kernel test robot
2020-11-21 0:36 ` kernel test robot
2020-11-21 0:36 ` kernel test robot
2020-11-21 7:36 ` kernel test robot
2020-11-21 7:36 ` kernel test robot
2020-11-21 7:36 ` kernel test robot
2020-11-20 20:15 ` [PATCH v23 20/23] Audit: Add new record for multiple process LSM attributes Casey Schaufler
2020-11-20 20:15 ` Casey Schaufler
2020-11-20 22:51 ` kernel test robot
2020-11-20 22:51 ` kernel test robot
2020-11-20 22:51 ` kernel test robot
2020-11-21 0:02 ` kernel test robot
2020-11-21 0:02 ` kernel test robot
2020-11-21 0:02 ` kernel test robot
2020-11-20 20:15 ` [PATCH v23 21/23] Audit: Add a new record for multiple object " Casey Schaufler
2020-11-20 20:15 ` Casey Schaufler
2020-11-20 20:15 ` [PATCH v23 22/23] LSM: Add /proc attr entry for full LSM context Casey Schaufler
2020-11-20 20:15 ` Casey Schaufler
2020-11-20 20:15 ` [PATCH v23 23/23] AppArmor: Remove the exclusive flag Casey Schaufler
2020-11-20 20:15 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201120201507.11993-4-casey@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=casey.schaufler@intel.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-audit@redhat.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.