From: Casey Schaufler <casey@schaufler-ca.com>
To: Paul Moore <paul@paul-moore.com>
Cc: casey.schaufler@intel.com, linux-audit@redhat.com
Subject: Re: [PATCH v15 20/23] Audit: Add subj_LSM fields when necessary
Date: Mon, 9 Mar 2020 18:25:45 -0700 [thread overview]
Message-ID: <f13ce474-4e96-3132-69da-6438a341d254@schaufler-ca.com> (raw)
In-Reply-To: <CAHC9VhQ+zmB8zxYz0_jfk1SHkkYjUcDpHw1FzKH8G7GkenpH0g@mail.gmail.com>
On 3/6/2020 6:24 PM, Paul Moore wrote:
> On Fri, Feb 21, 2020 at 7:06 PM Casey Schaufler <casey@schaufler-ca.com> wrote:
>> Add record entries to identify subject data for all of the
>> security modules when there is more than one.
>>
>> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
>> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
>> Cc: netdev@vger.kernel.org
>> Cc: linux-audit@redhat.com
>> ---
>> drivers/android/binder.c | 2 +-
>> include/linux/audit.h | 1 +
>> include/linux/security.h | 9 ++++-
>> include/net/scm.h | 3 +-
>> kernel/audit.c | 40 ++++++++++++++++++-
>> kernel/audit_fsnotify.c | 1 +
>> kernel/auditfilter.c | 1 +
>> kernel/auditsc.c | 10 +++--
>> net/ipv4/ip_sockglue.c | 2 +-
>> net/netfilter/nf_conntrack_netlink.c | 4 +-
>> net/netfilter/nf_conntrack_standalone.c | 2 +-
>> net/netfilter/nfnetlink_queue.c | 2 +-
>> net/netlabel/netlabel_unlabeled.c | 11 ++++--
>> net/netlabel/netlabel_user.c | 2 +-
>> net/xfrm/xfrm_policy.c | 2 +
>> net/xfrm/xfrm_state.c | 2 +
>> security/integrity/ima/ima_api.c | 1 +
>> security/integrity/integrity_audit.c | 1 +
>> security/security.c | 51 +++++++++++++++++++++++--
>> 19 files changed, 124 insertions(+), 23 deletions(-)
> ...
>
>> diff --git a/kernel/audit.c b/kernel/audit.c
>> index a25097cfe623..c3a1d8d2d33c 100644
>> --- a/kernel/audit.c
>> +++ b/kernel/audit.c
>> @@ -2054,6 +2061,33 @@ void audit_log_key(struct audit_buffer *ab, char *key)
>> audit_log_format(ab, "(null)");
>> }
>>
>> +void audit_log_task_lsms(struct audit_buffer *ab)
>> +{
>> + int i;
>> + const char *lsm;
>> + struct lsmblob blob;
>> + struct lsmcontext context;
>> +
>> + /*
>> + * Don't do anything unless there is more than one LSM
>> + * with a security context to report.
>> + */
>> + if (security_lsm_slot_name(1) == NULL)
>> + return;
>> +
>> + security_task_getsecid(current, &blob);
>> +
>> + for (i = 0; i < LSMBLOB_ENTRIES; i++) {
>> + lsm = security_lsm_slot_name(i);
>> + if (lsm == NULL)
>> + break;
>> + if (security_secid_to_secctx(&blob, &context, i))
>> + continue;
>> + audit_log_format(ab, " subj_%s=%s", lsm, context.context);
>> + security_release_secctx(&context);
>> + }
>> +}
>> +
>> int audit_log_task_context(struct audit_buffer *ab)
>> {
>> int error;
>> @@ -2064,7 +2098,7 @@ int audit_log_task_context(struct audit_buffer *ab)
>> if (!lsmblob_is_set(&blob))
>> return 0;
>>
>> - error = security_secid_to_secctx(&blob, &context);
>> + error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST);
>> if (error) {
>> if (error != -EINVAL)
>> goto error_path;
> Sorry, please disregard my previous ACK.
:(
> We should treat "subj=" similar to how we treat "obj="; if there is
> more than one LSM loaded the "subj=" should be set to "?" with the
> "subj_XXX=" set to the appropriate label for the named LSM. This
> patch looks like it is always using LSMBLOB_FIRST and not "?" when
> multiple LSMs are present.
