From: Elena Reshetova <elena.reshetova@intel.com>
To: kernel-hardening@lists.openwall.com
Cc: linux-security-module@vger.kernel.org, keescook@chromium.org,
spender@grsecurity.net, jmorris@namei.org,
casey.schaufler@intel.com, michael.leibowitz@intel.com,
william.c.roberts@intel.com,
Elena Reshetova <elena.reshetova@intel.com>
Subject: [kernel-hardening] [RFC] [PATCH 2/5] task_unshare LSM hook
Date: Fri, 29 Jul 2016 10:34:37 +0300 [thread overview]
Message-ID: <1469777680-3687-3-git-send-email-elena.reshetova@intel.com> (raw)
In-Reply-To: <1469777680-3687-1-git-send-email-elena.reshetova@intel.com>
This adds a new security_task_unshare() LSM hook.
It can be used by LSMs concerned about unshare
system call.
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
---
include/linux/lsm_hooks.h | 14 ++++++++++++++
include/linux/security.h | 5 +++++
kernel/fork.c | 5 +++++
security/security.c | 11 +++++++++++
4 files changed, 35 insertions(+)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 25164b6..e8b839e 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -667,6 +667,14 @@
* security attributes, e.g. for /proc/pid inodes.
* @p contains the task_struct for the task.
* @inode contains the inode structure for the inode.
+ * @task_unshare:
+ * Check if process is allowed to unshare its namespaces
+ * @unshare_flags flags
+ * @new_fs contains the new fs_struct if created.
+ * @new_fd contains the new files_struct if created.
+ * @new_creds contains the new cred if created.
+ * @new_nsproxy contains the new nsproxy if created.
+ * Return 0 if permission is granted.
*
* Security hooks for Netlink messaging.
*
@@ -1489,6 +1497,11 @@ union security_list_options {
int (*task_prctl)(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5);
void (*task_to_inode)(struct task_struct *p, struct inode *inode);
+ int (*task_unshare)(unsigned long unshare_flags,
+ const struct fs_struct *new_fs,
+ const struct files_struct *new_fd,
+ const struct cred *new_cred,
+ const struct nsproxy *new_nsproxy);
int (*ipc_permission)(struct kern_ipc_perm *ipcp, short flag);
void (*ipc_getsecid)(struct kern_ipc_perm *ipcp, u32 *secid);
@@ -1748,6 +1761,7 @@ struct security_hook_heads {
struct list_head task_wait;
struct list_head task_prctl;
struct list_head task_to_inode;
+ struct list_head task_unshare;
struct list_head ipc_permission;
struct list_head ipc_getsecid;
struct list_head msg_msg_alloc_security;
diff --git a/include/linux/security.h b/include/linux/security.h
index 6745c06..6f935dc 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -331,6 +331,11 @@ int security_task_wait(struct task_struct *p);
int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5);
void security_task_to_inode(struct task_struct *p, struct inode *inode);
+int security_task_unshare(unsigned long unshare_flags,
+ const struct fs_struct *new_fs,
+ const struct files_struct *new_fd,
+ const struct cred *new_cred,
+ const struct nsproxy *new_nsproxy);
int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag);
void security_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid);
int security_msg_msg_alloc(struct msg_msg *msg);
diff --git a/kernel/fork.c b/kernel/fork.c
index 4a7ec0c..24cfd66 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -2052,6 +2052,11 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
if (err)
goto bad_unshare_cleanup_cred;
+ err = security_task_unshare(unshare_flags, new_fs, new_fd,
