From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yb1-f195.google.com ([209.85.219.195]:40093 "EHLO mail-yb1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726810AbeJMDmA (ORCPT ); Fri, 12 Oct 2018 23:42:00 -0400 Received: by mail-yb1-f195.google.com with SMTP id w7-v6so5374233ybm.7 for ; Fri, 12 Oct 2018 13:07:52 -0700 (PDT) Received: from mail-yw1-f44.google.com (mail-yw1-f44.google.com. [209.85.161.44]) by smtp.gmail.com with ESMTPSA id 203-v6sm666154ywb.58.2018.10.12.13.07.48 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 12 Oct 2018 13:07:48 -0700 (PDT) Received: by mail-yw1-f44.google.com with SMTP id e201-v6so5413513ywa.3 for ; Fri, 12 Oct 2018 13:07:48 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: <8010a7d0-c6a0-b327-d5dd-6857d6d42561@schaufler-ca.com> From: Kees Cook Date: Fri, 12 Oct 2018 13:07:46 -0700 Message-ID: Subject: Re: [PATCH 21/19] LSM: Cleanup and fixes from Tetsuo Handa To: Casey Schaufler Cc: LSM , James Morris , SE Linux , LKLM , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= , Salvatore Mesoraca Content-Type: text/plain; charset="UTF-8" Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Mon, Oct 1, 2018 at 2:48 PM, Kees Cook wrote: > On Wed, Sep 26, 2018 at 2:57 PM, Casey Schaufler wrote: >> lsm_early_cred()/lsm_early_task() are called from only __init functions. >> >> lsm_cred_alloc()/lsm_file_alloc() are called from only security/security.c . >> >> lsm_early_inode() should be avoided because it is not appropriate to >> call panic() when lsm_early_inode() is called after __init phase. >> >> Since all free hooks are called when one of init hooks failed, each >> free hook needs to check whether init hook was called. >> >> The original changes are from Tetsuo Handa. I have made minor >> changes in some places, but this is mostly his code. >> >> Signed-off-by: Casey Schaufler >> --- >> include/linux/lsm_hooks.h | 6 ++---- >> security/security.c | 27 ++++----------------------- >> security/selinux/hooks.c | 5 ++++- >> security/selinux/include/objsec.h | 2 ++ >> security/smack/smack_lsm.c | 8 +++++++- >> 5 files changed, 19 insertions(+), 29 deletions(-) > > I've split this across the various commits they touch: > > Infrastructure management of the cred security blob > LSM: Infrastructure management of the file security > LSM: Infrastructure management of the inode security > LSM: Infrastructure management of the task security > LSM: Blob sharing support for S.A.R.A and LandLock > > Based on these changes, I've uploaded the "v4.1", or "Casey is on > vacation", tree here: > https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=lsm/blob-sharing-v4.1 > > I'm going to work on a merged series for the "arbitrary ordering" and > "blob-sharing" trees next... Here is my v6 (v5 plus small fix I noticed) with my refactoring of Casey's blob-sharing series on top: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=lsm/ordering-v6-blob-sharing procfs: add smack subdir to attrs Smack: Abstract use of cred security blob SELinux: Abstract use of cred security blob SELinux: Remove cred security blob poisoning SELinux: Remove unused selinux_is_enabled AppArmor: Abstract use of cred security blob TOMOYO: Abstract use of cred security blob Infrastructure management of the cred security blob SELinux: Abstract use of file security blob Smack: Abstract use of file security blob LSM: Infrastructure management of the file security SELinux: Abstract use of inode security blob Smack: Abstract use of inode security blob LSM: Infrastructure management of the inode security LSM: Infrastructure management of the task security SELinux: Abstract use of ipc security blobs Smack: Abstract use of ipc security blobs LSM: Infrastructure management of the ipc security blob TOMOYO: Update LSM flags to no longer be exclusive Notably, the last patch from Casey's series is entirely removed. Additionally all the per-LSM initialization changes were removed since the blob size calculations now stay internal to security.c, done during the "prepare" phase. -Kees -- Kees Cook Pixel Security