From: Salvatore Mesoraca <s.mesoraca16@gmail.com>
To: James Morris <jmorris@namei.org>
Cc: casey@schaufler-ca.com, mic@digikod.net,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, selinux@tycho.nsa.gov,
john.johansen@canonical.com, keescook@chromium.org,
penguin-kernel@i-love.sakura.ne.jp, paul@paul-moore.com,
sds@tycho.nsa.gov, linux-fsdevel@vger.kernel.org,
adobriyan@gmail.com, casey.schaufler@intel.com
Subject: Re: [PATCH v2 00/10] LSM: Module stacking in support of S.A.R.A and Landlock
Date: Sun, 16 Sep 2018 18:54:09 +0200 [thread overview]
Message-ID: <CAJHCu1+Nja-XqfFKdxu2hDcUBzgvvjcf42yeGnUuVY3wsrZfSQ@mail.gmail.com> (raw)
In-Reply-To: <alpine.LRH.2.21.1809130727310.19741@namei.org>
On Wed, 12 Sep 2018, James Morris <jmorris@namei.org> wrote:
> Adding the SARA and LandLock authors for review & comment.
>
> Salvatore & Mickaël: does this patchset meet your needs for merging to
> mainline?
Since the last time I submitted the patch to the ML, it grew a bit: now it needs
inode's blob stacking (which is already included for Landlock) and
kern_ipc_perm's
blob stacking.
The last one isn't implemented in this patchset, but it isn't
absolutely necessary.
I can merge a version of SARA that doesn't need it and than update it
when possible.
I can provide the same level of protection without using kern_ipc_perm
blob, I'm using it
just to minimize some potential side effects.
>
> On Tue, 11 Sep 2018, Casey Schaufler wrote:
>
> > LSM: Module stacking in support of S.A.R.A and Landlock
> >
> > v2: Reduce the patchset to what is required to support
> > the proposed S.A.R.A. and LandLock security modules
> >
> > The S.A.R.A. security module is intended to be used
> > in conjunction with other security modules. It requires
> > state to be maintained for the credential, which
> > in turn requires a mechanism for sharing the credential
> > security blob. The module also requires mechanism for
> > user space manipulation of the credential information,
> > hence an additional subdirectory in /proc/.../attr.
> >
> > The LandLock security module provides user configurable
> > policy in the secmark mechanism. It requires data in
> > the credential, file and inode security blobs. For this
> > to be used along side the existing "major" security
> > modules mechanism for sharing these blobs is provided.
> >
> > A side effect of providing sharing of the crendential
> > security blob is that the TOMOYO module can be used at
> > the same time as the other "major" modules.
> >
> > The mechanism for configuring which security modules are
> > enabled has to change when stacking in enabled. Any
> > module that uses just the security blobs that are shared
> > can be selected. Additionally, one other "major" module
> > can be selected.
> >
> > The security module stacking issues around networking and
> > IPC are not addressed here as they are beyond what is
> > required for TOMOYO, S.A.R.A and LandLock.
