Linux-Security-Module Archive on lore.kernel.org
 help / Atom feed
* [PATCH v5 00/38] LSM: Module stacking for SARA and Landlock
@ 2018-11-26 23:22 Casey Schaufler
  2018-11-26 23:26 ` [PATCH v5 01/38] LSM: Introduce LSM_FLAG_LEGACY_MAJOR Casey Schaufler
                   ` (38 more replies)
  0 siblings, 39 replies; 55+ messages in thread
From: Casey Schaufler @ 2018-11-26 23:22 UTC (permalink / raw)
  To: James Morris, LSM, LKLM, SE Linux
  Cc: John Johansen, Kees Cook, Tetsuo Handa, Paul Moore,
	linux-fsdevel, Stephen Smalley, Alexey Dobriyan,
	Mickaël Salaün, Salvatore Mesoraca, Casey Schaufler

v5: Include Kees Cook's rework of the lsm command
    line interface. Stacking is not conditional.
v4: Finer granularity in the patches and other
    cleanups suggested by Kees Cook.
    Removed dead code created by the removal of SELinux
    credential blob poisoning.
v3: Add ipc blob for SARA and task blob for Landlock.
    Removing the SELinux cred blob pointer poisoning
    results selinux_is_enabled() being unused, so it and
    all it's overhead has been removed.
    Broke up the cred infrastructure patch.
v2: Reduce the patchset to what is required to support
    the proposed SARA and LandLock security modules

The SARA security module is intended to be used
in conjunction with other security modules. It requires
state to be maintained for the credential, which
in turn requires a mechanism for sharing the credential
security blob. It also uses the ipc security blob. The
module also requires mechanism for user space manipulation
of the credential information, hence an additional
subdirectory in /proc/.../attr.

The LandLock security module provides user configurable
policy in the secmark mechanism. It requires data in
the credential, file, inode and task security blobs. For
this to be used along side the existing "major" security
modules mechanism for sharing these blobs are provided.

A side effect of providing sharing of the crendential
security blob is that the TOMOYO module can be used at
the same time as the other "major" modules. The "security="
option works as before. A new "lsm=" option allows the
order of module execution to be supplied at boot time.

The security module stacking issues around networking and
IPC are not addressed here as they are beyond what is
required for TOMOYO, SARA and LandLock.

git://github.com/cschaufler/lsm-stacking.git#blob-4.20-rc2

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 Documentation/admin-guide/LSM/index.rst         |  13 +-
 Documentation/admin-guide/kernel-parameters.txt |   4 +
 fs/proc/base.c                                  |  64 ++-
 fs/proc/internal.h                              |   1 +
 include/linux/cred.h                            |   1 -
 include/linux/lsm_hooks.h                       |  40 +-
 include/linux/security.h                        |  15 +-
 include/linux/selinux.h                         |  35 --
 kernel/cred.c                                   |  13 -
 security/Kconfig                                |  41 +-
 security/apparmor/Kconfig                       |  16 -
 security/apparmor/domain.c                      |   2 +-
 security/apparmor/include/cred.h                |  16 +-
 security/apparmor/include/file.h                |   5 +-
 security/apparmor/include/lib.h                 |   4 +
 security/apparmor/include/task.h                |  18 +-
 security/apparmor/lsm.c                         |  65 ++-
 security/apparmor/task.c                        |   6 +-
 security/commoncap.c                            |   9 +-
 security/loadpin/loadpin.c                      |   8 +-
 security/security.c                             | 635 +++++++++++++++++++++---
 security/selinux/Kconfig                        |  15 -
 security/selinux/Makefile                       |   2 +-
 security/selinux/exports.c                      |  23 -
 security/selinux/hooks.c                        | 345 ++++---------
 security/selinux/include/audit.h                |   3 -
 security/selinux/include/objsec.h               |  38 +-
 security/selinux/selinuxfs.c                    |   4 +-
 security/selinux/ss/services.c                  |   1 -
 security/selinux/xfrm.c                         |   4 +-
 security/smack/smack.h                          |  44 +-
 security/smack/smack_access.c                   |   4 +-
 security/smack/smack_lsm.c                      | 316 ++++--------
 security/smack/smackfs.c                        |  18 +-
 security/tomoyo/common.h                        |  22 +-
 security/tomoyo/domain.c                        |   4 +-
 security/tomoyo/securityfs_if.c                 |  15 +-
 security/tomoyo/tomoyo.c                        |  49 +-
 security/yama/yama_lsm.c                        |   8 +-
 39 files changed, 1133 insertions(+), 793 deletions(-)


