From: Paul Moore <paul@paul-moore.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: selinux@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [GIT PULL] SELinux patches for v5.16
Date: Mon, 1 Nov 2021 19:59:02 -0400 [thread overview]
Message-ID: <CAHC9VhRJ=fHzMHM6tt8JqkZa4bf0h72CAytSX9YrEs14Oaj8SA@mail.gmail.com> (raw)
Hi Linus,
Below is the SELinux pull request for v5.16 with a note about merge
conflicts following the highlight reel (you'll see something similar
on the audit pull request, and hopefully the io_uring and block/dm
trees but I have no idea if they track the LSM/audit work - likely
not).
** Highlights
- Add LSM/SELinux/Smack controls and auditing for io-uring. As usual,
the individual commit descriptions have more detail, but we were
basically missing two things which we're adding here: establishment of
a proper audit context so that auditing of io-uring ops works
similarly to how it does for syscalls (with some io-uring additions
because io-uring ops are *not* syscalls), additional LSM hooks to
enable access control points for some of the more unusual io-uring
features, e.g. credential overrides. The additional audit callouts
and LSM hooks were done in conjunction with the io-uring folks, based
on conversations and RFC patches earlier in the year.
- Fixup the binder credential handling so that the proper credentials
are used in the LSM hooks; the
commit description and the code comment which is removed in these
patches are helpful to understand the background and why this is the
proper fix.
- Enable SELinux genfscon policy support for securityfs, allowing
improved SELinux filesystem labeling for other subsystems which make
use of securityfs, e.g. IMA.
** Merge Notes
- I'm expecting three trees to add new audit record types during this
merge window: SELinux, block/device-mapper, and audit. I've already
talked with the different maintainers and there shouldn't be any
duplicated values, but I expect you will see some merge conflicts in
include/uapi/linux/audit.h; the "correct" values should end up as:
+#define AUDIT_URINGOP 1336 /* io_uring operation */
+#define AUDIT_OPENAT2 1337 /* Record showing openat2 how args */
+#define AUDIT_DM_CTRL 1338 /* Device Mapper target control */
+#define AUDIT_DM_EVENT 1339 /* Device Mapper events */
- Based on your tree from this afternoon you will see a merge conflict
in fs/io-wq.c, but it's just an include collision, the fixup is
trivial.
- Based on your tree from this afternoon you will see a merge conflict
in fs/io_uring.c in the io_op_def struct definition; the fixup is also
pretty easy, just make sure the "audit_skip" field is added to the
struct.
Thanks,
-Paul
--
The following changes since commit 6880fa6c56601bb8ed59df6c30fd390cc5f6dd8f:
Linux 5.15-rc1 (2021-09-12 16:28:37 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git
tags/selinux-pr-20211101
for you to fetch changes up to 15bf32398ad488c0df1cbaf16431422c87e4feea:
security: Return xattr name from security_dentry_init_security()
(2021-10-20 08:17:08 -0400)
----------------------------------------------------------------
selinux/stable-5.16 PR 20211101
----------------------------------------------------------------
Casey Schaufler (1):
Smack: Brutalist io_uring support
Christian Göttsche (1):
selinux: enable genfscon labeling for securityfs
Florian Westphal (1):
selinux: remove unneeded ipv6 hook wrappers
Kees Cook (1):
LSM: Avoid warnings about potentially unused hook variables
Ondrej Mosnacek (1):
selinux: fix race condition when computing ocontext SIDs
Paul Moore (11):
audit: prepare audit_context for use in calling contexts beyond syscalls
audit,io_uring,io-wq: add some basic audit support to io_uring
audit: add filtering for io_uring records
fs: add anon_inode_getfile_secure() similar to anon_inode_getfd_secure()
io_uring: convert io_uring to the secure anon inode interface
lsm,io_uring: add LSM hooks to io_uring
selinux: add support for the io_uring access controls
selinux: remove the SELinux lockdown implementation
selinux: make better use of the nf_hook_state passed to the NF hooks
selinux: fix all of the W=1 build warnings
selinux: fix a sock regression in selinux_ip_postroute_compat()
Todd Kjos (3):
binder: use euid from cred instead of using task
binder: use cred instead of task for selinux checks
binder: use cred instead of task for getsecid
Vivek Goyal (1):
security: Return xattr name from security_dentry_init_security()
drivers/android/binder.c | 27 +--
drivers/android/binder_internal.h | 4 +
fs/anon_inodes.c | 29 +++
fs/ceph/xattr.c | 3 +-
fs/io-wq.c | 4 +
fs/io_uring.c | 69 +++++-
fs/nfs/nfs4proc.c | 3 +-
include/linux/anon_inodes.h | 4 +
include/linux/audit.h | 26 ++
include/linux/lsm_hook_defs.h | 22 +-
include/linux/lsm_hooks.h | 30 ++-
include/linux/security.h | 55 +++--
include/uapi/linux/audit.h | 4 +-
kernel/audit.h | 7 +-
kernel/audit_tree.c | 3 +-
kernel/audit_watch.c | 3 +-
kernel/auditfilter.c | 15 +-
kernel/auditsc.c | 468 +++++++++++++++++++++++++-----
security/security.c | 35 ++-
security/selinux/avc.c | 13 +-
security/selinux/hooks.c | 239 +++++++-----------
security/selinux/include/classmap.h | 4 +-
security/selinux/netlabel.c | 7 +-
security/selinux/netport.c | 2 +-
security/selinux/ss/hashtab.c | 1 +
security/selinux/ss/mls.c | 4 +
security/selinux/ss/services.c | 176 +++++++-------
security/smack/smack_lsm.c | 46 ++++
28 files changed, 882 insertions(+), 421 deletions(-)
--
paul moore
www.paul-moore.com
next reply other threads:[~2021-11-01 23:59 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-01 23:59 Paul Moore [this message]
2021-11-02 0:44 ` [GIT PULL] SELinux patches for v5.16 Linus Torvalds
2021-11-02 3:13 ` Paul Moore
2021-11-02 3:55 ` Linus Torvalds
2021-11-02 4:22 ` Linus Torvalds
2021-11-02 12:58 ` Paul Moore
2021-11-02 4:21 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHC9VhRJ=fHzMHM6tt8JqkZa4bf0h72CAytSX9YrEs14Oaj8SA@mail.gmail.com' \
--to=paul@paul-moore.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=selinux@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.