> >
> > git://github.com/cschaufler/lsm-stacking.git#stacking-4.19-rc2-saralock
> >
> > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> > ---
> > Documentation/admin-guide/LSM/index.rst | 23 ++-
> > fs/proc/base.c | 64 ++++++-
> > fs/proc/internal.h | 1 +
> > include/linux/lsm_hooks.h | 20 ++-
> > include/linux/security.h | 15 +-
> > kernel/cred.c | 13 --
> > security/Kconfig | 92 ++++++++++
> > security/apparmor/domain.c | 2 +-
> > security/apparmor/include/cred.h | 24 ++-
> > security/apparmor/include/file.h | 9 +-
> > security/apparmor/include/lib.h | 4 +
> > security/apparmor/lsm.c | 53 ++++--
> > security/apparmor/task.c | 6 +-
> > security/security.c | 293 ++++++++++++++++++++++++++++++--
> > security/selinux/hooks.c | 215 ++++++++---------------
> > security/selinux/include/objsec.h | 37 +++-
> > security/selinux/selinuxfs.c | 5 +-
> > security/selinux/xfrm.c | 4 +-
> > security/smack/smack.h | 42 ++++-
> > security/smack/smack_access.c | 4 +-
> > security/smack/smack_lsm.c | 283 +++++++++++-------------------
> > security/smack/smackfs.c | 18 +-
> > security/tomoyo/common.h | 31 +++-
> > security/tomoyo/domain.c | 4 +-
> > security/tomoyo/securityfs_if.c | 15 +-
> > security/tomoyo/tomoyo.c | 57 +++++--
> > 26 files changed, 899 insertions(+), 435 deletions(-)
> >
>
> --
> James Morris
> <jmorris@namei.org>
WARNING: multiple messages have this Message-ID (diff)
From: s.mesoraca16@gmail.com (Salvatore Mesoraca)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v2 00/10] LSM: Module stacking in support of S.A.R.A and Landlock
Date: Sun, 16 Sep 2018 18:54:09 +0200 [thread overview]
Message-ID: <CAJHCu1+Nja-XqfFKdxu2hDcUBzgvvjcf42yeGnUuVY3wsrZfSQ@mail.gmail.com> (raw)
In-Reply-To: <alpine.LRH.2.21.1809130727310.19741@namei.org>
On Wed, 12 Sep 2018, James Morris <jmorris@namei.org> wrote:
> Adding the SARA and LandLock authors for review & comment.
>
> Salvatore & Micka?l: does this patchset meet your needs for merging to
> mainline?
Since the last time I submitted the patch to the ML, it grew a bit: now it needs
inode's blob stacking (which is already included for Landlock) and
kern_ipc_perm's
blob stacking.
The last one isn't implemented in this patchset, but it isn't
absolutely necessary.
I can merge a version of SARA that doesn't need it and than update it
when possible.
I can provide the same level of protection without using kern_ipc_perm
blob, I'm using it
just to minimize some potential side effects.
>
> On Tue, 11 Sep 2018, Casey Schaufler wrote:
>
> > LSM: Module stacking in support of S.A.R.A and Landlock
> >
> > v2: Reduce the patchset to what is required to support
> > the proposed S.A.R.A. and LandLock security modules
> >
> > The S.A.R.A. security module is intended to be used
> > in conjunction with other security modules. It requires
> > state to be maintained for the credential, which
> > in turn requires a mechanism for sharing the credential
> > security blob. The module also requires mechanism for
> > user space manipulation of the credential information,
> > hence an additional subdirectory in /proc/.../attr.
> >
> > The LandLock security module provides user configurable
> > policy in the secmark mechanism. It requires data in
> > the credential, file and inode security blobs. For this
> > to be used along side the existing "major" security
> > modules mechanism for sharing these blobs is provided.
> >
> > A side effect of providing sharing of the crendential
> > security blob is that the TOMOYO module can be used at
> > the same time as the other "major" modules.
> >
> > The mechanism for configuring which security modules are
> > enabled has to change when stacking in enabled. Any
> > module that uses just the security blobs that are shared
> > can be selected. Additionally, one other "major" module
> > can be selected.
> >
> > The security module stacking issues around networking and
> > IPC are not addressed here as they are beyond what is
> > required for TOMOYO, S.A.R.A and LandLock.