^ permalink raw reply	[flat|nested] 55+ messages in thread
* [PATCH v5 00/38] LSM: Module stacking for SARA and Landlock
@ 2018-12-11 22:42 Casey Schaufler
  2018-12-11 22:42 ` [PATCH v5 19/38] capability: Initialize as LSM_ORDER_FIRST Casey Schaufler
  0 siblings, 1 reply; 55+ messages in thread
From: Casey Schaufler @ 2018-12-11 22:42 UTC (permalink / raw)
  To: jmorris, linux-security-module, linux-kernel, selinux
  Cc: john.johansen, keescook, penguin-kernel, paul, linux-fsdevel,
	sds, adobriyan, mic, s.mesoraca16, casey

This is a re-send using git-send-email instead of
the (flawwed) manual process.

v5: Include Kees Cook's rework of the lsm command
    line interface.
v4: Finer granularity in the patches and other
    cleanups suggested by Kees Cook.
    Removed dead code created by the removal of SELinux
    credential blob poisoning.
v3: Add ipc blob for SARA and task blob for Landlock.
    Removing the SELinux cred blob pointer poisoning
    results selinux_is_enabled() being unused, so it and
    all it's overhead has been removed.
    Broke up the cred infrastructure patch.
v2: Reduce the patchset to what is required to support
    the proposed SARA and LandLock security modules

The SARA security module is intended to be used
in conjunction with other security modules. It requires
state to be maintained for the credential, which
in turn requires a mechanism for sharing the credential
security blob. It also uses the ipc security blob. The
module also requires mechanism for user space manipulation
of the credential information, hence an additional
subdirectory in /proc/.../attr.

The LandLock security module provides user configurable
policy in the secmark mechanism. It requires data in
the credential, file, inode and task security blobs. For
this to be used along side the existing "major" security
modules mechanism for sharing these blobs are provided.

A side effect of providing sharing of the crendential
security blob is that the TOMOYO module can be used at
the same time as the other "major" modules.

The mechanism for configuring which security modules are
enabled has to change when stacking in enabled. Any
module that uses just the security blobs that are shared
can be selected. Additionally, one other "major" module
can be selected.

The security module stacking issues around networking and
IPC are not addressed here as they are beyond what is
required for TOMOYO, SARA and LandLock.

