* lsm-stacking: fix broken lsm audit
@ 2021-08-06 7:02 Dmitry Mastykin
2021-08-06 7:02 ` [PATCH 1/3] security/security: remove extra address-of in hook.audit_rule_match call Dmitry Mastykin
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Dmitry Mastykin @ 2021-08-06 7:02 UTC (permalink / raw)
To: casey, linux-security-module; +Cc: dmastykin, akovalenko
Hello,
These patches address the problem of not processing LSM audit rules.
Problem was introduced in lsm stacking series.
These patches are for cschaufler/lsm-stacking repository branch stack-5.10-rc4-v23
Some UBUNTU distributions have also this problem.
Kind regards,
Dmitry Mastykin
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/3] security/security: remove extra address-of in hook.audit_rule_match call
2021-08-06 7:02 lsm-stacking: fix broken lsm audit Dmitry Mastykin
@ 2021-08-06 7:02 ` Dmitry Mastykin
2021-08-06 7:02 ` [PATCH 2/3] security/security: get rid of a duplicated condition Dmitry Mastykin
` (2 subsequent siblings)
3 siblings, 0 replies; 7+ messages in thread
From: Dmitry Mastykin @ 2021-08-06 7:02 UTC (permalink / raw)
To: casey, linux-security-module; +Cc: dmastykin, akovalenko
Wrong address was passed to audit_rule_match hooks instead of
rule's address.
Signed-off-by: Dmitry Mastykin <dmastykin@astralinux.ru>
---
security/security.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/security.c b/security/security.c
index e33c8ccc06a0..fd14064e9106 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2934,7 +2934,7 @@ int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op,
continue;
rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot],
field, op,
- &lsmrule[hp->lsmid->slot]);
+ lsmrule[hp->lsmid->slot]);
if (rc)
return rc;
}
--
2.11.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/3] security/security: get rid of a duplicated condition
2021-08-06 7:02 lsm-stacking: fix broken lsm audit Dmitry Mastykin
2021-08-06 7:02 ` [PATCH 1/3] security/security: remove extra address-of in hook.audit_rule_match call Dmitry Mastykin
@ 2021-08-06 7:02 ` Dmitry Mastykin
2021-08-06 7:02 ` [PATCH 3/3] kernel/auditsc: use correct blob for files in security_audit_rule_match call Dmitry Mastykin
2021-08-06 20:01 ` lsm-stacking: fix broken lsm audit Casey Schaufler
3 siblings, 0 replies; 7+ messages in thread
From: Dmitry Mastykin @ 2021-08-06 7:02 UTC (permalink / raw)
To: casey, linux-security-module; +Cc: dmastykin, akovalenko
Just remove a typo: the same if() was duplicated.
Signed-off-by: Dmitry Mastykin <dmastykin@astralinux.ru>
---
security/security.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/security/security.c b/security/security.c
index fd14064e9106..1ab6f56a93b6 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2930,8 +2930,6 @@ int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op,
continue;
if (lsmrule[hp->lsmid->slot] == NULL)
continue;
- if (lsmrule[hp->lsmid->slot] == NULL)
- continue;
rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot],
field, op,
lsmrule[hp->lsmid->slot]);
--
2.11.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 3/3] kernel/auditsc: use correct blob for files in security_audit_rule_match call
2021-08-06 7:02 lsm-stacking: fix broken lsm audit Dmitry Mastykin
2021-08-06 7:02 ` [PATCH 1/3] security/security: remove extra address-of in hook.audit_rule_match call Dmitry Mastykin
2021-08-06 7:02 ` [PATCH 2/3] security/security: get rid of a duplicated condition Dmitry Mastykin
@ 2021-08-06 7:02 ` Dmitry Mastykin
2021-08-06 20:01 ` lsm-stacking: fix broken lsm audit Casey Schaufler
3 siblings, 0 replies; 7+ messages in thread
From: Dmitry Mastykin @ 2021-08-06 7:02 UTC (permalink / raw)
To: casey, linux-security-module; +Cc: dmastykin, akovalenko
File audit didn't work. Uninitialized local structure was passed
to security_audit_rule_match instead of audit_names oblob.
Signed-off-by: Dmitry Mastykin <dmastykin@astralinux.ru>
---
kernel/auditsc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index c314533dd220..3b1afdb5cda4 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -689,14 +689,14 @@ static int audit_filter_rules(struct task_struct *tsk,
/* Find files that match */
if (name) {
result = security_audit_rule_match(
- &blob,
+ &name->oblob,
f->type,
f->op,
f->lsm_rules);
} else if (ctx) {
list_for_each_entry(n, &ctx->names_list, list) {
if (security_audit_rule_match(
- &blob,
+ &n->oblob,
f->type,
f->op,
f->lsm_rules)) {
--
2.11.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: lsm-stacking: fix broken lsm audit
2021-08-06 7:02 lsm-stacking: fix broken lsm audit Dmitry Mastykin
` (2 preceding siblings ...)
