Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1037820imm; Thu, 6 Sep 2018 14:18:58 -0700 (PDT) X-Google-Smtp-Source: ANB0Vda/RPvLw/0I/M8JRf4QmKRniitz/Ibge5hwA6NkT+nmvyC8k2aw4BlZeMwjx25FPmKCDGXn X-Received: by 2002:a17:902:925:: with SMTP id 34-v6mr4755404plm.307.1536268738185; Thu, 06 Sep 2018 14:18:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536268738; cv=none; d=google.com; s=arc-20160816; b=TM0c2UIt5GcwnPfd1nOHOgDjhEiqAc0KMD2Ba7UFKspx3DreJ9mwQcniJx/hXJACqq HleR5Z4ngjAtOmF+yJydmX6MDrCvWzR/y6v0J1rOxqc+UiLpeg6ZBo/Az6vLBp/1LhlU AZMqF+Dvpf+tiVxrV+1W6dkLpbPCOxHzigea9EealHLxjyHEfgV+xUFB2vqLnEBxnqtv Qau9PJhBaywlgu5jwCKWQcfLCDAf+LLYYGnVNf9FQ3fbMRTdo33+KEjsDwMeaFfAurpb 7GU/RJHgJmtXaQeMZUGhB/HP01yjvx91I/5KdCXaJcdHlgTa9atkNM17udgSZlc7kfS4 coyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=Ix8JOal3+5B/3WhMiTQK7BYcXC6+HHq7ZyR5v3G12C8=; b=QbjuH0CP1GuW5lyqzSXKrX3DOtaCD3d27x114eRoPQfejNrNDZaLkAZgXZVt9P7E12 YXlkc/Oa++OJi6XXu1V+o5nvo7IB6G1QdV+tqbWdJ4mKbP0QzLRQRojuASfuUEII3OwK 8l/cQw4VJHNS9qXZP/YNu07sa1J4mwGqinCFgVK6m23Xa7xgglsKfWGc8hqp5SxtCR8s eCpubfKdHPMlDIZdq/1fRZfu+G4Mlo2SJIzB2joB1+4Scbq9hGfkU/cnpQXbsTqFGdEZ vNnP0hKSN5nfmRMf3oKbzyJsh0WPFjADAQNcdIxAE4Y0e6UZpIqvWBubR5Z/qkb86MiZ M+0Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=DVeVXRfB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h11-v6si6560570plk.141.2018.09.06.14.18.42; Thu, 06 Sep 2018 14:18:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=DVeVXRfB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729762AbeIGANR (ORCPT + 99 others); Thu, 6 Sep 2018 20:13:17 -0400 Received: from mail-pf1-f196.google.com ([209.85.210.196]:33728 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727529AbeIGANR (ORCPT ); Thu, 6 Sep 2018 20:13:17 -0400 Received: by mail-pf1-f196.google.com with SMTP id d4-v6so5792519pfn.0 for ; Thu, 06 Sep 2018 12:36:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Ix8JOal3+5B/3WhMiTQK7BYcXC6+HHq7ZyR5v3G12C8=; b=DVeVXRfBs2+8Kw3TTxoS6R0z0ONnxu3NmAxswlNeGZeLjZYl2v5v5mKhR/RUrWXNfr 1XJzi2Z9BghpV8SPYo93qX74+HT4CtPG/E8e+SLzMgQ8N7X4+EGaTZy33OxjTffOrF7T 26k4laCEsVgED4iCZHXhkS/2KqdExS9dapetcKwsxRQ1s74fXCdEmbgR5KehyqovDsO1 z5it6YUZSBRHWCwC9W6sV9+Fgrsep9gPfL2DTM+AhzpPzveBc0B1taWIGJokOq5PdyHt kiHwTek+1MervMHEeDuYdDa9QiOxvKZYFn9SJUzkPXRjOgge8k1uuKD+RCzSvXe3cxsu 8wRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Ix8JOal3+5B/3WhMiTQK7BYcXC6+HHq7ZyR5v3G12C8=; b=qlleJA4xdLELF8Nsk4beKGCeuuyPPYgbUrU+SwT7r5V3mMboDSp0LLUWvZD6/lWflB TkRGc5vWEW/vzp0Ty+Z2+BQy9mRXavCgPZZEEiBp9vHAByDIFGCbvI0pBCxfi2uCrqPT 4fYllkBIc/aoaPHOzDXEFcFHfIvAjbJR/YGjiFbtTTxlibNfbLNkspjFS0db6YzdS3sH 