git://github.com/cschaufler/lsm-stacking.git#blob-4.20-rc2

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 Documentation/admin-guide/LSM/index.rst         |  13 +-
 Documentation/admin-guide/kernel-parameters.txt |   4 +
 fs/proc/base.c                                  |  64 ++-
 fs/proc/internal.h                              |   1 +
 include/linux/cred.h                            |   1 -
 include/linux/lsm_hooks.h                       |  40 +-
 include/linux/security.h                        |  15 +-
 include/linux/selinux.h                         |  35 --
 kernel/cred.c                                   |  13 -
 security/Kconfig                                |  41 +-
 security/apparmor/Kconfig                       |  16 -
 security/apparmor/domain.c                      |   2 +-
 security/apparmor/include/cred.h                |  16 +-
 security/apparmor/include/file.h                |   5 +-
 security/apparmor/include/lib.h                 |   4 +
 security/apparmor/include/task.h                |  18 +-
 security/apparmor/lsm.c                         |  65 ++-
 security/apparmor/task.c                        |   6 +-
 security/commoncap.c                            |   9 +-
 security/loadpin/loadpin.c                      |   8 +-
 security/security.c                             | 635 +++++++++++++++++++++---
 security/selinux/Kconfig                        |  15 -
 security/selinux/Makefile                       |   2 +-
 security/selinux/exports.c                      |  23 -
 security/selinux/hooks.c                        | 345 ++++---------
 security/selinux/include/audit.h                |   3 -
 security/selinux/include/objsec.h               |  38 +-
 security/selinux/selinuxfs.c                    |   4 +-
 security/selinux/ss/services.c                  |   1 -
 security/selinux/xfrm.c                         |   4 +-
 security/smack/smack.h                          |  44 +-
 security/smack/smack_access.c                   |   4 +-
 security/smack/smack_lsm.c                      | 316 ++++--------
 security/smack/smackfs.c                        |  18 +-
 security/tomoyo/common.h                        |  22 +-
 security/tomoyo/domain.c                        |   4 +-
 security/tomoyo/securityfs_if.c                 |  15 +-
 security/tomoyo/tomoyo.c                        |  49 +-
 security/yama/yama_lsm.c                        |   8 +-
 39 files changed, 1133 insertions(+), 793 deletions(-)

