Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp405344imm; Thu, 6 Sep 2018 04:30:31 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZgwQjAP6t1Wz9y4uAAQPp7LrsT873zXY/xJ38uMgmp5EXlDenI2jCiyFXF3jC4n7clAvp0 X-Received: by 2002:a17:902:32f:: with SMTP id 44-v6mr2147431pld.15.1536233431407; Thu, 06 Sep 2018 04:30:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536233431; cv=none; d=google.com; s=arc-20160816; b=aRc4YH///1zya/7X6Gx8/ZIriSkUpdqYFiMYphBljWFpQQN3gDHqs3mrxHdEJzvHiL KfbqehiH0UCJD6PLk3NWHwBWxk1ILIUtFjFeAM/fYY690+K72BuMKAxYfs8eNff7545b n2s4o52zYZ4+OTmGGh2sGM2F/1ry+KdLkzywGpqFlL+k3hAz+jSc/4oxgSqK6PWoH0BW 9UGtVQWoFp3n2Lg+nZqiUiMH+oCTyIiDRWlNsLLtjxW8whoaozherQ1uV1zJQ2XWNtaQ BGHZgRXh3VnlEtxqDFp3c02m2lgLPMKuEs9nUqCjzLBohi3SLjpi5fvTwSs63wyCbnwz G+QQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=zwO6JYpmwGP42vzVkOsx7sn91q9ORCEn+bx05q633ro=; b=l/x92ONZboWQ8z7tBSMImG+b+1R21nvshtIaExsK+FjT3GDmCPLEbc7aALFhZwbyDG cNHwVO7DtxBXtAspp/4Yx4B7m8MygMdo6UnKiXWVNtF+655BIrQRLstn7FeGBGpnOnwm Pf5j8MWVlxRUahRl4BUnhiAdL5FePFjT3CRNTJs4PJCOa3ifTuPWfpbpfFCnET4ilpVB 6eHJ7jyz3em6PBgsWgzlH3MvZQ/FZuNqqFv+gL5mzfpeNmQiaYI6D8V/depQKpINC+3i qVMrEynN/lgGvYhGkDQ1QlvT/3LE3XBtJzC6za57YkegpZ/j0ySiEo5lcs4nUkRoJgeh m7lw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="BrD+JN/z"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i135-v6si4918891pgc.154.2018.09.06.04.30.15; Thu, 06 Sep 2018 04:30:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="BrD+JN/z"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728246AbeIFPyv (ORCPT + 99 others); Thu, 6 Sep 2018 11:54:51 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:35676 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725918AbeIFPyv (ORCPT ); Thu, 6 Sep 2018 11:54:51 -0400 Received: by mail-pf1-f195.google.com with SMTP id p12-v6so5134263pfh.2 for ; Thu, 06 Sep 2018 04:19:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=zwO6JYpmwGP42vzVkOsx7sn91q9ORCEn+bx05q633ro=; b=BrD+JN/zbXett1ba+ymVxBxL1KRcoJEwwrrf28l1buzgr08mDc3TzncaSZBLo33Ddv 4lLHhSUJL3EXqwXPCnbMejztu57Rutt0l0nHWIQiWatYyZhajagUEn8jfmfl+ai4mTHS scFMRuET1WkN3L+8wiWUDIXzHEYNHC/afLHp98ifjA/JH3PnpyLx9g3MvcMRZ2RWAgH+ pz9Vz9+YEWcsX+soIJ03XmOwC7ggH+/qNPj7xqCDwJr2T/8cS/79m/asEKKHvlvu38HE 2wS2gv4F/63lgkj3r/4REgU1gEY3x7vqigrFSH8Z20bCL6po19wtcHuQd5UUkAkVHWFf lyvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=zwO6JYpmwGP42vzVkOsx7sn91q9ORCEn+bx05q633ro=; b=Wz3tet7WInfatl3wBqUNGOuMP1AkSAjpvcvcXY6W8KciBkVheJ9yK/BAME/u0zdOnW q+xoMacIGajE5l0ev60/giGRDWfJcrm7zqGiNTSDf/CdAtXePRn2SUzQe4MEamtlqKcA XZoHliJs6MtfREAzG/emEiHcJP7QaWm6YtSMVjfVMC//sooLOX7uOcWd0Epr6J/a5qcz 1+DkihfJK0xpdbmjsH8GuyPD1foyrHYbvOgKM50diLK7iKVYGdumb75aC/Ol46NR6GCf 7Tc07S5UkbRVg6cmgWFu4E6ftiJp+wYN4l+6dqE0pQU2ZzfritWU68Cw0Lri4mG2103h E+4g== X-Gm-Message-State: APzg51D0gHf+q9x5eKOOhXUDA6F3jwNU36VgJrXh8rh44MhbHVvC/vXT TZ0kGYyJ+BnBlSbBzi1SXRvkBTTEKgysC35ZtxopCA== X-Received: by 2002:a62:71c4:: with SMTP id m187-v6mr2282117pfc.232.1536232791958; Thu, 06 Sep 2018 04:19:51 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a17:90a:ac14:0:0:0:0 with HTTP; Thu, 6 Sep 2018 04:19:31 -0700 (PDT) In-Reply-To: References: <000000000000c178e305749daba4@google.com> <37aec45f-69ad-9705-21f1-64ee4ce4a772@tycho.nsa.gov> <9537a6ff-daf4-d572-bf93-68230909b68e@tycho.nsa.gov> <4b37e892-4d79-aefb-92ab-7753b89b8963@tycho.nsa.gov> <1ea19628-3bbe-2073-d623-824337c15ed6@tycho.nsa.gov> <6c9112a2-33f3-0c29-c944-1d129a0026e7@tycho.nsa.gov> From: Dmitry Vyukov Date: Thu, 6 Sep 2018 13:19:31 +0200 Message-ID: Subject: Re: WARNING in apparmor_secid_to_secctx To: Casey Schaufler Cc: Paul Moore , Stephen Smalley , syzbot , tyhicks@canonical.com, John Johansen , James Morris , LKML , linux-security-module@vger.kernel.org, Serge Hallyn , syzkaller-bugs , Jeffrey Vander Stoep , SELinux , Russell Coker , Laurent Bigonville Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 6, 2018 at 12:59 PM, Dmitry Vyukov wrote: > On Wed, Sep 5, 2018 at 7:37 PM, Casey Schaufler wrote: >> On 9/5/2018 4:08 AM, Dmitry Vyukov wrote: >>> Thanks! I've re-enabled selinux on syzbot: >>> https://github.com/google/syzkaller/commit/196410e4f5665d4d2bf6c818d06f1c8d03cfa8cc >>> Now we will have instances with apparmor and with selinux. >> >> Any chance we could get a Smack instance as well? > > Hi Casey, > > Sure! > Provided you want to fix bugs ;) > I've setup an instance with smack enabled: > https://github.com/google/syzkaller/commit/0bb7a7eb8e0958c6fbe2d69615b9fae4af88c8ee But just doing default things does not seem to find much. I guess common paths through the hooks are well exercised already. So perhaps if we do more non-trivial things, it can find more stuff. But what are they? Adding/changing/removing xattr's? Which? What are the values? Changing security contexts? How? What else? selinux has own filesystem and we should touch some files there: https://github.com/google/syzkaller/blob/master/sys/linux/selinux.txt But we don't anything similar for other modules.