+ new_cred, new_nsproxy);
+ if (err)
+ goto bad_unshare_cleanup_cred;
+
if (new_fs || new_fd || do_sysvsem || new_cred || new_nsproxy) {
if (do_sysvsem) {
/*
diff --git a/security/security.c b/security/security.c
index cd82276..0e9544c 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1020,6 +1020,16 @@ void security_task_to_inode(struct task_struct *p, struct inode *inode)
call_void_hook(task_to_inode, p, inode);
}
+int security_task_unshare(unsigned long unshare_flags,
+ const struct fs_struct *new_fs,
+ const struct files_struct *new_fd,
+ const struct cred *new_cred,
+ const struct nsproxy *new_nsproxy)
+{
+ return call_int_hook(task_unshare, 0, unshare_flags, new_fs,
+ new_fd, new_cred, new_nsproxy);
+}
+
int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
{
return call_int_hook(ipc_permission, 0, ipcp, flag);
@@ -1736,6 +1746,7 @@ struct security_hook_heads security_hook_heads = {
.task_prctl = LIST_HEAD_INIT(security_hook_heads.task_prctl),
.task_to_inode =
LIST_HEAD_INIT(security_hook_heads.task_to_inode),
+ .task_unshare = LIST_HEAD_INIT(security_hook_heads.task_unshare),
.ipc_permission =
LIST_HEAD_INIT(security_hook_heads.ipc_permission),
.ipc_getsecid = LIST_HEAD_INIT(security_hook_heads.ipc_getsecid),
--
1.9.1
next prev parent reply other threads:[~2016-07-29 7:34 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-29 7:34 [kernel-hardening] [RFC] [PATCH 0/5] Hardchroot LSM + additional hooks Elena Reshetova
2016-07-29 7:34 ` [kernel-hardening] [RFC] [PATCH 1/5] path_fchdir and path_fhandle LSM hooks Elena Reshetova
2016-07-29 18:12 ` Jann Horn
2016-07-31 10:55 ` Reshetova, Elena
2016-07-31 12:02 ` Jann Horn
2016-07-31 18:28 ` Reshetova, Elena
2016-07-31 21:23 ` Jann Horn
2016-08-01 8:38 ` Reshetova, Elena
2016-07-29 7:34 ` Elena Reshetova [this message]
2016-07-29 17:58 ` [kernel-hardening] [RFC] [PATCH 2/5] task_unshare LSM hook Jann Horn
2016-07-29 18:17 ` Reshetova, Elena
2016-07-29 7:34 ` [kernel-hardening] [RFC] [PATCH 3/5] sb_unsharefs " Elena Reshetova
2016-07-29 18:02 ` Jann Horn
2016-07-29 18:09 ` Reshetova, Elena
2016-07-29 18:15 ` Jann Horn
2016-07-29 18:19 ` Reshetova, Elena
2016-07-29 7:34 ` [kernel-hardening] [RFC] [PATCH 4/5] invoke path_chroot() LSM hook on mntns_install() Elena Reshetova
2016-07-29 18:11 ` Jann Horn
2016-07-31 10:39 ` Reshetova, Elena
2016-07-31 11:29 ` Jann Horn
2016-08-01 9:26 ` Reshetova, Elena
2016-07-29 7:34 ` [kernel-hardening] [RFC] [PATCH 5/5] Hardchroot LSM Elena Reshetova
2016-07-29 11:44 ` [kernel-hardening] " Brad Spengler
2016-07-29 12:15 ` [kernel-hardening] " Reshetova, Elena
2016-07-29 12:25 ` Reshetova, Elena
2016-07-29 18:53 ` [kernel-hardening] " Jann Horn
2016-07-29 19:20 ` Casey Schaufler
2016-07-29 20:53 ` Jann Horn
2016-07-29 21:10 ` Casey Schaufler
2016-07-29 21:50 ` Jann Horn
2016-07-30 6:10 ` Reshetova, Elena
2016-08-03 6:36 ` [kernel-hardening] Re: [RFC] [PATCH 0/5] Hardchroot LSM + additional hooks James Morris
2016-08-05 7:53 ` [kernel-hardening] " Reshetova, Elena
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1469777680-3687-3-git-send-email-elena.reshetova@intel.com \
--to=elena.reshetova@intel.com \
--cc=casey.schaufler@intel.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-security-module@vger.kernel.org \
--cc=michael.leibowitz@intel.com \
--cc=spender@grsecurity.net \
--cc=william.c.roberts@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.