^ permalink raw reply	[flat|nested] 55+ messages in thread

end of thread, back to index

Thread overview: 55+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-26 23:22 [PATCH v5 00/38] LSM: Module stacking for SARA and Landlock Casey Schaufler
2018-11-26 23:26 ` [PATCH v5 01/38] LSM: Introduce LSM_FLAG_LEGACY_MAJOR Casey Schaufler
2018-11-27  5:34   ` Kees Cook
2018-11-27 13:51     ` Ondrej Mosnacek
2018-11-27 19:27     ` Casey Schaufler
2018-11-26 23:27 ` [PATCH v5 02/38] LSM: Provide separate ordered initialization Casey Schaufler
2018-11-26 23:28 ` [PATCH v5 03/38] LSM: Plumb visibility into optional "enabled" state Casey Schaufler
2018-11-26 23:29 ` [PATCH v5 04/38] LSM: Lift LSM selection out of individual LSMs Casey Schaufler
2018-11-26 23:30 ` [PATCH v5 05/38] LSM: Build ordered list of LSMs to initialize Casey Schaufler
2018-11-26 23:31 ` [PATCH v5 06/38] LSM: Introduce CONFIG_LSM Casey Schaufler
2018-11-26 23:31 ` [PATCH v5 07/38] LSM: Introduce "lsm=" for boottime LSM selection Casey Schaufler
2018-11-26 23:32 ` [PATCH v5 08/38] LSM: Tie enabling logic to presence in ordered list Casey Schaufler
2018-11-26 23:33 ` [PATCH v5 09/38] LSM: Prepare for reorganizing "security=" logic Casey Schaufler
2018-11-26 23:34 ` [PATCH v5 10/38] LSM: Refactor "security=" in terms of enable/disable Casey Schaufler
2018-11-26 23:34 ` [PATCH v5 11/38] LSM: Separate idea of "major" LSM from "exclusive" LSM Casey Schaufler
2018-11-26 23:35 ` [PATCH v5 12/38] apparmor: Remove SECURITY_APPARMOR_BOOTPARAM_VALUE Casey Schaufler
2018-11-26 23:36 ` [PATCH v5 13/38] selinux: Remove SECURITY_SELINUX_BOOTPARAM_VALUE Casey Schaufler
2018-11-26 23:37 ` [PATCH v5 14/38] LSM: Add all exclusive LSMs to ordered initialization Casey Schaufler
2018-11-26 23:38 ` [PATCH v5 15/38] LSM: Split LSM preparation from initialization Casey Schaufler
2018-11-26 23:39 ` [PATCH v5 16/38] LoadPin: Initialize as ordered LSM Casey Schaufler
2018-11-26 23:39 ` [PATCH v5 17/38] Yama: " Casey Schaufler
2018-11-26 23:40 ` [PATCH v5 18/38] LSM: Introduce enum lsm_order Casey Schaufler
2018-11-26 23:41 ` [PATCH v5 19/38] capability: Initialize as LSM_ORDER_FIRST Casey Schaufler
2018-11-26 23:41 ` [PATCH v5 20/38] procfs: add smack subdir to attrs Casey Schaufler
2018-11-26 23:42 ` [PATCH v5 21/38] Smack: Abstract use of cred security blob Casey Schaufler
2018-11-26 23:43 ` [PATCH v5 22/38] SELinux: " Casey Schaufler
2018-11-26 23:44 ` [PATCH v5 23/38] SELinux: Remove cred security blob poisoning Casey Schaufler
2018-11-26 23:45 ` [PATCH v5 24/38] SELinux: Remove unused selinux_is_enabled Casey Schaufler
2018-11-26 23:45 ` [PATCH v5 25/38] AppArmor: Abstract use of cred security blob Casey Schaufler
2018-11-26 23:46 ` [PATCH v5 26/38] TOMOYO: " Casey Schaufler
2018-11-26 23:47 ` [PATCH v5 27/38] Infrastructure management of the " Casey Schaufler
2018-11-26 23:48 ` [PATCH v5 28/38] SELinux: Abstract use of file " Casey Schaufler
2018-11-26 23:49 ` [PATCH v5 29/38] Smack: " Casey Schaufler
2018-11-26 23:50 ` [PATCH v5 30/38] LSM: Infrastructure management of the file security Casey Schaufler
2018-11-26 23:51 ` [PATCH v5 31/38] SELinux: Abstract use of inode security blob Casey Schaufler
2018-11-26 23:52 ` [PATCH v5 32/38] Smack: " Casey Schaufler
2018-11-26 23:53 ` [PATCH v5 33/38] LSM: Infrastructure management of the inode security Casey Schaufler
2018-11-26 23:53 ` [PATCH v5 34/38] LSM: Infrastructure management of the task security Casey Schaufler
2018-11-26 23:54 ` [PATCH v5 35/38] SELinux: Abstract use of ipc security blobs Casey Schaufler
2018-11-26 23:55 ` [PATCH v5 36/38] Smack: " Casey Schaufler
2018-11-26 23:56 ` [PATCH v5 37/38] LSM: Infrastructure management of the ipc security blob Casey Schaufler
2018-11-26 23:57 ` [PATCH v5 38/38] TOMOYO: Update LSM flags to no longer be exclusive Casey Schaufler
2018-12-05  0:31 ` [PATCH v5 00/38] LSM: Module stacking for SARA and Landlock Kees Cook
2018-12-05  2:37   ` Casey Schaufler
2018-12-05  2:52     ` John Johansen
2018-12-11 18:57   ` James Morris
2018-12-11 21:02     ` Tetsuo Handa
2018-12-12 19:33       ` James Morris
2018-12-11 21:19     ` Kees Cook
2019-01-08  1:29       ` Kees Cook
2019-01-08 21:05         ` James Morris
2019-01-08 21:37           ` Casey Schaufler
2019-01-08 21:42             ` Kees Cook
2019-01-08 23:05               ` Casey Schaufler
2018-12-11 22:42 Casey Schaufler
2018-12-11 22:42 ` [PATCH v5 19/38] capability: Initialize as LSM_ORDER_FIRST Casey Schaufler

Linux-Security-Module Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \
		linux-security-module@vger.kernel.org linux-security-module@archiver.kernel.org
	public-inbox-index linux-security-module


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module


AGPL code for this site: git clone https://public-inbox.org/ public-inbox