I'm fine with that, although I could see someone suggesting that
would constitute breaking backward compatibility.
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
next prev parent reply other threads:[~2020-03-10 1:26 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200222000407.110158-1-casey.ref@schaufler-ca.com>
2020-02-22 0:03 ` [PATCH v15 00/23] LSM: Module stacking for AppArmor Casey Schaufler
2020-02-22 0:03 ` Casey Schaufler
2020-02-22 0:03 ` [PATCH v15 01/23] LSM: Infrastructure management of the sock security Casey Schaufler
2020-02-22 0:03 ` Casey Schaufler
2020-02-22 0:03 ` [PATCH v15 02/23] LSM: Create and manage the lsmblob data structure Casey Schaufler
2020-02-22 0:03 ` Casey Schaufler
2020-03-06 20:55 ` Paul Moore
2020-02-22 0:03 ` [PATCH v15 03/23] LSM: Use lsmblob in security_audit_rule_match Casey Schaufler
2020-02-22 0:03 ` Casey Schaufler
2020-03-06 22:01 ` Paul Moore
2020-03-09 23:58 ` Casey Schaufler
2020-03-10 0:55 ` Paul Moore
2020-02-22 0:03 ` [PATCH v15 07/23] LSM: Use lsmblob in security_secid_to_secctx Casey Schaufler
2020-02-22 0:03 ` Casey Schaufler
2020-03-07 1:17 ` Paul Moore
2020-02-22 0:03 ` [PATCH v15 08/23] LSM: Use lsmblob in security_ipc_getsecid Casey Schaufler
2020-02-22 0:03 ` Casey Schaufler
2020-03-07 1:21 ` Paul Moore
2020-02-22 0:04 ` [PATCH v15 09/23] LSM: Use lsmblob in security_task_getsecid Casey Schaufler
2020-02-22 0:04 ` Casey Schaufler
2020-02-22 0:04 ` [PATCH v15 10/23] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler
2020-02-22 0:04 ` Casey Schaufler
2020-02-22 0:04 ` [PATCH v15 11/23] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
2020-02-22 0:04 ` Casey Schaufler
2020-03-07 1:36 ` Paul Moore
2020-02-22 0:04 ` [PATCH v15 12/23] IMA: Change internal interfaces to use lsmblobs Casey Schaufler
2020-02-22 0:04 ` Casey Schaufler
2020-02-22 0:04 ` [PATCH v15 14/23] LSM: Ensure the correct LSM context releaser Casey Schaufler
2020-02-22 0:04 ` Casey Schaufler
2020-02-22 0:04 ` [PATCH v15 15/23] LSM: Use lsmcontext in security_secid_to_secctx Casey Schaufler
2020-02-22 0:04 ` Casey Schaufler
2020-03-07 2:01 ` Paul Moore
2020-02-22 0:04 ` [PATCH v15 20/23] Audit: Add subj_LSM fields when necessary Casey Schaufler
2020-02-22 0:04 ` Casey Schaufler
2020-03-07 2:18 ` Paul Moore
2020-03-07 2:24 ` Paul Moore
2020-03-10 1:25 ` Casey Schaufler [this message]
2020-03-10 21:46 ` Paul Moore
2020-02-22 0:04 ` [PATCH v15 21/23] Audit: Include object data for all security modules Casey Schaufler
2020-02-22 0:04 ` Casey Schaufler
2020-03-07 2:31 ` Paul Moore
2020-03-09 17:45 ` Casey Schaufler
2020-03-09 17:59 ` Paul Moore
2020-03-09 23:01 ` Casey Schaufler
2020-03-10 21:42 ` Paul Moore
2020-02-27 17:29 ` [PATCH v15 00/23] LSM: Module stacking for AppArmor Casey Schaufler
2020-03-03 17:22 ` Casey Schaufler
2020-03-03 17:54 ` Paul Moore
2020-03-03 17:58 ` Casey Schaufler
2020-03-06 17:14 ` Steve Grubb
2020-03-09 17:15 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f13ce474-4e96-3132-69da-6438a341d254@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=casey.schaufler@intel.com \
--cc=linux-audit@redhat.com \
--cc=paul@paul-moore.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).