> >
> > git://github.com/cschaufler/lsm-stacking.git#stacking-4.19-rc2-saralock
> >
> > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> > ---
> > Documentation/admin-guide/LSM/index.rst | 23 ++-
> > fs/proc/base.c | 64 ++++++-
> > fs/proc/internal.h | 1 +
> > include/linux/lsm_hooks.h | 20 ++-
> > include/linux/security.h | 15 +-
> > kernel/cred.c | 13 --
> > security/Kconfig | 92 ++++++++++
> > security/apparmor/domain.c | 2 +-
> > security/apparmor/include/cred.h | 24 ++-
> > security/apparmor/include/file.h | 9 +-
> > security/apparmor/include/lib.h | 4 +
> > security/apparmor/lsm.c | 53 ++++--
> > security/apparmor/task.c | 6 +-
> > security/security.c | 293 ++++++++++++++++++++++++++++++--
> > security/selinux/hooks.c | 215 ++++++++---------------
> > security/selinux/include/objsec.h | 37 +++-
> > security/selinux/selinuxfs.c | 5 +-
> > security/selinux/xfrm.c | 4 +-
> > security/smack/smack.h | 42 ++++-
> > security/smack/smack_access.c | 4 +-
> > security/smack/smack_lsm.c | 283 +++++++++++-------------------
> > security/smack/smackfs.c | 18 +-
> > security/tomoyo/common.h | 31 +++-
> > security/tomoyo/domain.c | 4 +-
> > security/tomoyo/securityfs_if.c | 15 +-
> > security/tomoyo/tomoyo.c | 57 +++++--
> > 26 files changed, 899 insertions(+), 435 deletions(-)
> >
>
> --
> James Morris
> <jmorris@namei.org>
next prev parent reply other threads:[~2018-09-16 16:54 UTC|newest]
Thread overview: 117+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-11 16:26 [PATCH v2 00/10] LSM: Module stacking in support of S.A.R.A and Landlock Casey Schaufler
2018-09-11 16:26 ` Casey Schaufler
2018-09-11 16:41 ` [PATCH 01/10] procfs: add smack subdir to attrs Casey Schaufler
2018-09-11 16:41 ` Casey Schaufler
2018-09-11 23:45 ` Ahmed S. Darwish
2018-09-11 23:45 ` Ahmed S. Darwish
2018-09-12 0:01 ` Casey Schaufler
2018-09-12 0:01 ` Casey Schaufler
2018-09-12 22:57 ` Kees Cook
2018-09-12 22:57 ` Kees Cook
2018-09-11 16:41 ` [PATCH 02/10] Smack: Abstract use of cred security blob Casey Schaufler
2018-09-11 16:41 ` Casey Schaufler
2018-09-12 23:04 ` Kees Cook
2018-09-12 23:04 ` Kees Cook
2018-09-11 16:41 ` [PATCH 03/10] SELinux: " Casey Schaufler
2018-09-11 16:41 ` Casey Schaufler
2018-09-12 23:10 ` Kees Cook
2018-09-12 23:10 ` Kees Cook
2018-09-11 16:41 ` [PATCH 04/10] LSM: Infrastructure management of the " Casey Schaufler
2018-09-11 16:41 ` Casey Schaufler
2018-09-12 23:53 ` Kees Cook
2018-09-12 23:53 ` Kees Cook
2018-09-13 19:01 ` Casey Schaufler
2018-09-13 19:01 ` Casey Schaufler
2018-09-13 21:12 ` Kees Cook
2018-09-13 21:12 ` Kees Cook
2018-09-11 16:41 ` [PATCH 05/10] SELinux: Abstract use of file " Casey Schaufler
2018-09-11 16:41 ` Casey Schaufler
2018-09-12 23:54 ` Kees Cook
2018-09-12 23:54 ` Kees Cook
2018-09-11 16:42 ` [PATCH 06/10] LSM: Infrastructure management of the " Casey Schaufler
2018-09-11 16:42 ` Casey Schaufler
2018-09-13 0:00 ` Kees Cook
2018-09-13 0:00 ` Kees Cook
2018-09-11 16:42 ` [PATCH 07/10] SELinux: Abstract use of inode " Casey Schaufler
2018-09-11 16:42 ` Casey Schaufler