02AW5+ibv8QeTJYo3Ow40Mq+h4iWgWZ236Zu6oQ+C3lBCSkVaOjLGygG0MQRlRfUP8/F 6fViFz5OTxwYLXY0bbuxbMB7sxNSNHjFn0BUEcT2yT8c9NT14nEXp3YTcZQN+RiDkCkm TD2w== X-Gm-Message-State: APzg51BgXhFBasuwXKqWARwntn35gPMzSgBq80mGfhPAI8shHnpCtp3l g4N+hWiQk0jEZX2rQuSIt9gCGoKhX2a84ZTzGwRpEA== X-Received: by 2002:a63:5660:: with SMTP id g32-v6mr4297198pgm.227.1536262579086; Thu, 06 Sep 2018 12:36:19 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a17:90a:ac14:0:0:0:0 with HTTP; Thu, 6 Sep 2018 12:35:58 -0700 (PDT) In-Reply-To: References: <000000000000c178e305749daba4@google.com> <37aec45f-69ad-9705-21f1-64ee4ce4a772@tycho.nsa.gov> <9537a6ff-daf4-d572-bf93-68230909b68e@tycho.nsa.gov> <4b37e892-4d79-aefb-92ab-7753b89b8963@tycho.nsa.gov> <1ea19628-3bbe-2073-d623-824337c15ed6@tycho.nsa.gov> <6c9112a2-33f3-0c29-c944-1d129a0026e7@tycho.nsa.gov> From: Dmitry Vyukov Date: Thu, 6 Sep 2018 21:35:58 +0200 Message-ID: Subject: Re: WARNING in apparmor_secid_to_secctx To: Casey Schaufler Cc: Paul Moore , Stephen Smalley , syzbot , tyhicks@canonical.com, John Johansen , James Morris , LKML , linux-security-module@vger.kernel.org, Serge Hallyn , syzkaller-bugs , Jeffrey Vander Stoep , SELinux , Russell Coker , Laurent Bigonville Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 6, 2018 at 1:19 PM, Dmitry Vyukov wrote: > On Thu, Sep 6, 2018 at 12:59 PM, Dmitry Vyukov wrote: >> On Wed, Sep 5, 2018 at 7:37 PM, Casey Schaufler wrote: >>> On 9/5/2018 4:08 AM, Dmitry Vyukov wrote: >>>> Thanks! I've re-enabled selinux on syzbot: >>>> https://github.com/google/syzkaller/commit/196410e4f5665d4d2bf6c818d06f1c8d03cfa8cc >>>> Now we will have instances with apparmor and with selinux. >>> >>> Any chance we could get a Smack instance as well? >> >> Hi Casey, >> >> Sure! >> Provided you want to fix bugs ;) >> I've setup an instance with smack enabled: >> https://github.com/google/syzkaller/commit/0bb7a7eb8e0958c6fbe2d69615b9fae4af88c8ee > > > But just doing default things does not seem to find much. I guess > common paths through the hooks are well exercised already. > So perhaps if we do more non-trivial things, it can find more stuff. > But what are they? Adding/changing/removing xattr's? Which? What are > the values? Changing security contexts? How? What else? > selinux has own filesystem and we should touch some files there: > https://github.com/google/syzkaller/blob/master/sys/linux/selinux.txt > But we don't anything similar for other modules. First one that looks smack-specific: https://syzkaller.appspot.com/bug?id=9eda6092f146cb23cb9109f675a2e2cb743ee48b