2021-08-06 7:02 ` [PATCH 3/3] kernel/auditsc: use correct blob for files in security_audit_rule_match call Dmitry Mastykin
@ 2021-08-06 20:01 ` Casey Schaufler
2021-10-25 8:17 ` Dmitry Mastykin
3 siblings, 1 reply; 7+ messages in thread
From: Casey Schaufler @ 2021-08-06 20:01 UTC (permalink / raw)
To: Dmitry Mastykin, linux-security-module; +Cc: akovalenko, Casey Schaufler
On 8/6/2021 12:02 AM, Dmitry Mastykin wrote:
> Hello,
> These patches address the problem of not processing LSM audit rules.
> Problem was introduced in lsm stacking series.
Thank you. I will incorporate these changes in v29.
> These patches are for cschaufler/lsm-stacking repository branch stack-5.10-rc4-v23
> Some UBUNTU distributions have also this problem.
>
> Kind regards,
> Dmitry Mastykin
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: lsm-stacking: fix broken lsm audit
2021-08-06 20:01 ` lsm-stacking: fix broken lsm audit Casey Schaufler
@ 2021-10-25 8:17 ` Dmitry Mastykin
2021-10-25 15:01 ` Casey Schaufler
0 siblings, 1 reply; 7+ messages in thread
From: Dmitry Mastykin @ 2021-10-25 8:17 UTC (permalink / raw)
To: Casey Schaufler, linux-security-module; +Cc: akovalenko
Hello Casey,
> On 8/6/21 11:01 PM, Casey Schaufler wrote:
>> On 8/6/2021 12:02 AM, Dmitry Mastykin wrote:
>> Hello,
>> These patches address the problem of not processing LSM audit rules.
>> Problem was introduced in lsm stacking series.
>
> Thank you. I will incorporate these changes in v29.
>
thank you for the v29.
I think the following fix is still required:
---
security/security.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/security.c b/security/security.c
index e33c8ccc06a0..fd14064e9106 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2934,7 +2934,7 @@ int security_audit_rule_match(struct lsmblob
*blob, u32 field, u32 op,
continue;
rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot],
field, op,
- &lsmrule[hp->lsmid->slot]);
+ lsmrule[hp->lsmid->slot]);
if (rc)
return rc;
}
Kind regards,
Dmitry Mastykin
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: lsm-stacking: fix broken lsm audit
2021-10-25 8:17 ` Dmitry Mastykin
@ 2021-10-25 15:01 ` Casey Schaufler
0 siblings, 0 replies; 7+ messages in thread
From: Casey Schaufler @ 2021-10-25 15:01 UTC (permalink / raw)
To: Dmitry Mastykin, linux-security-module; +Cc: akovalenko, Casey Schaufler
On 10/25/2021 1:17 AM, Dmitry Mastykin wrote:
> Hello Casey,
>
> > On 8/6/21 11:01 PM, Casey Schaufler wrote:
>>> On 8/6/2021 12:02 AM, Dmitry Mastykin wrote:
>>> Hello,
>>> These patches address the problem of not processing LSM audit rules.
>>> Problem was introduced in lsm stacking series.
>>
>> Thank you. I will incorporate these changes in v29.
>>
> thank you for the v29.
> I think the following fix is still required:
>
> ---
> security/security.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/security.c b/security/security.c
> index e33c8ccc06a0..fd14064e9106 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -2934,7 +2934,7 @@ int security_audit_rule_match(struct lsmblob *blob, u32 field, u32 op,
> continue;
> rc = hp->hook.audit_rule_match(blob->secid[hp->lsmid->slot],
> field, op,
> - &lsmrule[hp->lsmid->slot]);
> + lsmrule[hp->lsmid->slot]);
The code has the correct indirection as written. With your change
it dies horribly. The interface is not very attractive.
> if (rc)
> return rc;
> }
>
>
> Kind regards,
> Dmitry Mastykin
>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-10-25 15:01 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-06 7:02 lsm-stacking: fix broken lsm audit Dmitry Mastykin
2021-08-06 7:02 ` [PATCH 1/3] security/security: remove extra address-of in hook.audit_rule_match call Dmitry Mastykin
2021-08-06 7:02 ` [PATCH 2/3] security/security: get rid of a duplicated condition Dmitry Mastykin
2021-08-06 7:02 ` [PATCH 3/3] kernel/auditsc: use correct blob for files in security_audit_rule_match call Dmitry Mastykin
2021-08-06 20:01 ` lsm-stacking: fix broken lsm audit Casey Schaufler
2021-10-25 8:17 ` Dmitry Mastykin
2021-10-25 15:01 ` Casey Schaufler
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.