2018-09-13 0:23 ` Kees Cook
2018-09-13 0:23 ` Kees Cook
2018-09-11 16:42 ` [PATCH 08/10] Smack: " Casey Schaufler
2018-09-11 16:42 ` Casey Schaufler
2018-09-13 0:24 ` Kees Cook
2018-09-13 0:24 ` Kees Cook
2018-09-11 16:42 ` [PATCH 09/10] LSM: Infrastructure management of the inode security Casey Schaufler
2018-09-11 16:42 ` Casey Schaufler
2018-09-13 0:30 ` Kees Cook
2018-09-13 0:30 ` Kees Cook
2018-09-11 16:42 ` [PATCH 10/10] LSM: Blob sharing support for S.A.R.A and LandLock Casey Schaufler
2018-09-11 16:42 ` Casey Schaufler
2018-09-13 4:19 ` Kees Cook
2018-09-13 4:19 ` Kees Cook
2018-09-13 13:16 ` Paul Moore
2018-09-13 13:16 ` Paul Moore
2018-09-13 15:19 ` Kees Cook
2018-09-13 15:19 ` Kees Cook
2018-09-13 19:12 ` Paul Moore
2018-09-13 19:12 ` Paul Moore
2018-09-13 20:58 ` Jordan Glover
2018-09-13 20:58 ` Jordan Glover
2018-09-13 20:58 ` Jordan Glover
2018-09-13 21:50 ` Paul Moore
2018-09-13 21:50 ` Paul Moore
2018-09-13 22:04 ` Jordan Glover
2018-09-13 22:04 ` Jordan Glover
2018-09-13 22:04 ` Jordan Glover
2018-09-13 23:01 ` Casey Schaufler
2018-09-13 23:01 ` Casey Schaufler
2018-09-13 21:01 ` Kees Cook
2018-09-13 21:01 ` Kees Cook
2018-09-13 21:38 ` Paul Moore
2018-09-13 21:38 ` Paul Moore
2018-09-13 21:51 ` Kees Cook
2018-09-13 21:51 ` Kees Cook
2018-09-13 23:06 ` Kees Cook
2018-09-13 23:06 ` Kees Cook
2018-09-13 23:32 ` John Johansen
2018-09-13 23:32 ` John Johansen
2018-09-13 23:51 ` Kees Cook
2018-09-13 23:51 ` Kees Cook
2018-09-14 0:03 ` Casey Schaufler
2018-09-14 0:03 ` Casey Schaufler
2018-09-14 0:06 ` Kees Cook
2018-09-14 0:06 ` Kees Cook
2018-09-13 23:51 ` Casey Schaufler
2018-09-13 23:51 ` Casey Schaufler
2018-09-13 23:57 ` Kees Cook
2018-09-13 23:57 ` Kees Cook
2018-09-14 0:08 ` Casey Schaufler
2018-09-14 0:08 ` Casey Schaufler
2018-09-14 0:19 ` Kees Cook
2018-09-14 0:19 ` Kees Cook
2018-09-14 15:57 ` Casey Schaufler
2018-09-14 15:57 ` Casey Schaufler
2018-09-14 20:05 ` Kees Cook
2018-09-14 20:05 ` Kees Cook
2018-09-14 20:47 ` Casey Schaufler
2018-09-14 20:47 ` Casey Schaufler
2018-09-14 18:18 ` James Morris
2018-09-14 18:18 ` James Morris
2018-09-14 18:23 ` John Johansen
2018-09-14 18:23 ` John Johansen
2018-09-14 0:03 ` Kees Cook
2018-09-14 0:03 ` Kees Cook
2018-09-14 2:42 ` Paul Moore
2018-09-14 2:42 ` Paul Moore
2018-09-11 20:43 ` [PATCH v2 00/10] LSM: Module stacking in support of S.A.R.A and Landlock James Morris
2018-09-11 20:43 ` James Morris
2018-09-12 21:29 ` James Morris
2018-09-12 21:29 ` James Morris
2018-09-16 16:54 ` Salvatore Mesoraca [this message]
2018-09-16 16:54 ` Salvatore Mesoraca
2018-09-16 17:25 ` Casey Schaufler
2018-09-16 17:25 ` Casey Schaufler
2018-09-16 17:45 ` Salvatore Mesoraca
2018-09-16 17:45 ` Salvatore Mesoraca
2018-09-18 7:44 ` Mickaël Salaün
2018-09-18 15:23 ` Casey Schaufler
2018-09-18 15:23 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAJHCu1+Nja-XqfFKdxu2hDcUBzgvvjcf42yeGnUuVY3wsrZfSQ@mail.gmail.com \
--to=s.mesoraca16@gmail.com \
--cc=adobriyan@gmail.com \
--cc=casey.schaufler@intel.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.